使用开放LDAP配置GitLab

时间:2016-07-28 10:41:20

标签: git ldap gitlab openldap

我正在尝试使用gitlab配置openldap以验证用户身份。我已经配置了openldap,它与Jenkins一起工作正常。但是对于gitlab,它会给出错误Could not authenticate you from Ldapmain because "Invalid credentials".

以下是gitlab.rb配置:

gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: 'localhost'
     port: 389
     uid: 'uid'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=admin,dc=ldap,dc=com'
     password: 'waqas'
     active_directory: false
     allow_username_or_email_login: true
    #block_auto_created_users: false
     base: 'cn=Appliance,dc=ldap,dc=com'
     user_filter: ''
# attributes:
#   username: ['uid', 'userid', 'sAMAccountName']
#   email:    ['mail', 'email', 'userPrincipalName']
#   name:       'cn'
#       first_name: 'givenName'
#       last_name:  'sn'
#     ## EE only
#    group_base: 'ou=W-Integrate,dc=ldap,dc=com'
     #admin_group: 'cn=admin,dc=ldap,dc=com'
#     sync_ssh_keys: false
#

 EOS

enter image description here 我的openLDAP屏幕截图也附有。任何人都能纠正我的错误。

1 个答案:

答案 0 :(得分:2)

您的群组不应该是用户(或inetOrgPerson,用户组cn=Appliance),dc entries应限制为a base dn

base: 'dc=ldap,dc=com'

这与bind_dn不同,绑定帐户确实引用了用户:bind_dn: 'cn=admin,dc=ldap,dc=com':那里有一个cn

相关问题
最新问题