Try:
*uid: 'sAMAccountName'*
Wrong configuration "uid 'userPrincipalName'
Em quarta-feira, 24 de fevereiro de 2016 12:59:22 UTC-3, Martin Ford
escreveu:
>
> Hi,
>
> I'm trying to configure a GitLab EE instance (in a docker container) to
> use LDAP (the AD kind) for authentication and authorisation. The LDAP
> config section (sanitised) in my /etc/gitlab/gitlab.rb looks like:
>
> gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this
> block with 'EOS' below
>
> main: # 'main' is the GitLab 'provider ID' of this LDAP server
>
> label: 'LDAP'
>
> host: 'ldap.example.net'
>
> port: 389
>
> uid: 'userPrincipalName'
>
> method: 'plain' # "tls" or "ssl" or "plain"
>
> bind_dn: ‘***’
>
> password: ‘***’
>
> active_directory: true
>
> allow_username_or_email_login: false
>
> block_auto_created_users: false
>
> base: 'DC=example,DC=com'
>
> user_filter: '(userPrincipalName={0})'
>
> attributes:
>
> username: ['uid', 'userid', 'sAMAccountName']
>
> email: ['mail', 'email', 'userPrincipalName']
>
> name: 'cn'
>
> first_name: 'givenName'
>
> last_name: 'sn'
>
> ## EE only
>
> group_base: 'OU=Access Control,DC=example,DC=com'
>
> admin_group: 'AC-GitLab-Owners’
>
> sync_ssh_keys: false
>
> EOS
>
>
> And this seems to work okay up to a point, in that when I attempt to sign
> in to GitLab with my LDAP credentials a GitLab User is created with the
> correct LDAP uid. However, the login actually fails displaying the
> following error:
>
>
> Could not authenticate you from Ldapmain because "Undefined method `uid'
> for nil:nilclass".
>
> Looking in the logs (obtained using 'docker logs' and sanitised) I see the
> following:
>
> ==> /var/log/gitlab/gitlab-rails/application.log <==
>
> February 24, 2016 14:36: User "Me” ([email protected] <javascript:>) was
> created
>
>
> ==> /var/log/gitlab/gitlab-rails/production.log <==
>
> [1m[36mSystemHook Load (0.5ms)[0m [1mSELECT "web_hooks".* FROM
> "web_hooks" WHERE "web_hooks"."type" IN ('SystemHook') ORDER BY
> "web_hooks"."id" DESC[0m
>
> [1m[35mNamespace Load (0.3ms)[0m SELECT "namespaces".* FROM
> "namespaces" WHERE "namespaces"."owner_id" = $1 AND "namespaces"."type" IS
> NULL ORDER BY "namespaces"."id" DESC LIMIT 1 [["owner_id", 10]]
>
> [1m[36mUser Load (3.7ms)[0m [1mSELECT "users".* FROM "users" WHERE
> "users"."id" = $1 ORDER BY "users"."id" DESC LIMIT 1[0m [["id", 10]]
>
> [1m[35mNamespace Exists (0.7ms)[0m SELECT 1 AS one FROM "namespaces"
> WHERE "namespaces"."name" = 'me’ LIMIT 1
>
> [1m[36mNamespace Exists (0.4ms)[0m [1mSELECT 1 AS one FROM
> "namespaces" WHERE LOWER("namespaces"."path") = LOWER(‘me’) LIMIT 1[0m
>
> [1m[35mSQL (1.3ms)[0m INSERT INTO "namespaces" ("path", "name",
> "owner_id", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5)
> RETURNING "id" [["path", “me”], ["name", “me”], ["owner_id", 10],
> ["created_at", "2016-02-24 14:36:41.697501"], ["updated_at", "2016-02-24
> 14:36:41.697501"]]
>
> [1m[36mNamespace Exists (0.3ms)[0m [1mSELECT 1 AS one FROM
> "namespaces" WHERE ("namespaces"."name" = ‘me’ AND "namespaces"."id" != 11)
> LIMIT 1[0m
>
> [1m[35mNamespace Exists (0.4ms)[0m SELECT 1 AS one FROM "namespaces"
> WHERE (LOWER("namespaces"."path") = LOWER(‘me’) AND "namespaces"."id" !=
> 11) LIMIT 1
>
> [1m[36m (1.0ms)[0m [1mCOMMIT[0m
>
>
> ==> /var/log/gitlab/gitlab-rails/application.log <==
>
> February 24, 2016 14:36: (OAuth) saving user [email protected]
> <javascript:> from login with extern_uid =>
> CN=Me,OU=Users,OU=Example,DC=example,DC=com
>
>
