I am trying to set up GitLab 13.2.4-ee to use LDAP for our AD users however I am not able to make this work. The server we are using is currently connected to the domain. I can ping the domain controller from the server hosting GitLab. And I can locate the domain controller on the server hosting GitLab using nslookup.
"
Below is my ldap configuration in the gitlab.rb file:
gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘prevent_ldap_sign_in’] = false
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘DomainName’
host: ‘ServerName.domain.com’
port: 389
uid: ‘sAMAccountName’
bind_dn: ‘#####\testUser’
password: ‘###########’
encryption: ‘plain’ # “start_tls” or “simple_tls” or “plain”
verify_certificates: no
smartcard_auth: false
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: false
block_auto_created_users: false
base: ‘OU=#####,OU=####,OU=##########,DC=##,DC=#######,DC=####,DC=###’
user_filter: ‘’
## EE only
group_base: ‘’
admin_group: ‘’
sync_ssh_keys: false
EOS
"
After updating the file I ran the command “gitlab-ctl reconfig” to apply the changes made in the file.I then tested it by having a user try to log in with their domain account. However, they were unable to login to GitLab.
Below is from the GitLab production.log file:
"
8137 Started POST “/users/sign_in” for 10.2.60.9 at 2020-08-17 09:13:20 -0400
8138 Processing by SessionsController#create as HTML
8139 Parameters: {“utf8”=>“✓”, “authenticity_token”=>“[FILTERED]”, “user”=>{“login”=>“domain.user”, “password “=>”[FILTERED]”, “remember_me”=>“1”}}
8140 Completed 401 Unauthorized in 37ms (ActiveRecord: 3.1ms | Elasticsearch: 0.0ms | Allocations: 5160)
"
I then tested the connection to the ldap server again by running the ldap command below, using the same user and password listed in the gitlab.rb file:
ldapsearch -D “Domain\domain.user” \ -w ‘domain.password’ -p 389 -h domain.server.domain-name.com \ -b “OU=####,OU=####,OU=####,DC=####,DC=####,DC=####,DC=com” -s sub “(objectclass=*)”
Below are the results of running the ldap command:
extended LDIF
LDAPv3
base <> (default) with scope subtree
filter: (objectclass=)
requesting: -w domain.password -b
OU=####,OU=####,OU=####,DC=####,DC=####,DC=####,DC=com (objectclass=)
search result
search: 2
result: 1 Operations error
text: 000004DC: LdapErr: DSID-0C090A6C, comment: In order to perform this opera
tion a successful bind must be completed on the connection., data 0, v3839
I am not sure why the message is saying that there is no successful bind or how to test and resolve this issue. Any help would be appreciated.