gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时
我的LDAP配置位于/etc/gitlab/gitlab.rb,如下所示:gitlab错误:无法从LDAP授权您,因为;无效凭证“;尝试通过LDAP/AD登录UI时,ldap,gitlab,redhat,Ldap,Gitlab,Redhat,我的LDAP配置位于/etc/gitlab/gitlab.rb,如下所示: gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP' host: '10.3.32.11' port: 389
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '10.3.32.11'
port: 389
uid: 'sAMAccountName'
bind_dn: 'CN=svc gitlab,CN=Users,DC=VPN,DC=Local'
password: 'PASSWORD'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: true
block_auto_created_users: false
base: 'ou=vpnusers,dc=vpn,dc=local'
user_filter: '(&(objectCategory=user)(memberOf=CN=appGitLab,ou=vpnusers,dc=vpn,dc=local))'
EOS
Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started POST "/users/auth/ldapmain/callback" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by OmniauthCallbacksController#failure as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"aaron.west", "password"=>"[FILTERED]"}
Redirected to http://10.3.18.80/users/sign_in
Completed 302 Found in 279ms (ActiveRecord: 1.8ms | Elasticsearch: 0.0ms)
Started GET "/users/sign_in" for 10.88.0.189 at 2018-08-21 12:57:56 -0500
Processing by SessionsController#new as HTML
Completed 200 OK in 35ms (Views: 18.9ms | ActiveRecord: 2.4ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:57:58 -0500
Processing by MetricsController#index as HTML
Completed 200 OK in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/-/metrics" for 127.0.0.1 at 2018-08-21 12:58:13 -0500
Processing by MetricsController#index as HTML
知道为什么我一直看到
无法从LDAP授权您,因为LDAP登录时“凭据无效”
?有一项任务,您可以检查LDAP配置是否正常,并获取一些可能的LDAP用户示例:
LDAP check Rake任务将测试绑定dn和密码凭据(如果已配置),并将列出LDAP用户的示例。此任务也作为gitlab:check任务的一部分执行,但可以使用下面的命令独立运行
综合安装
sudo-gitlab-rake-gitlab:ldap:check
源安装
sudo-u git-H bundle exec rake gitlab:ldap:check RAILS\u ENV=production
默认情况下,任务将返回100个LDAP用户的示例。通过向检查任务传递一个数字来更改此限制:
rake-gitlab:ldap:check[50]
您确定
sAMAccountName
是usenames的正确LDAP字段,并且您确定看到错误消息的用户使用的是正确的sAMAccountName吗?例如,您可以将其更改为mail
,以允许使用电子邮件地址登录。您可以参考以下答案: