Gitlab Ldap Authentication Settings

authentication ldap gitlab
24,006

Solution 1

The ldap_bind_dn has to be the DN of a user that has read access to the LDAP. As far as I can see you are pointing to a directory structure with OU=Users,DC=dom,DC=com,DC=net. You will have to use that users password as ```

So ldap_bind_dn should read something like uid=userid,OU=Users,DC=com,DC=com,DC=net and ldap_password should then be userids password.

On some LDAP-Servers ldap_bind_dn can be left empty as they allow anonymous bind. In that case the ldap_password has to be left empty also.

Does that make sense? Otherwise feel free to comment!

Solution 2

I have a working GitLab LDAP conf, and the password field have to match with the bind_dn user you choosed.

gitlab_rails['ldap_base'] = 'ou=somehting,dc=foo,dc=bar'
gitlab_rails['ldap_bind_dn'] = 'uid=SOMEONE,ou=somehting,dc=foo,dc=bar'
gitlab_rails['ldap_password'] = 'SOMEONE_PASSWORD'

  • ldap_base is where you search for users

  • ldap_bind_dn is "the user on the external LDAP server permitted to search the LDAP directory within the defined search base."

  • ldap_password is the password for the bind_dn user. So in your case it has to match with the user OU=Users's password.

Share:
24,006
Felix Aballi
Author by

Felix Aballi

Technical Lead

Updated on July 21, 2022

Comments

  • Felix Aballi
    Felix Aballi almost 2 years

    Current Environment:

    • Gitlab Server: Centos 6.5
    • Active Directory: Windows Server 2008 R2

    Could anyone check these fictitious settings for Ldap authentication in Gitlab 7.1.1?

    gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_host'] = 'myserver.dom.com.net'
gitlab_rails['ldap_port'] = 389
gitlab_rails['ldap_uid'] = 'sAMAccountName'
gitlab_rails['ldap_method'] = 'plain' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = 'OU=Users,DC=dom,DC=com,DC=net'
gitlab_rails['ldap_password'] = '????'
gitlab_rails['ldap_allow_username_or_email_login'] = true
gitlab_rails['ldap_base'] = 'DC=dom,DC=com,DC=net'

    Which ldap_bind_dn has to be set in order to Gitlab works (user account equivalent)?

    Which ldap_password has to be set in order to Gitlab works?

    I followed suggestions from: @metaDiego and @heinglandreas. Both were in the right path. So I modified my settings in the lines:

    Solution

    gitlab_rails['ldap_bind_dn'] = 'CN=the_allowed_user_for_access_ldap,OU=Users,DC=dom,DC=com,DC=net'
gitlab_rails['ldap_password'] = 'the_password_of_allowed_user'

    The ldap_bind_dn may vary according to the AD structure and the current level where the allowed user is located.

    My company AD doesn't allow anonymous Ldap queries. So adding those parameters were mandatory.

    Search help in the domain administrators, for getting those parameters.

    Useful article from gitlabhq at Github

    If gitlab_rails['ldap_allow_username_or_email_login'] = true, the login user could be with email format or only domain user.

    Gitlab authentication form

  • Noir
    Noir almost 8 years
    For everyone who's searching a solution which is working in 2016 try this: serverfault.com/questions/707770/…
  • heiglandreas
    heiglandreas almost 8 years
    As long as you authenticate against AD. That solution will not work on any other LDAP-Backend.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Could not authenticate you from Ldapmain because "Invalid credentials for user.name"
How to setup admin user with gitlab with LDAP authentication?
LDAP Authentication on Windows
LDAP authentication failed:data 52e
User authentication over LDAP in asp
Uncategorized exception for using correct credentials in LDAP authentication
How to Deactivate a LDAP User?
Gitlab: LDAP "Invalid credentials", but credentials are right
LDAP vs Relational Database
Tomcat 7.0.14 LDAP authentication