Fatal编程技术网
  • ldap/
  • Gitlab CE:使用ldapjs进行LDAP身份验证

Gitlab CE:使用ldapjs进行LDAP身份验证

ldap gitlab

Gitlab CE:使用ldapjs进行LDAP身份验证,ldap,gitlab,ldapjs,Ldap,Gitlab,Ldapjs,我正在我公司的SSO上构建一个LDAP适配器,以便人们可以通过它登录gitlab My LDAP Adapter是使用ldapjs构建的,并返回以下对象: { dn: 'cn=test, o=sso', attributes: { cn: 'test', uid: 'test', mail: 'test@test.com', objectclass: 'user' } } 我总是以无法从Ldapmain对您进行身份验证而告终,因为“凭据无效”

我正在我公司的SSO上构建一个LDAP适配器,以便人们可以通过它登录gitlab

My LDAP Adapter是使用ldapjs构建的,并返回以下对象:

{ dn: 'cn=test, o=sso',
  attributes: 
   { cn: 'test',
     uid: 'test',
     mail: 'test@test.com',
     objectclass: 'user' 
   } 
}
我总是以无法从Ldapmain对您进行身份验证而告终,因为“凭据无效”

  • 是否有其他信息可以帮助我解决问题
  • 我的配置中是否存在明显的问题
  • 在哪里可以获得更完整的日志来诊断问题
    • 我的测试用户 配置 gitlab.rb

    gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP_SSO'
    host: 'localhost'
    port: 1389
    uid: 'mail'
    method: 'plain' # "tls" or "ssl" or "plain"
    bind_dn: 'cn=root'
    password: 'secret'
    active_directory: false
    allow_username_or_email_login: true
    block_auto_created_users: true
    base: 'o=sso'
    user_filter: ''
EOS
    日志 独角兽日志

    root@xxx:/var/log/gitlab# cat /var/log/gitlab/unicorn/unicorn_stdout.log
I, [2015-11-30T13:42:37.350694 #22372]  INFO -- omniauth: (ldapmain) Callback phase initiated.
E, [2015-11-30T13:42:37.392395 #22372] ERROR -- omniauth: (ldapmain) Authentication failure!    invalid_credentials encountered.
    gitlab rails/production.log

    Started POST "/users/auth/ldapmain/callback" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"test@test.com", "password"=>"[FILTERED]"}
Redirected to http://localhost:8080/users/sign_in
Completed 302 Found in 37ms (ActiveRecord: 3.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by SessionsController#new as HTML
Completed 200 OK in 55ms (Views: 33.2ms | ActiveRecord: 1.3ms)
    您将讨论创建自定义LDAP提供程序,然后展示标准LDAP配置。这些是如何组合在一起的?如果没有这一点,很难想象您已经构建了什么以及为什么它不能工作。您将讨论创建自定义LDAP提供程序,然后展示标准LDAP配置。这些是如何组合在一起的?没有这个,很难想象你已经建立了什么,为什么它不起作用。 
    root@xxx:/var/log/gitlab# cat /var/log/gitlab/unicorn/unicorn_stdout.log
I, [2015-11-30T13:42:37.350694 #22372]  INFO -- omniauth: (ldapmain) Callback phase initiated.
E, [2015-11-30T13:42:37.392395 #22372] ERROR -- omniauth: (ldapmain) Authentication failure!    invalid_credentials encountered.

    Started POST "/users/auth/ldapmain/callback" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"test@test.com", "password"=>"[FILTERED]"}
Redirected to http://localhost:8080/users/sign_in
Completed 302 Found in 37ms (ActiveRecord: 3.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2015-11-30 14:10:41 +0100
Processing by SessionsController#new as HTML
Completed 200 OK in 55ms (Views: 33.2ms | ActiveRecord: 1.3ms)