Reputation: 362
Gitlab Authentication returns invalid username or password (LDAP pane missing)
I have users in active directory LDAP (each have a username and email set). I configured LDAP authentication in gitlab.rb and ran "gitlab-ctl reconfigure". I user Gitlab Community Edition. The following command returns the users so configuration seems ok "sudo gitlab-rake gitlab:ldap:check". Returns :
LDAP: ... Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results)
DN: cn=Mike Gordon,cn=users,dc=ad,dc=mydomain,dc=com sAMAccountName: mike.gordon
... here other users
I'm trying to login with LDAP username mike.gordon and corresponding password on "Sign in" gitlab pane but i get "invalid username or password". Some screenshots show that there is an LDAP pane but it's not displayed even with : gitlab_rails['prevent_ldap_sign_in'] = false
this is my configuration :
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'myAdUrl'
port: 3268
uid: 'sAMAccountName'
bind_dn: 'CN=serveur-ovh,CN=Users,dc=ad,dc=mydomain,dc=com'
password: 'adpassword'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
active_directory: true
allow_username_or_email_login: false
base: 'dc=ad,dc=mydomain,dc=com'
user_filter: ''
#lowercase_usernames: false
#block_auto_created_users: false
#verify_certificates: true
#smartcard_auth: false
### EE only
Thank you very much in advance for you help.
Upvotes: 1
Views: 2207
Answers (1)
Reputation: 1706
Comparing your configuration to mine, I have a user_filter value
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ADHostname.example.com'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'cn=UserID,ou=SystemAccounts,dc=example,dc=com'
password: 'AccountPasswordGoesHere'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'ou=ResourceUsers,dc=example,dc=com'
user_filter: '(&(sAMAccountName=*))' # Can add attribute value to restrict authorized users to GitLab access, we leave open to all valid user accounts in the OU. Should be able to authorize based on group membership using linked attribute value like (&(memberOf=cn=group,ou=groupOU,dc=example,dc=com))
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
EOS
Upvotes: 0
Related Questions
- Could not authenticate you from Ldapmain because "Invalid credentials for user.name"
- Gitlab EE - LDAP Authentication gives empty list
- Can't login/enter admin mode with LDAP
- GitLab authentication failure with Github account
- Gitlab: LDAP "Invalid credentials", but credentials are right
- LDAP with AD is failing on correct bind credentials (gitlab CE)
- invalid credentials - LDAP access error in git community edition
- LDAP Configuration not working on Gitlab CE 8.12
- Gitlab LDAP Authentication
- LDAP with gitlab: Undefined method persisted