LDAP Authentication issues

networker · January 11, 2018, 3:35pm

Hi, I have an issue with the following LDAP configuration, I replaced confidential elements by letters like aaaaaaa:

LDAP Settings

###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! Be careful not to break the indentation in the ldap_servers block. It is
###! in yaml format and the spaces must be retained. Using tabs will not work.

gitlab_rails[‘ldap_enabled’] = true

###! remember to close this block with ‘EOS’ below
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘LDAP’
host: ‘bbbbbbbb’
port: 636
uid: ‘aaaaaaaa’
bind_dn: ‘uid=aaaaaaaa,ou=apps,dc=ggg,dc=ffffffff,dc=com’
password: ‘cccccccc’
encryption: ‘simple_tls’
verify_certificates: true
base: ‘ou=people,dc=ggg,dc=ffffffff,dc=com’
user_filter: ‘’
EOS

Which returns invalid credentials and the debug ouput gives me no user:

gitlab-rake gitlab:ldap:check --trace
** Invoke gitlab:ldap:check (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute gitlab:ldap:check
Checking LDAP …

Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP … Finished

While the same ldapsearch works fine and I can retrieve all the users:

ldapsearch -D uid=aaaaaaaa,ou=apps,dc=ggg,dc=ffffffff,dc=com -Z -H ldaps://bbbbbbbb:636 -b ou=people,dc=ggg,dc=ffffffff,dc=com -w cccccccc

Many thanks for your help.

P.S: I am using the latest version of gitlab-ee with no license and openldap.

networker · January 12, 2018, 5:26pm

Hi, an update I managed to get further by checking the log at the LDAP server, I had to remove the uid parameter on gitlab.rb but now I have another issue with invalid syntax seems to be related with user_filter. I tried with nothing and with a specific gid but still the same issue. Here’s the trace:

gitlab-rake gitlab:ldap:check

Checking LDAP …

Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
rake aborted!
TypeError: nil is not a symbol nor a string
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:35:in block in users' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:34:in select’
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:34:in users' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:364:in block (2 levels) in check_ldap’
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:14:in block in open' /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/adapter.rb:13:in open’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:359:in block in check_ldap' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:355:in each’
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:355:in check_ldap' /opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/check.rake:344:in block (3 levels) in <top (required)>’
/opt/gitlab/embedded/bin/bundle:23:in load' /opt/gitlab/embedded/bin/bundle:23:in ’
Tasks: TOP => gitlab:ldap:check
(See full trace by running task with --trace)

networker · January 13, 2018, 10:52am

Issue solved by adding uid: ‘uid’ in my gitlab.rb config file.

rohitjaiswal · June 16, 2018, 7:26pm

Can you share me the steps for configuring active directory with gitlab?

Serrovsky · August 12, 2019, 12:22pm

@rohitjaiswal I change my uid field to mail and solved my problem