LDAP issues with Active Directory

Stuggling here, with the user filter, we’ve installed Omnibus Gitlab, all is working well with it searching Actice Directory, and responds well with

sudo gitlab-rake gitlab:ldap:check

and reports users and groups, before we apply a filter

BUT, we would like it to Authorize only a specific Group, e.g. GitLab User

gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘ldap_servers’] = YAML.load <<-EOS
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘ActiveDirectory’
host: ‘dc2.not.doc.hall.co.uk
port: 389
uid: ‘sAMAccountName’
method: ‘plain’ # “tls” or “ssl” or “plain”
bind_dn: ‘CN=LDAP-Search,CN=Users,DC=not,DC=doc,DC=hall,DC=co,DC=uk’
password: ‘password’
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ‘OU=NET Groups,DC=not,DC=doc,DC=hall,DC=co,DC=uk’
user_filter: ‘(&(objectClass=user)(|(memberOf:1.2.840.113556.1.4.1941:=CN=GitLab User,OU=NOT Groups,DC=not,DC=doc,DC=hall,DC=co,DC=uk)))’

the above does not show any users, if we remove the user filter it does show all users and groups of NOT Groups.

Any ideas what the filter should be so I can tick this bit off.

hello ,
I have the same problem with you,At present the results of the test, you must use the larger permissions to the account to query windows ad,I use domain admin account then memberof Will be normal。