Migrating to new ldap server with different structure

Hi there,

I tried to change to our new ldap-server and ran into the following error:

LDAP account “uid=foo,ou=people,dc=example,dc=com” does not exist anymore, blocking GitLab user “foo” (foo@example.com)

That’s right, the structure of the ldap tree is different. Now it is: uid=foo,cn=users,cn=accounts,dc=example2,dc=tld

How can I modify the usernames, so they match with the new ldap-server?

Hello @hboetes, thanks for joining the GitLab Forum!

Have you seen this issue? It looks like a similiar case, feel free to leave your comment there as well. Also this may provide some more info.

1 Like

Hello @dsumenkovic, Thanks for your suggestions. Alas, both don’t apply to my situation. In those cases the LDAP server is not accessible. In my case I changed to another LDAP server entirely. Hence, my question:

Where can I change the suffix of the username, so they match the new LDAP server?

bump!

The right table is identities; You can check it with:

sudo gitlab-psql -d gitlabhq_production
select * from identities;

For anyone running into this very situation, you will have to update your gitlab.rb to match the new authentication server and then run gitlab-ctl reconfigure of course.

The magical postgres code to search and replace in a table is:

update identities
set extern_uid = replace(
    extern_uid,
    'ou=people,dc=example,dc=org',  #old base
    'cn=users,cn=accounts,dc=example,dc=com'  #new base
);
1 Like