LDAP Connection not possible after upgrade from gitlab 17.2.x to 17.3.x

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Hello everyone,

I have updated one of our Gitlab services from version 17.2.x to 17.3.x (Running on Ubuntu 22.04.4 LTS). However, since the update the LDAP Connect no longer works. I received the following error message:

root@loc2git03:/etc/gitlab/trusted-certs# gitlab-rake -v gitlab:ldap:check
Checking LDAP ...
LDAP: ... Server: ldapmain
Exception: SSL_CTX_load_verify_locations: system lib
Checking LDAP ... Finished

In version 17.2.x the first 100 LDAP users were listed at this point. This is my LDAP configuration:

gitlab_rails['ldap_servers'] = {
  'main' => {
    'label' => 'Ldap',
    'host' =>  'ldap-ha.xxx.xxx.com',
    'encryption' => 'simple_tls',
    'verify_certificates' => false,
    'tls_options' => {
      'ca_file' => '/private/ssl/Customer-RootCA-02.pem'
    },
    'port' => 636,
    'uid' => 'sAMAccountName',
    'trusted_certs' => '/private/ssl/',
    'env' => {"SSL_CERT_DIR" => "/private/ssl/'"},
    'bind_dn' => 'CN=gitlab.ldap,OU=ServiceUsers,OU=DE,OU=Europe,OU=Locations,DC=local,DC=Customer,DC=com',
    'password' => 'xxxxxx',
    'active_directory' => true,
    'base' => 'DC=local,DC=Customer,DC=com',
    'group_base' => 'DC=local,DC=Customer,DC=com',
    'admin_group' => 'GRP.Gitlab_Admins',
    'block_auto_created_users' => 'true'
  }
}

I have already found this forum post: https://forum.gitlab.com/t/ssl-ctx-load-verify-file-bio-lib-could-not-authenticate-you-from-ldapmain-because/110669/5. However, this does not help me as we are overwriting the path.

Perhaps someone has an idea where the problem may lie and can provide a solution.

Thank you very much for your support.

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