[Solved] Gitlab.rb LDAP YAML formatting

I’m attempting to enable LDAP on Omnibus 7.10.4. After uploading the .rb file change and reconfiguring the server, I get a 500 error when attempting a login with my AD account.

Here is the LDAP section, is there something incorrectly formatted? Where are the logs for LDAP located?

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
 main:
     label: 'LDAP'
     host: 'query.subdomain.subdomain.com'
     port: 389
     uid: 'sAMAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: ''
     password: ''
     active_directory: true
     allow_username_or_email_login: true
EOS

Most probably, you need to provide a bind DN and a user that is allowed to read sAMAccountName.
Also. I do not have single quotes around EOS.

This works for me:

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: '10.0.87.27'
    port: 636
    uid: 'sAMAccountName'
    method: 'ssl' # "tls" or "ssl" or "plain"
    bind_dn: 'your_bind_dn_here'
    password: 'your_password_for_the_binding_user_here'
    active_directory: true
    allow_username_or_email_login: false
    base: 'DC=example,DC=com'
    user_filter: ''
EOS

Thanks @kampfflunder, I no longer receive a 500 error but Could not authorize you from Ldapmain because “Invalid credentials”. I assume I have a setting that is incorrect in my bind_dn or password.

I do have a bind_dn and password but left them as ‘’ in my post.

Since you use plain LDAP, you could tcpdump/wireshark the connection to the LDAP Server to see what happens. Or use ldapsearch with the bind dn and the password (ldapsearch is a PITA) for testing.

I discovered that the settings under “main” were indented too far, they had 4 spaces instead of 2. Fixing that made the changes in your first post work. I’m now able to login using LDAP, thanks a bunch!