Need help troubleshooting LDAP authentication

Hello all,
(centos 6.6, community edition, v7.7.0)

I have a strange issue with LDAP (AD) authentication, and looking for some advice on how to troubleshoot.

Most of my end-users are logging in just fine, so LDAP seems to be working. For 2 users, LDAP authentication fails.

I ran through the LDAP rake test, and also am successful using ldapsearch to pull data, including data on the 2 affected users. When I try to log into gitlab it fails, and the production.log prints the message:
LDAP search error: No Such Object
But I cannot figure out why it wont fine these user objects. All user objects are in the same OU and below. I’m not doing any exotic filtering. I also tried removing the user_filter configuration entirely with the same result. The one user login is my own and I’m domain admin, and my user sits in the same exact OU as all the other working accounts, so I can’t quite figure out what the issue is.

The only thing I can think of is that my account was once in a different OU and recently consolidated into a common OU with everyone else.

Any pointers on this you can suggest would be most appreciated.


Turns out our gitlab has a cache of LDAP account paths. We recently moved a few people around in AD, and this caused gitlab’s cached account name to become invalid. Moving the AD accounts back resolved the immediate issue.

Unsure if our old version supports the LDAP sync process, but I think we’ll try to upgrade first before attempting any new configurations.

This is pretty odd behavior. I can’t think of any other software or device that caches data like this can fails logins if AD objects are moved around.