1

I am building an LDAP adapter on my company's SSO so people can log-in to gitlab through it.

My LDAP adapther is build with ldapjs and returns the following object :

{ dn: 'cn=test, o=sso',
  attributes: 
   { cn: 'test',
     uid: 'test',
     mail: 'test@test.com',
     objectclass: 'user' 
   } 
}

I always end-up with Could not authenticate you from Ldapmain because "Invalid credentials".

  1. Is there any other information I could provide to help my problem to be solved ?
  2. Is there an obvious problem in my configuration ?
  3. Where can I get more complete logs to diagnose the problem ?

My test user

Name: test
Username: test
Email: test@test.com

Config

gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP_SSO'
    host: 'localhost'
    port: 1389
    uid: 'mail'
    method: 'plain' # "tls" or "ssl" or "plain"
    bind_dn: 'cn=root'
    password: 'secret'
    active_directory: false
    allow_username_or_email_login: true
    block_auto_created_users: true
    base: 'o=sso'
    user_filter: ''
EOS

gitlab-rake gitlab:ldap:check RAILS_ENV=production

root@xxx:/var/log/gitlab# gitlab-rake gitlab:ldap:check RAILS_ENV=production
Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
    DN: cn=test, o=sso   mail: test@test.com

Checking LDAP ... Finished

Logs

unicorn_stdout.log

root@xxx:/var/log/gitlab# cat /var/log/gitlab/unicorn/unicorn_stdout.log
I, [2015-11-30T13:42:37.350694 #22372]  INFO -- omniauth: (ldapmain) Callback phase initiated.
E, [2015-11-30T13:42:37.392395 #22372] ERROR -- omniauth: (ldapmain) Authentication failure!    invalid_credentials encountered.

gitlab-rails/production.log

Started POST "/users/auth/ldapmain/callback" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"test@test.com", "password"=>"[FILTERED]"}
Redirected to http://localhost:8080/users/sign_in
Completed 302 Found in 37ms (ActiveRecord: 3.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by SessionsController#new as HTML
Completed 200 OK in 55ms (Views: 33.2ms | ActiveRecord: 1.3ms)
IggY
  • 3,005
  • 4
  • 29
  • 54
  • You talk about creating a custom LDAP provider and then you show the standard LDAP configuration. How do these fit together? Without this, it's hard to imagine what you've built and why it isn't working. – Drew Blessing Dec 01 '15 at 19:14

0 Answers0