I have two machines with CentOS 7.0 on each one. The first one is domain controller with OpenLDAP only. I configured OpenLDAP according this tutorial: http://www.server-world.info/en/note?os=CentOS_7&p=openldap
Then, I have another machine with GitLab. I'm trying to configure LDAP authentication, but each time I receive 'Invalid Credentials' error.
My GitLab config:
gitlab-rails": {
"ldap_enabled": true,
"ldap_servers": {
"main": {
"label": "LDAP",
"host": "192.168.50.4",
"port": 389,
"uid": "uid",
"method": "plain",
"bind_dn": "CN=gitlab,OU=people,DC=courseproject,DC=org",
"password": "mypass",
"active_directory": false,
"allow_username_or_email_login": false,
"base": "OU=people,DC=courseproject,DC=org",
"user_filter": ""
}
I have to use plain auth and LDAP, not LDAPS for another project.
My users & groups configuration:
dn: dc=courseproject,dc=org
objectClass: top
objectClass: dcObject
objectclass: organization
o: courseproject org
dc: courseproject
dn: cn=admin,dc=courseproject,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: mySHApass
dn: ou=people,dc=courseproject,dc=org
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=courseproject,dc=org
objectClass: organizationalUnit
ou: groups
I'm not really familiar with OpenLDAP, had only previous experience with AD.
What information can I provide for investigating this issue?
Best Answer
First of all, you shall probably change the configuration for
allow_username_or_email_login
totrue
.Then you probably want to create a group
gitlabusers
holding the users you wish to grant access to the server and modify theuser_filter
to'(memberOf=cn=gitlabusers,ou=groups,dc=courseproject,dc=org)'
Then apply the changes using
gitlab-ctl reconfigure
and check the LDAP configuration usingUnless this command succeed to give you the list of users you expect, you have a mistake in your configuration...
For info, my below configuration (against a FreeIPA server) works: