LDAP and Gitlab

How to Use GitLab Self-managed
1

I want to connect to an LDAP-Server
i get the following error with command gitlab-rake gitlab:ldap:check --trace

** Invoke gitlab:ldap:check (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute gitlab:ldap:check
Checking LDAP …

Server: ldapmain
rake aborted!
Net::LDAP::NoBindResultError: no bind result
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap/auth_adapter/simple.rb:26:in bind' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap/connection.rb:278:in block in bind’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap/instrumentation.rb:19:in instrument' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap/connection.rb:275:in bind’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:715:in block in open' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap/instrumentation.rb:19:in instrument’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:711:in open' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:644:in open’
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:7:in open' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:356:in block in check_ldap’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:352:in each' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:352:in check_ldap’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:341:in block (3 levels) in <top (required)>' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:251:in block in execute’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:251:in each' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:251:in execute’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:195:in block in invoke_with_call_chain' /opt/gitlab/embedded/lib/ruby/2.3.0/monitor.rb:214:in mon_synchronize’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:188:in invoke_with_call_chain' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/task.rb:181:in invoke’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:153:in invoke_task' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:109:in block (2 levels) in top_level’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:109:in each' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:109:in block in top_level’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:118:in run_with_threads' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:103:in top_level’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:81:in block in run' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:179:in standard_exception_handling’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/lib/rake/application.rb:78:in run' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/rake-12.1.0/exe/rake:27:in <top (required)>’
/opt/gitlab/embedded/bin/rake:23:in load' /opt/gitlab/embedded/bin/rake:23:in <top (required)>’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli/exec.rb:74:in load' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli/exec.rb:74:in kernel_load’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli/exec.rb:27:in run' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli.rb:332:in exec’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/command.rb:27:in run' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in invoke_command’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor.rb:359:in dispatch' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli.rb:20:in dispatch’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/base.rb:440:in start' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/cli.rb:11:in start’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/exe/bundle:34:in block in <top (required)>' /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/lib/bundler/friendly_errors.rb:100:in with_friendly_errors’
/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/bundler-1.13.7/exe/bundle:26:in <top (required)>' /opt/gitlab/embedded/bin/bundle:23:in load’
/opt/gitlab/embedded/bin/bundle:23:in `’
Tasks: TOP => gitlab:ldap:check

My /etc/gitlab/gitlab.rb is:
gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘ldap_host’] = ‘<host.fqdn.de>’
gitlab_rails[‘ldap_port’] = 636
#gitlab_rails[‘uid’] = ‘uid’
#gitlab_rails[‘ldap_uid’] = ‘sAMAccountName’
gitlab_rails[‘ldap_method’] = ‘plain’
#gitlab_rails[‘ldap_bind_dn’] = nil
#gitlab_rails[‘ldap_password’] = ‘’
gitlab_rails[‘ldap_allow_username_or_email_login’] = false
gitlab_rails[‘ldap_base’] = ‘dc=informatik,dc=sgi’

At LDAP is anonymous connect possible:
ldapsearch -H ldaps://<host.fqdn.de> -x -LLL -s base -b “” namingContexts
dn:
namingContexts: dc=informatik,dc=sgi

What make i wrong?
Is there a possibility to debug better?

2

Yes, to connect anonymous user through ldap is possible but it depends on your ldap server.
I would need below information for further clarification to solve your issue:

  1. GitLab Version
    a. Use command -

gitlab-rake gitlab:env:info

  1. LDAP tool you are using, its version?
    a. Like OpenLDAP, OpenDS, Redhat Directory Server

  2. LDAP status if possible, its attributes.

In OpenDJ, the anonymous binding with the LDAP backend is enabled by default. However, for an anoymous user to be able to perfrom the read operation on all the LDAP attributes in that backend, an ACI (Access Control instruction) has to be defined.
Below is the command to define an ACI to allow read, search and compare operations on all the attributes except the passwords.

[root@opendj bin]# ./dsconfig set-access-control-handler-prop --add global-aci:‘(target =“ldap:///dc=nec,dc=com”)(targetattr !=“authPassword || userPassword”)(version 3.0;acl “Anonymous read-search access”; allow (read, search, compare)(userdn = “ldap:///anyone”);)’ --port 4444 --bindDN “cn=Directory Manager” --bindPassword Opendj123 --trustAll --no-prompt

3

Hi, have you solved that issue? I get “No bind result” error too…

4

here is my active directory config that works fine for me

   gitlab_rails['ldap_enabled'] = true

    gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
     main:
      label: 'ActiveDirectory'
      host: 'dc01'
      port: 389 #Change to 636 if using LDAPS
      method: 'plain' # Change to "tls" if using LDAPS
      uid: 'sAMAccountName' # Don't change this
      bind_dn: 'CN=gitlab,OU=application,OU=operators,DC=example,DC=mydomain'
      password: '1234567'
      timeout: 10
      active_directory: true
      allow_username_or_email_login: false
      block_auto_created_users: false
      base: 'DC=example,DC=mydomain'
      # Optional: the next line specifies that only members of the user group "gitlab-users" can authenticate to Gitlab:
      user_filter: '(memberOf=CN=Gitlab,OU=application,OU=dev,OU=Groups,OU=company,DC=example,DC=mydomain)'



    EOS