> ==> /var/log/gitlab/gitlab-rails/production.log <==
>
> [1m[35mIdentity Load (0.3ms)[0m SELECT "identities".* FROM
> "identities" WHERE "identities"."user_id" = $1 AND (provider LIKE 'ldap%')
> ORDER BY "identities"."id" DESC LIMIT 1 [["user_id", 10]]
>
> [1m[36mSQL (0.5ms)[0m [1mSELECT "namespaces"."id" AS t0_r0,
> "namespaces"."name" AS t0_r1, "namespaces"."path" AS t0_r2,
> "namespaces"."owner_id" AS t0_r3, "namespaces"."created_at" AS t0_r4,
> "namespaces"."updated_at" AS t0_r5, "namespaces"."type" AS t0_r6,
> "namespaces"."description" AS t0_r7, "namespaces"."avatar" AS t0_r8,
> "namespaces"."membership_lock" AS t0_r9,
> "namespaces"."share_with_group_lock" AS t0_r10, "ldap_group_links"."id" AS
> t1_r0, "ldap_group_links"."cn" AS t1_r1, "ldap_group_links"."group_access"
> AS t1_r2, "ldap_group_links"."group_id" AS t1_r3,
> "ldap_group_links"."created_at" AS t1_r4, "ldap_group_links"."updated_at"
> AS t1_r5, "ldap_group_links"."provider" AS t1_r6 FROM "namespaces" LEFT
> OUTER JOIN "ldap_group_links" ON "ldap_group_links"."group_id" =
> "namespaces"."id" WHERE "namespaces"."type" IN ('Group') AND
> ("ldap_group_links"."id" IS NOT NULL) AND "ldap_group_links"."provider" =
> $1 ORDER BY "namespaces"."id" DESC[0m [["provider", "ldapmain"]]
>
> Instantiating Gitlab::LDAP::Group with LDIF:
>
> dn: CN=AC-GitLab-Owners,OU=Access Control,DC=example,DC=com
>
> cn: AC-GitLab-Owners
>
> description: GitLab Owners Group
>
> distinguishedname: CN=AC-GitLab-Owners,OU=Access Control,DC=example,DC=com
>
> dscorepropagationdata: 16010101000000.0Z
>
> grouptype: -2147483640
>
> instancetype: 4
>
> member: CN=Me,OU=Users,OU=Example,DC=example,DC=com
>
> member: CN=You,OU=Users,OU=Example,DC=example,DC=com
>
> name: AC-GitLab-Owners
>
> objectcategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
>
> objectclass: top
>
> objectclass: group
>
> objectguid:: ***
>
> objectsid:: ***
>
> samaccountname: AC-GitLab-Owners
>
> samaccounttype: 268435456
>
> usnchanged: 1073273
>
> usncreated: 575588
>
> whenchanged: 20151207124528.0Z
>
> whencreated: 20151008121610.0Z
>
>
> Completed 500 Internal Server Error in 738ms (ActiveRecord: 36.3ms)
>
>
> ==> /var/log/gitlab/unicorn/unicorn_stdout.log <==
>
> E, [2016-02-24T14:36:41.882950 #17944] ERROR -- omniauth: (ldapmain)
> Authentication failure! ldap_error: NoMethodError, undefined method `uid'
> for nil:NilClass
>
>
> ==> /var/log/gitlab/gitlab-rails/production.log <==
>
> Processing by OmniauthCallbacksController#failure as HTML
>
> Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]",
> "username"=>”[email protected] <javascript:>", "password"=>"[FILTERED]"}
>
> [1m[35mUser Load (0.9ms)[0m SELECT "users".* FROM "users" WHERE
> "users"."authentication_token" = $1 ORDER BY "users"."id" DESC LIMIT 1
> [["authentication_token", “***”]]
>
> [1m[36m (0.4ms)[0m [1mBEGIN[0m
>
> [1m[35m (0.4ms)[0m ROLLBACK
>
> Redirected to http://localhost/users/sign_in
>
> Completed 302 Found in 67ms (ActiveRecord: 1.7ms)
>
>
> So GitLab is happy creating my user, and it's happy retrieving the
> AC-GitLab-Owners group from LDAP, but it bombs out straight after that with
> the "undefined method `uid' for nil:NilClass".
>
>
> What am I missing? Any suggestions very gratefully received?
>
>
> Thanks. Martin.
>
--
You received this message because you are subscribed to the Google Groups
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/gitlabhq/f9f5a325-bd5c-456b-87a1-c1abd12e6942%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
