Problem LDAP connection to Domain Controller

Hi,

We have an issue to bind our AWS EC2 gitlab to a new domain controller.(It’s still working with another Domain controller without SSL/TLS).

We tried telnet command to the new domain controller to bind, and we got no problem to reach it.

We tried to use different TLS version and SSL version like : SSLv3 till TLSv1_2, TLSv1_3 is not supported and also the user used in parameter bind_dn is not locked.

We got the error below :

Could not authenticate you from Ldapmain because "Invalid credentials

The ldap part of our gitlab.rb is :

gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘prevent_ldap_sign_in’] = false
gitlab_rails[‘ldap_servers’] = {
‘main’ => {
‘label’ => ‘GitLab.AD’,
‘host’ => ‘xxxxxx’,
‘port’ => 636,
‘uid’ => ‘sAMAccountName’,
‘encryption’ => ‘simple_tls’,
‘verify_certificates’ => true,
‘bind_dn’ => ‘CN=xxxxx’,
‘password’ => ‘xxxxxxx’,
‘timeout’ => 10,
‘active_directory’ => true,
‘allow_username_or_email_login’ => true,
‘block_auto_created_users’ => false,
‘base’ => ‘dc=xxx,dc=xxx,dc=xxx’,
‘tls_options’ => {
‘ca_file’ => ‘/etc/pki/tls/certs/ca-bundle.trust.crt’
},
‘user_filter’ => ‘memberOf:1.2.840.113556.1.4.1941:=CN=xxxx’,
‘attributes’ => {
‘username’ => [‘uid’, ‘userid’, ‘sAMAccountName’],
‘email’ => [‘mail’, ‘email’, ‘userPrincipalName’],
‘name’ => ‘cn’,
‘first_name’ => ‘givenName’,
‘last_name’ => ‘sn’
},
‘lowercase_usernames’ => false,

EE Only

‘group_base’ => ‘OU=xxxxx’,
‘admin_group’ => ‘memberof=CN=xxxxx’,
‘external_groups’ => ,
‘sync_ssh_keys’ => false
}
}

The ldapsearch worked fine with them parameters :

ldapsearch -v -H ldaps://xxxxxx:636 -D “CN=xxxxxx” -b “CN=xxxxxx” -W -Z

Could you help us ?

Thank you very much.

Best,