I am having quite a bit of trouble getting LDAP to work with AD. I keep receiving an error:
Checking LDAP ...
Server: ldapmain
LDAP authentication... Failed. Check `bind_dn` and `password` configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP ... Finished
The bind credentials that I have entered are correct when I am searching them through the ldapsearch tool recommended in the setup docs.
ldapsearch -D "CN=svcXXXX,OU=Service Accounts,DC=example,DC=com" -w xxxxxxxxxx -p 389 -h ad1.example.com -b "ou=Service Accounts, dc=example, dc=com" -Z -s sub "cn=svcXXXX"
Returns:
# extended LDIF
#
# LDAPv3
# base <ou=Service Accounts, dc=example, dc=com> with scope subtree
# filter: cn=svcXXXX
# requesting: ALL
#
# svcXXXX, Service Accounts, example.com
dn: CN=svcXXXX,OU=Service Accounts,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: svcXXXX
givenName: svcXXXX
distinguishedName: CN=svcXXXX,OU=Service Accounts,DC=example,DC=com
instanceType: 4
whenCreated: 20181205180214.0Z
whenChanged: 20181207185222.0Z
displayName: svcXXXX
uSNCreated: 9115963
uSNChanged: 9212107
name: svcXXXX
objectGUID:: RnXqubGy+0SWLRBioux+Kg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 131886831858468369
lastLogon: 131886832317687032
pwdLastSet: 131885065347048037
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAnwENExQX4Uw3YpINzqYAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: svcXXXX
sAMAccountType: 805306368
userPrincipalName: svcXXXX@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20181205180229.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131886823425342646
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
My gitlab.rb LDAP configuration is below:
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'GitLab AD',
'host' => 'ad1.example.com',
'port' => 389,
'verify_certificates' => true,
'uid' => 'sAMAccountName',
'encryption' => 'plain',
'bind_dn' => 'CN=svcXXXX, CN=Service Accounts, DC=example, DC=com',
'password' => 'xxxxxxxxxxxxxx',
'active_directory' => true,
'base' => 'OU=Domain Users,OU=Head Office,DC=example,DC=com',
}
}
Can anyone point me in the right direction? Thanks