Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/javascript/368.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时_Ldap_Gitlab_Redhat - Fatal编程技术网
Fatal编程技术网
  • ldap/
  • gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时

gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时

ldap gitlab

gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时,ldap,gitlab,redhat,Ldap,Gitlab,Redhat,我的LDAP配置位于/etc/gitlab/gitlab.rb,如下所示: gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP' host: '10.3.32.11' port: 389

我的LDAP配置位于/etc/gitlab/gitlab.rb,如下所示:

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: '10.3.32.11'
    port: 389
    uid: 'sAMAccountName'
    bind_dn: 'CN=svc gitlab,CN=Users,DC=VPN,DC=Local'
    password: 'PASSWORD'
    encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
    verify_certificates: false
    active_directory: true
    allow_username_or_email_login: true
    lowercase_usernames: true
    block_auto_created_users: false
    base: 'ou=vpnusers,dc=vpn,dc=local'
    user_filter: '(&(objectCategory=user)(memberOf=CN=appGitLab,ou=vpnusers,dc=vpn,dc=local))'
EOS

Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started POST "/users/auth/ldapmain/callback" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"aaron.west", "password"=>"[FILTERED]"}
Redirected to http://10.3.18.80/users/sign_in
Completed 302 Found in 279ms (ActiveRecord: 1.8ms | Elasticsearch: 0.0ms)
Started GET "/users/sign_in" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by SessionsController#new as HTML
Completed 200 OK in 35ms (Views: 18.9ms | ActiveRecord: 2.4ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:57:58 -0500
Processing by MetricsController#index as HTML
Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:58:13 -0500
Processing by MetricsController#index as HTML
知道为什么我一直看到
无法从LDAP授权您,因为LDAP登录时“凭据无效”

有一项任务,您可以检查LDAP配置是否正常,并获取一些可能的LDAP用户示例:

LDAP check Rake任务将测试绑定dn和密码凭据(如果已配置),并将列出LDAP用户的示例。此任务也作为gitlab:check任务的一部分执行,但可以使用下面的命令独立运行

综合安装 
sudo-gitlab-rake-gitlab:ldap:check

源安装 
sudo-u git-H bundle exec rake gitlab:ldap:check RAILS\u ENV=production

默认情况下,任务将返回100个LDAP用户的示例。通过向检查任务传递一个数字来更改此限制:

rake-gitlab:ldap:check[50]

您确定
sAMAccountName
是usenames的正确LDAP字段,并且您确定看到错误消息的用户使用的是正确的sAMAccountName吗?例如,您可以将其更改为
mail
,以允许使用电子邮件地址登录。您可以参考以下答案: