I am trying to configure my
openldap to authenticate the users. I have configured the openldap and it is working fine with
Jenkins. But with
gitlab it is giving the error that
Could not authenticate you from Ldapmain because "Invalid credentials".
Below are the
gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP' host: 'localhost' port: 389 uid: 'uid' method: 'plain' # "tls" or "ssl" or "plain" bind_dn: 'cn=admin,dc=ldap,dc=com' password: 'waqas' active_directory: false allow_username_or_email_login: true #block_auto_created_users: false base: 'cn=Appliance,dc=ldap,dc=com' user_filter: '' # attributes: # username: ['uid', 'userid', 'sAMAccountName'] # email: ['mail', 'email', 'userPrincipalName'] # name: 'cn' # first_name: 'givenName' # last_name: 'sn' # ## EE only # group_base: 'ou=W-Integrate,dc=ldap,dc=com' #admin_group: 'cn=admin,dc=ldap,dc=com' # sync_ssh_keys: false # EOS
This differ from
bind_dn, the binding account, which does reference a user:
bind_dn: 'cn=admin,dc=ldap,dc=com': there is a
Note that since GitLab 13.7 (December 2020):
Support for encrypted LDAP credentials
GitLab uses a unified configuration file, for example
gitlab.rbin Omnibus GitLab, which makes configuration easy across all of the bundled services.
Included in this configuration file are some secrets, like the
credentials to authenticate to the LDAP server.
While access to this file does require elevated privileges, best practice
is to separate secrets from configuration.
Omnibus GitLab and Source installs now support encrypted credentials, with the first credential supported being LDAP.
This reduces the sensitivity of the GitLab configuration file, and also helps to achieve customer compliance requirements.
Answered By – VonC