0

We are trying to integrate our local Gitlab CE installation (omnibus, version 8.12) with our LDAP server. Unfortunately, after several changes to the following configuration, we have not been able to figure out the right config.

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
  label: 'LDAP'
  host: '******.******.***'
  port: 389
  uid: 'sAMAccountName'
  method: 'plain' # "tls" or "ssl" or "plain"

  bind_dn: 'uid=******,ou=******,o=Applications,o=******,c=******'
  password: '**********'

  timeout: 10

  active_directory: true

  allow_username_or_email_login: false

  block_auto_created_users: false

  base: 'o=******'

  user_filter: ''

  attributes:
    username: ['uid', 'userid', 'sAMAccountName']
    email:    ['mailExterno', 'mail', 'email', 'userPrincipalName']

    name:       'cn'
    first_name: 'givenName'
    last_name:  'sn'

  ## EE only

  group_base: ''

  admin_group: ''

  sync_ssh_keys: false

EOS

Executing the LDAP check displays zero users:

[root@myserver mydir]# gitlab-rake gitlab:ldap:check
Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain

Checking LDAP ... Finished

We have dozens of users in our LDAP server and many applications (such as Redmine, Jenkins, Svn....) integrated with it without problems...

Any ideas on what are we doing wrong with Gitlab?

Help would be very much appreciated.

Romén Rodríguez-Gil
  • 393
  • 1
  • 17
  • 1
    I had similar problems setting up LDAP when I started using Gitlab. Probably is something related to the configs `bind_dn` and `base`. Try some different combinations until you find the right one. It seems that you have no CN or DC in your configuration, that could probably be the cause. – alejdg Mar 09 '17 at 14:26
  • 1
    Too add to @alejdg, you should use a distinguished name for both properties. If you are using the sAMAccountName for auth then set `allow_username_or_email_login` to true. – Fairy Mar 13 '17 at 12:14
  • Thanks your comments. Finally, we have found the solution. I have posted it as an answer below, just in case someone else finds it useful. – Romén Rodríguez-Gil Mar 16 '17 at 11:05

1 Answers1

2

Finally we found the solution. I'm posting the answer here just in case someone else reading this and facing similar issues might find it useful.

The LDAP server I was connecting to was not an Active Directory, so the configuration changes I needed to do where:

  #...

  uid: 'uid'

  #...

  active_directory: false

  #...

A very important aspect to take into account is that, in order to apply the changes, restarting gitlab is not enough, we should execute reconfigure:

sudo gitlab-ctl reconfigure
Romén Rodríguez-Gil
  • 393
  • 1
  • 17