Fatal编程技术网
  • active-directory/
  • Active directory 带有AD的LDAP在正确的绑定凭据(gitlab CE)上失败

Active directory 带有AD的LDAP在正确的绑定凭据(gitlab CE)上失败

active-directory ldap

Active directory 带有AD的LDAP在正确的绑定凭据(gitlab CE)上失败,active-directory,ldap,gitlab-ce,Active Directory,Ldap,Gitlab Ce,我在让LDAP与AD一起工作时遇到了不少问题。我一直收到一个错误: Checking LDAP ... Server: ldapmain LDAP authentication... Failed. Check `bind_dn` and `password` configuration values LDAP users with access to your GitLab server (only showing the first 100 results) Checking LDAP

我在让LDAP与AD一起工作时遇到了不少问题。我一直收到一个错误:

Checking LDAP ...

Server: ldapmain
LDAP authentication... Failed. Check `bind_dn` and `password` configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished
通过安装文档中推荐的ldapsearch工具搜索时,我输入的绑定凭据是正确的

ldapsearch-D“CN=svcXXXX,OU=Service Accounts,DC=example,DC=com”-w xxxxxxxxx-p 389-h ad1.example.com-b“OU=Service Accounts,DC=example,DC=com”-Z-s sub“CN=svcXXXX”

返回:

# extended LDIF
#
# LDAPv3
# base <ou=Service Accounts, dc=example, dc=com> with scope subtree
# filter: cn=svcXXXX
# requesting: ALL
#

# svcXXXX, Service Accounts, example.com
dn: CN=svcXXXX,OU=Service Accounts,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: svcXXXX
givenName: svcXXXX
distinguishedName: CN=svcXXXX,OU=Service Accounts,DC=example,DC=com
instanceType: 4
whenCreated: 20181205180214.0Z
whenChanged: 20181207185222.0Z
displayName: svcXXXX
uSNCreated: 9115963
uSNChanged: 9212107
name: svcXXXX
objectGUID:: RnXqubGy+0SWLRBioux+Kg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 131886831858468369
lastLogon: 131886832317687032
pwdLastSet: 131885065347048037
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAnwENExQX4Uw3YpINzqYAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: svcXXXX
sAMAccountType: 805306368
userPrincipalName: svcXXXX@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20181205180229.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131886823425342646

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
谁能给我指出正确的方向吗?谢谢

您的
bind\u dn
看起来不对劲。你有:

CN=svcXXXX, CN=Service Accounts, DC=example, DC=com
但是
ldapsearch
的输出显示:

CN=svcXXXX,OU=Service Accounts,DC=example,DC=com
注意逗号后面不应该有空格,你应该有
OU=Service Accounts
,而不是
CN=Service Accounts

哇,我的眼睛不好,我真的应该注意到这一点。再次感谢,没问题。每个人都会这样:) 
CN=svcXXXX,OU=Service Accounts,DC=example,DC=com