I can't login ldap users
Hello all, i've configured my GitLab server to authenticate users with my openldap server. I get this error:
Could not authenticate you from Ldapmain because "Invalid credentials for newuser1".
My openldap server is working fine with TLS, i can use ldapsearch from gitlab server to openldapserver, the communication between servers seems correct
My gitlab.rb config:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'LDAP',
'host' => 'ldap.myhost.com',
'port' => 389,
'uid' => 'uid',
'encryption' => 'start_tls',
'verify_certificates' => false,
'bind_dn' => 'cn=admin,dc=host,dc=com',
'password' => 'password',
'active_directory' => false,
'allow_username_or_email_login' => true,
'base' => 'dc=host,dc=com',
'group_base' => 'cn=grups,dc=host,dc=com',
'admin_group' => 'admingroup'
i've been testing with an infinite number of configurations without success
If i try the gitlab check see the users:
gitlab-rake gitlab:ldap:check
Checking LDAP ...
Server: ldapmain
not verifying SSL hostname of LDAPS server 'ldap.host.com:389'
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)
DN: uid=user1,ou=users,dc=host,dc=com uid: user1
DN: uid=user2,ou=users,dc=host,dc=com uid: user2
DN: uid=newuser1,ou=users,dc=host,dc=com uid: newuser1
Checking LDAP ... Finished
The ldif of example user:
dn: uid=newuser1,ou=users,dc=host,dc=com
uid: newuser1
cn: newuser1
sn: newuser1
mail: newuser1@host.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXX
shadowLastChange: 17449
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1010
gidNumber: 1010
homeDirectory: /home/newuser1
info
gitlab-rake gitlab:env:info
System information
System: Ubuntu 18.04
Proxy: no
Current User: git
Using RVM: no
Ruby Version: 2.4.5p335
Gem Version: 2.7.6
Bundler Version:1.16.6
Rake Version: 12.3.1
Redis Version: 3.2.12
Git Version: 2.18.1
Sidekiq Version:5.2.1
Go Version: unknown
GitLab information
Version: 11.5.5-ee
Revision: e515ce95
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
DB Version: 9.6.8
HTTP Clone URL: http://gitlab.host.com/some-group/some-project.git
SSH Clone URL: git@gitlab.host.com:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: yes
Omniauth Providers:
GitLab Shell
Version: 8.4.1
Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/git
/var/log/gitlab/gitlab-rails/production.log
Started POST "/users/auth/ldapmain/callback" for 80.xx.xx.xx at 2019-01-08 17:33:02 +0100 Processing by OmniauthCallbacksController#failure as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"newuser1", "password"=>"[FILTERED]"} Redirected to http://gitlab.host.com/users/sign_in Completed 302 Found in 17ms (ActiveRecord: 1.6ms | Elasticsearch: 0.0ms) Started GET "/users/sign_in" for 80.32.150.50 at 2019-01-08 17:33:03 +0100 Processing by SessionsController#new as HTML
thanks in advance