Posting this here because I didn't read the config file all the way. I was following the guide the OP followed and for the life of me couldn't get it setup and working. I finally saw that the "base:" was put into it's own section under the ldap settings I had crammed it all together like the original guide.
So look in your config file and make sure you don't have a line in there (default) that reads base: '' Once I realized/saw that everything started working. I'm connecting to a windows 2003 AD server like the OP. Hope it may be as simple as that. - Josh On Friday, May 30, 2014 7:59:45 AM UTC-6, Kurt Wolf wrote: > > Not sure about 2003 anymore, but I was able to get this to work with our > configuration. > > ldap: > enabled: true > host: 'gallodc01.hcl.internal' > base: 'OU=_Users,OU=-Health_Care_Logistics,DC=hcl,DC=internal' > port: 636 > uid: 'sAMAccountName' > method: 'ssl' # "tls" or "ssl" or "plain" > bind_dn: 'CN=ldap,OU=_Users,OU=-Shared,DC=hcl,DC=internal' > password: '<********>' > # If allow_username_or_email_login is enabled, GitLab will ignore > everything > # after the first '@' in the LDAP username submitted by the user on > login. > # > # Example: > # - the user enters 'jane...@example.com <javascript:>' and > 'p@ssw0rd' as LDAP credentials; > # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. > # > # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you > need to > # disable this setting, because the userPrincipalName contains an '@'. > allow_username_or_email_login: true > > Then our users can just login with their username and password as long as > their user exists within the base DN. > > On Saturday, May 10, 2014 6:34:58 AM UTC-4, Vikas Kumar wrote: >> >> Dear All, >> >> I am have *GitLab v6.8.1* installed on *Ubuntu 14.04 64-Bit *(192.168.1.10) >> server. >> I am looking to enable authentication from *Win 2003 Active Directory >> Server *(192.168.1.200) >> >> As asked here >> <https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html>, >> >> I have created a user *Gitlab *and set its password *Password@123 *(the >> options are slightly different on my AD console). Please see below >> screenshot. >> >> >> <https://lh3.googleusercontent.com/-VIVEW3liW7Q/U23-GqSjyvI/AAAAAAAAAZM/1e4FX-l3KGA/s1600/Gitlab-1.png> >> >> >> I am also attaching BeaverTrail >> <http://adsi.mvps.org/adsi/csharp/beavertail.html> view just in case it >> helps to dig my issue. >> >> >> <https://lh5.googleusercontent.com/-qOkS3ibya_I/U23-aGO_1ZI/AAAAAAAAAZU/u4ppEjFDdNA/s1600/Gitlab-2.png> >> >> >> >> Here is my */home/git/gitlab/config/gitlab.yml* >> >> ldap: >> enabled: true >> host: '192.168.1.200' >> base: 'CN=Users,DC=test,DC=com' >> port: 389 >> uid: 'sAMAccountName' >> method: 'plain' # "tls" or "ssl" or "plain" >> bind_dn: 'CN=Gitlab LDAP,CN=Users,DC=test,DC=com' >> password: 'Password@123' >> >> I am not sure which password is to be provided above. Is it *Gitlab >> user's password* or *Win 2003 AD Administrator's password* ? Anyways, I >> have tried both of them in vain. >> >> Service restarted well without any errors. >> root@box1:~# service gitlab restart >> Shutting down both Unicorn and Sidekiq. >> GitLab is not running. >> Starting both the GitLab Unicorn and Sidekiq >> The GitLab Unicorn web server with pid 2938 is running. >> The GitLab Sidekiq job dispatcher with pid 2970 is running. >> GitLab and all its components are up and running. >> root@box1:~# >> >> To test things out, I have 3 AD users - User1, user2 and user3 which are >> working fine otherwise. >> >> I logged on to http://192.168.1.10 and used my domain credentials as >> below, but none of these worked. >> TEST\User1 >> test.com\User1 >> TEST\user1 >> test.com\user1 >> us...@test.com >> >> I always get this error - "Could not authorize you from LDAP because >> "Invalid credentials". >> >> Regards, >> Vikas >> >> >> -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/aeadc3fc-becf-456f-a980-960fbf81100a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
