问题描述

以下ldapsearch命令可以正常运行.

The following ldapsearch command works, flawlessly.

但是，无论我仔细检查了多少正确键入的值，在gitlab.yml中配置的值都没有.

But, regardless, of how much I double-check the values are typed correctly, this, configured in gitlab.yml, does not.

是的，BindDN与其他用户位于不同的位置，但位于其南部，因此查询库有效.

Yes, the BindDN is at a different location than the other users, but it is south of it, so the query base is valid.

所有尝试都会在屏幕上引发此错误:

All attempts throw this error on the screen:

production.log指示以下内容:

production.log indicates the following:

有问题的LDAP是Active Directory，尽管我没有本地权限访问服务器以查询日志，但是每次尝试登录Web时，"badPwdCount"都会增加，我不理解如何或为什么.

The LDAP in question is Active Directory, and while I don't have access to the server natively in order to query the logs, the "badPwdCount" is incremented for each attempt at a web login, and I don't understand how, or why.

我知道最终用户的危险，他们坚持要求他们正确输入用户名和密码，但是我已经检查，三重检查，八重检查，我的声明中没有错别字，并且我找不到与此相同的错误组合的任何其他事件.我知道这里的语法是正确的.

I know the perils of end users and their insistence that they're typing their usernames and passwords in correctly, but I've checked, triple-checked, octuple-checked that there aren't any typos in my declarations, and I can't find any other incident with this same error combination. I know that the syntax here is correct.

可能是什么问题?

推荐答案

这是我对LDAP的有效AD设置.

Here is my working AD settings for LDAP.

#########################################
ldap:
    enabled: true
    host: '16.184.18.88'
    port: 636
    uid: 'sAMAccountName'   #userPrincipalName
    method: 'ssl' # "tls" or "ssl" or "plain"
    bind_dn: 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=net'
    password: 'My_Password'
    allow_username_or_email_login: false
    base: 'CN=Users,DC=mydomain,DC=net'
    user_filter: '(memberOf=CN=Developers,OU=GitLabHQ,DC=mydomain,DC=net)'
    group_base: 'OU=GitLabHQ,DC=mydomain,DC=net'
    admin_group: GitLabAdmins
########################################

这篇关于Gitlab:LDAP“无效凭据"，但凭据正确的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！