LDAP 设置:无法验证用户

LDAP 设置:无法验证用户

ldapsearch 工作正常

ldapsearch -D "CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local" -x -h draco.company.com -b DC=company,DC=local -W -

gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'ldap'
    method: 'plain'
    bind_dn: 'OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

错误信息:由于“凭据无效”,无法从 Ldapmain 授权您。

我是否遗漏了其他设置?

问候

答案1

解决方案

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'sAMAccountName'
    method: 'plain'
    bind_dn: 'CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

uid 是存储用户名的列的名称。

bind_dn 已更改为能够连接到 AD 并查询所有其他用户的 ldap 用户的完整限定名称。

有用链接:https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html

相关内容