Hi,
I am using the following gitlab version
gitlab-rake gitlab:env:info
System information
System:
Proxy: no
Current User: git
Using RVM: no
Ruby Version: 2.3.7p456
Gem Version: 2.6.14
Bundler Version:1.13.7
Rake Version: 12.3.1
Redis Version: 3.2.11
Git Version: 2.16.3
Sidekiq Version:5.0.5
Go Version: unknown
GitLab information
Version: 10.8.0-ee
Revision: caa6172
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
DB Version: 9.6.8
URL: http://gitlab.ip-spotlight.aorta.net
HTTP Clone URL: http://gitlab.ip-spotlight.xxx.xxx/some-group/some-project.git
SSH Clone URL: git@gitlab.ip-spotlight.xxx.xxx:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: no
GitLab Shell
Version: 7.1.2
Repository storage paths:
- default: /data/ip-spotlight/gitlab/git-data/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/git
Full information about LDAP infrastructure and users and groups can be found here:
...: _LDAP_GROUP_SEARCH_BASE = "ou=ip-spotlight,ou=xxx,ou=xxx,dc=xxx,dc=xxx"
In [11]: part = "gitlab"
In [12]: conn.search('cn={},{}'.format(part,_LDAP_GROUP_SEARCH_BASE), '(objectclass=*)', attributes=['*'])
Out[12]: True
In [13]: conn.entries
Out[13]:
[DN: cn=gitlab,ou=ip-spotlight,ou=xxx,ou=xxx,dc=xxx,dc=xxx - STATUS: Read - READ TIME: 2018-05-24T16:07:15.687797
cn: gitlab
description: gitlab
gidNumber: 9999
member: uid=nskalis,ou=people,dc=xxx,dc=xxx
objectClass: top
aaa
bbb
posixGroup
groupOfNames
uimEntryOwner: cn=xxx,ou=xxx,dc=xxx,dc=xxx
uimSecurityOwner: cn=xxx,ou=xxx,dc=xxx,dc=xxx]
And the related LDAP config in gitlab.rb
is:
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'UIM'
host: 'x.x.x.x'
port: 636
uid: 'sAMAccountName'
bind_dn: 'uid=IP-spotlight,ou=xxx,dc=xxx,dc=xxx'
password: 'xxx'
encryption: 'simple_tls'
verify_certificates: false
active_directory: false
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: true
base: 'ou=people,dc=xxx,dc=xxx'
user_filter: '(memberOf=cn=gitlab,ou=ip-spotlight,ou=xxx,ou=xxx,dc=xxx,dc=xxx)'
## EE only
group_base: 'ou=ip-spotlight,ou=xxx,ou=xxx,dc=xxx,dc=xxx'
# admin_group: 'cn=gitlab,ou=ip-spotlight,ou=xxx,ou=xxx,dc=xxx,dc=xxx'
sync_ssh_keys: false
The issue is that the gitlab
LDAP group stores user DN’s (of members) in an attribute called member
. So I need to find a way to configure lookups as such.
The uid match for the people tree looks fine.
When I am checking the LDAP group gitlab
based on my gitlab config I get no members, while I should get myself nskalis
# gitlab-rake gitlab:ldap:check
Checking LDAP ...
Server: ldapmain
not verifying SSL hostname of LDAPS server '172.31.133.12:636'
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP ... Finished
Could you please advise how I can map my username (nskalis
) to the ldap group gitlab
?