LDAP Authentication Error: User specified timeout

I am having an issue with LDAP authentication. Our gitlab-ce installation is self-hosted in a docker container. The issue started when I updated Ubuntu via apt update/upgrade. I started getting the error listed in the screenshot below:

I went ahead and updated the gitlab container thinking that it might fix the issue, but the same error applies.

This is on our development server - the production server running older versions of ubuntu and gitlab works fine.

Here is some additional information in hopes that someone else is having a similar issue.

$ uname -a
Linux BDCD-GITLAB01 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ sudo docker exec -t gitlab gitlab-rake gitlab:ldap:check --trace
** Invoke gitlab:ldap:check (first_time)
** Invoke gitlab_environment (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute gitlab_environment
** Execute gitlab:ldap:check
Checking LDAP …

Server: ldapmain
rake aborted!
Net::LDAP::Error: Connection timed out - user specified timeout
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap/connection.rb:72:in open_connection' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap/connection.rb:698:insocket’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:1321:in new_connection' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:713:inblock in open’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap/instrumentation.rb:19:in instrument' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:711:inopen’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap.rb:644:in open' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/ldap/adapter.rb:13:inopen’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:262:in block in check_ldap' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:258:ineach’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:258:in check_ldap' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:247:inblock (3 levels) in <top (required)>’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:271:in block in execute' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:271:ineach’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:271:in execute' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:213:inblock in invoke_with_call_chain’
/opt/gitlab/embedded/lib/ruby/2.4.0/monitor.rb:214:in mon_synchronize' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:193:ininvoke_with_call_chain’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/task.rb:182:in invoke' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:160:ininvoke_task’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:116:in block (2 levels) in top_level' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:116:ineach’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:116:in block in top_level' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:125:inrun_with_threads’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:110:in top_level' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:83:inblock in run’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:186:in standard_exception_handling' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/lib/rake/application.rb:80:inrun’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/rake-12.3.1/exe/rake:27:in <top (required)>' /opt/gitlab/embedded/bin/rake:23:inload’
/opt/gitlab/embedded/bin/rake:23:in <top (required)>' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli/exec.rb:74:inload’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli/exec.rb:74:in kernel_load' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli/exec.rb:28:inrun’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli.rb:424:in exec' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/vendor/thor/lib/thor/command.rb:27:inrun’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in invoke_command' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/vendor/thor/lib/thor.rb:387:indispatch’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli.rb:27:in dispatch' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/vendor/thor/lib/thor/base.rb:466:instart’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/cli.rb:18:in start' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/exe/bundle:30:inblock in <top (required)>’
/opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/lib/bundler/friendly_errors.rb:124:in with_friendly_errors' /opt/gitlab/embedded/lib/ruby/gems/2.4.0/gems/bundler-1.16.6/exe/bundle:22:in<top (required)>’
/opt/gitlab/embedded/bin/bundle:23:in load' /opt/gitlab/embedded/bin/bundle:23:in
Tasks: TOP => gitlab:ldap:check

$ sudo docker exec -t gitlab gitlab-rake gitlab:env:info

System information
System:
Current User: git
Using RVM: no
Ruby Version: 2.4.5p335
Gem Version: 2.7.6
Bundler Version:1.16.6
Rake Version: 12.3.1
Redis Version: 3.2.12
Git Version: 2.18.1
Sidekiq Version:5.2.1
Go Version: unknown

GitLab information
Version: 11.5.4
Revision: 315df49
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: https://sas-gitlab-dev.xxx.com
HTTP Clone URL: https://sas-gitlab-dev.xxx.com/some-group/some-project.git
SSH Clone URL: git@sas-gitlab-dev.xxx.com:some-group/some-project.git
Using LDAP: yes
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version: 8.4.1
Repository storage paths:

  • default: /var/opt/gitlab/git-data/repositories
    Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
    Git: /opt/gitlab/embedded/bin/git

gitlab.rb:

gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘LDAP’
host: ‘xxx.com
port: 389
uid: ‘userPrincipalName’
bind_dn: ‘CN=SAS_LDAP Account,OU=Service Accounts,DC=xxx,DC=com’
password: ‘xxx’
encryption: ‘plain’ # “start_tls” or “simple_tls” or “plain”
verify_certificates: true
ca_cert: ‘’
ssl_version: ‘’
timeout: 10
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ‘DC=xxx,DC=com’
user_filter: ‘’
attributes:
username: [‘uid’, ‘userid’, ‘sAMAccountName’]
email: [‘mail’, ‘email’, ‘userPrincipalName’]
name: ‘cn’
first_name: ‘givenName’
last_name: ‘sn’
EOS

I have tried changing “verify_certificates” to “false” with the same error. I believe that it has something to do with either the docker distribution or the ubuntu update since it also failed with gitlab 11.2.3.

If anyone has similar issues of found a fix, I’d appreciate a reply - thanks.

1 Like

Did you ever managed to get this fixed?

No, I have not - I have tried a few more diagnostics with LDAP but it seems to be working properly. If you have similar symptoms please post more info and I’ll dig into it again.

I got the ‘connection timeout’ error only because I typed in the wrong port number. I notice you’re using 389 rather than 636, which active directory LDAPs uses.
Im not using docker, but the settings that worked for me are
port: 636
encryption: ‘simple_tls’
verify_certificates: false

Primevr,

I made the changes and still get the same error - but I appreciate the try

It’s very strange - our production server runs fine with the same gitlab.rb but we patched the Ubuntu distro for the dev server in December and it broke the gitlab container - since docker has all the software in the container, the OS shouldn’t impact it, but it has in this case.

I’ll keep digging…thanks for the help.

So, my colleague and I finally figured this one out. Turns out that the DNS servers in the Docker container were not being updated properly with the host DNS server entries. We added DNS entries in our docker command to force the correct DNS entries in the container. Here is our startup command now:

sudo docker run --detach
–hostname gitlab.xxxxx.com
–publish 443:443 --publish 80:80 --publish 22:22
–name gitlab
–restart always
–dns=10.XXX.3.10 --dns=10.YYY.3.10
–volume /srv/gitlab/config:/etc/gitlab
–volume /srv/gitlab/logs:/var/log/gitlab
–volume /srv/gitlab/data:/var/opt/gitlab
gitlab/gitlab-ce:latest

Hopefully someone else will see this and maybe this will save them some digging around.