LDAP is a pain to setup because there are so many different server configurations... Post the relevant section of your gitlab.rb to make it easier for us to help.
When I was setting up LDAP (AD, actually), I used ldapsearch to test different parameter combinations, and then converted these params to Gitlab options like this: ldapsearch -x -LLL -H ldap://$HOST -D $BIND_DN -W -b $BASE "($UID=$USER_LOGIN)" Where $USER_LOGIN is the login you'll be typing into GitLab's login form. I had to fiddle with the BIND_DN, BASE and UID until I could make it work, then I used these values in gitlab.rb LDAP config. I use an unqualified login (ie. "dserodio"), so maybe you'll have to change the value of the "allow_username_or_email_login" config too. HTH, Daniel Serodio On Thursday, March 5, 2015 at 7:52:52 PM UTC-3, Walter Boring wrote: > > After a long battle, I'm able to get gitlab to connect to my LDAP server. > > > But now, I'm getting invalid credentials everytime I try and auth a new > user. > > I can run RAILS_ENV=production gitlab-rake -v --trace gitlab:ldap:check > > and I get users listed just fine. > > The problem I have now is that when I try and login with my LDAP > credentials, I get Invalid Credentials. > > I have verified that the credentials are correct (email addy, password) > I'm curious as to what gitlab is sending to the LDAP server to try the > auth. > > I know the LDAP username has to be formatted in > uid=<email address>,ou=People,o=foo.com > > when I tail the logs with "gitlab-ctl tail" I see > ==> /var/log/gitlab/unicorn/unicorn_stdout.log <== > I, [2015-03-05T14:50:55.187926 #22730] INFO -- omniauth: (ldapmain) > Callback phase initiated. > E, [2015-03-05T14:51:05.510018 #22730] ERROR -- omniauth: (ldapmain) > Authentication failure! invalid_credentials encountered. > > ==> /var/log/gitlab/gitlab-rails/production.log <== > Processing by OmniauthCallbacksController#failure as HTML > Parameters: {"utf8"=>"✓", > "authenticity_token"=>"qhXx+IXl7WYUFxmxmGvlqD+SDUnF/mEzEFfaOZnJ76Q=", > "username"=>"walter...@foo.com <javascript:>", "password"=>"[FILTERED]"} > > If that is the username that's sent to LDAP for bind/auth, it will never > work. it has to be in the format of > "uid=walter...@foo.com <javascript:>,ou=People,o=foo.com" > > > Walt > > > On Thursday, March 5, 2015 at 10:26:41 AM UTC-8, Walter Boring wrote: >> >> I'm trying to debug my LDAP config issues with the latest gitlab. >> >> I know nothing about ruby and all it's confusion of how it works, so I'm >> probably doing something crazy stupid wrt to rubyness. >> >> Anyways, I installed the latest from https://about.gitlab.com/downloads/ >> on ubuntu 14.04. >> >> I then followed the instructions here: >> https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/integration/ldap.md >> to setup LDAP. >> >> But LDAP auth is failing, and I am trying to figure out how to debug it. >> I tried follwing the testing of LDAP config here: >> https://gitlab.com/gitlab-org/gitlab-ce/issues/615 >> >> Running "sudo -u git -H bundle exec rake gitlab:ldap:check >> RAILS_ENV=production" yields some confusing ruby output that is less than >> helpful, to say the least. >> >> >> root@test-gitlab-vm:~# sudo -u git -H bundle exec rake gitlab:ldap:check >> RAILS_ENV=production >> Could not locate Gemfile >> >> >> The gitlab web interface is up and running and I can try and auth with my >> LDAP creds, but I get an error. >> >> Any idea how to make that convoluted and confusing bundle exec rake thing >> work? >> > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/d197765f-59e3-4aaf-aa59-24241974db09%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
