LDAP login: "The change you wanted was rejected"
I'm trying to get LDAP login working for Gitlab. However, whether I use correct or incorrect login credentials, I always get the following error message when trying to login:
422
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
In production.log
I get:
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:176:in `handle_unverified_request'
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:202:in `handle_unverified_request'
devise (3.2.4) lib/devise/controllers/helpers.rb:182:in `handle_unverified_request'
actionpack (4.1.1) lib/action_controller/metal/request_forgery_protection.rb:197:in `verify_authenticity_token'
activesupport (4.1.1) lib/active_support/callbacks.rb:424:in `block in make_lambda'
activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `call'
activesupport (4.1.1) lib/active_support/callbacks.rb:160:in `block in halting'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.1) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.1) lib/active_support/callbacks.rb:86:in `call'
activesupport (4.1.1) lib/active_support/callbacks.rb:86:in `run_callbacks'
actionpack (4.1.1) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.1.1) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.1.1) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
activesupport (4.1.1) lib/active_support/notifications.rb:159:in `block in instrument'
activesupport (4.1.1) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.1.1) lib/active_support/notifications.rb:159:in `instrument'
actionpack (4.1.1) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.1.1) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
....
My LDAP configuration in gitlab.rb
:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
main:
label: 'My LDAP'
host: '127.0.0.1'
port: 389
uid: 'uid'
method: 'plain'
bind_dn: 'userid=gitlab,ou=server,ou=groups,dc=foo,dc=com'
password: 'PASSWORD'
active_directory: false
allow_username_or_email_login: false
base: 'ou=users,dc=foo,dc=com'
#user_filter: '(objectClass=person)' # tried this, too
user_filter: ''
EOS
There is only one user in my LDAP directory. There is already a normal (non-LDAP) user registered with GitLab that has the same e-mail address.
When ngrep
ing the network traffic on port 389 I can recognize additional information (unknown to GitLab) about the LDAP user account I'm trying to login with.
- Debian 7.7
- Gitlab 7.4.0-omnibus-1
- OpenLDAP
Please note that I'm new to LDAP in general. Perhaps my config is wrong, but the error message doesn't help much.