Stuggling here, with the user filter, we’ve installed Omnibus Gitlab, all is working well with it searching Actice Directory, and responds well with
sudo gitlab-rake gitlab:ldap:check
and reports users and groups, before we apply a filter
BUT, we would like it to Authorize only a specific Group, e.g. GitLab User
gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘ldap_servers’] = YAML.load <<-EOS
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘ActiveDirectory’
host: ‘dc2.not.doc.hall.co.uk’
port: 389
uid: ‘sAMAccountName’
method: ‘plain’ # “tls” or “ssl” or “plain”
bind_dn: ‘CN=LDAP-Search,CN=Users,DC=not,DC=doc,DC=hall,DC=co,DC=uk’
password: ‘password’
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ‘OU=NET Groups,DC=not,DC=doc,DC=hall,DC=co,DC=uk’
user_filter: ‘(&(objectClass=user)(|(memberOf:1.2.840.113556.1.4.1941:=CN=GitLab User,OU=NOT Groups,DC=not,DC=doc,DC=hall,DC=co,DC=uk)))’
the above does not show any users, if we remove the user filter it does show all users and groups of NOT Groups.
Any ideas what the filter should be so I can tick this bit off.