位于/etc/gitlab/gitlab.rb的我的LDAP配置如下:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '10.3.32.11'
port: 389
uid: 'sAMAccountName'
bind_dn: 'CN=svc gitlab,CN=Users,DC=VPN,DC=Local'
password: 'PASSWORD'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: true
block_auto_created_users: false
base: 'ou=vpnusers,dc=vpn,dc=local'
user_filter: '(&(objectCategory=user)(memberOf=CN=appGitLab,ou=vpnusers,dc=vpn,dc=local))'
EOS
我在这些配置更改之后先运行了gitlab-ctl reconfigure
和gitlab-ctl restart
。
编辑: 我的production.log输出如下:
Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started POST "/users/auth/ldapmain/callback" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by OmniauthCallbacksController#failure as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"aaron.west", "password"=>"[FILTERED]"}
Redirected to http://10.3.18.80/users/sign_in
Completed 302 Found in 279ms (ActiveRecord: 1.8ms | Elasticsearch: 0.0ms)
Started GET "/users/sign_in" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by SessionsController#new as HTML
Completed 200 OK in 35ms (Views: 18.9ms | ActiveRecord: 2.4ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:57:58 -0500
Processing by MetricsController#index as HTML
Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:58:13 -0500
Processing by MetricsController#index as HTML
您知道为什么我在登录LDAP后仍然看到Could not authorize you from LDAP because "Invalid credentials"
吗?
答案 0 :(得分:0)
有一项任务可以检查您的LDAP配置是否正确,并获取一些可能的LDAP用户的示例:LDAP Rake Tasks
LDAP检查Rake任务将测试bind_dn和密码凭据(如果已配置),并将列出LDAP用户的样本。此任务也作为gitlab:check任务的一部分执行,但可以使用以下命令独立运行。
Omnibus安装
fileprivate func handleVideoSelectedForUrl(_ url: URL) { let filename = UUID().uuidString + ".mov" let uploadTask = Storage.storage().reference().child("message_movies").child(filename).putFile(from: url, metadata: nil, completion: { (metadata, error) in if error != nil { print("Failed upload of video:", error!) return } **if let videoUrl = metadata?.downloadURL()?.absoluteString** { if let thumbnailImage = self.thumbnailImageForFileUrl(url) { **self.uploadToFirebaseStorageUsingImage(thumbnailImage, completion:** { (imageUrl) in let properties: [String: AnyObject] = ["imageUrl": imageUrl as AnyObject, "imageWidth": thumbnailImage.size.width as AnyObject, "imageHeight": thumbnailImage.size.height as AnyObject, "videoUrl": videoUrl as AnyObject] self.sendMessageWithProperties(properties) }) } } }) uploadTask.observe(.progress) { (snapshot) in if let completedUnitCount = snapshot.progress?.completedUnitCount { self.navigationItem.title = String(completedUnitCount) } } uploadTask.observe(.success) { (snapshot) in self.navigationItem.title = self.user?.name } } fileprivate func handleImageSelectedForInfo(info: [String: AnyObject]) { var selectedImageFromPicker: UIImage? if let editedImage = info["UIImagePickerControllerEditedImage"] as? UIImage { selectedImageFromPicker = editedImage } else if let originalImage = info["UIImagePickerControllerOriginalImage"] as? UIImage { selectedImageFromPicker = originalImage } if let selectedImage = selectedImageFromPicker { **uploadToFirebaseStorageUsingImage(selectedImage, completion: {(imageUrl)** in self.sendMessageWithImageUrl(imageUrl, image: selectedImage) }) } }
源安装
sudo gitlab-rake gitlab:ldap:check
默认情况下,该任务将返回100个LDAP用户的样本。通过将数字传递给检查任务来更改此限制:
sudo -u git -H bundle exec rake gitlab:ldap:check RAILS_ENV=production