Skip to content

GitLab

Closed
Created by Administrator@rootOwner

Invalid credentials when first login using LDAP, but the user is created

Created by: BostAxola

I want to restrict the access to a certain group inside LDAP, but when I try to logging using a uid of a valid member of the group I get an error saying "Invalid credentials", despite the error message, a user is created an populated with his ldap credentials. If I don't use a user_filter everything goes smooth.

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_host'] = 'ldap.XXX.es'
gitlab_rails['ldap_port'] = 636
gitlab_rails['ldap_uid'] = 'uid'
gitlab_rails['ldap_method'] = 'ssl' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = 'uid=user,ou=people,dc=XXX,dc=es'
gitlab_rails['ldap_password'] = 'psswd'
gitlab_rails['ldap_allow_username_or_email_login'] = false
gitlab_rails['ldap_base'] = 'ou=people,dc=ehu,dc=es'
gitlab_rails['ldap_user_filter']='(memberOf=cn=YYY,ou=ZZZ,ou=groups,dc=XXX,dc=es)'

gitlab:ldap:check

Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished

application.log

September 27, 2014 11:43: User "aurname1 surname2, Name" ([email protected]) was created September 27, 2014 11:43: (OAuth) Creating [email protected] from login with extern_uid => uid=user,ou=people,dc=XXX,dc=es

production.log

Started POST "/users/auth/ldap/callback" for My_IP at 2014-09-27 11:36:07 +0200 Processing by OmniauthCallbacksController#ldap as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"TOKEN", "username"=>"user", "password"=>"[FILTERED]"} Redirected to http://Server_IP/users/sign_in Completed 302 Found in 106ms (ActiveRecord: 7.6ms)

Group schema: 2014-09-27_12-01-33

System Info

System information System: Ubuntu 12.04 Current User: git Using RVM: no Ruby Version: 2.1.2p95 Gem Version: 2.2.1 Bundler Version:1.5.3 Rake Version: 10.3.2 Sidekiq Version:2.17.0

GitLab information Version: 7.3.1 Revision: 1660aa23 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: http://Server_IP HTTP Clone URL: http://URL/some-project.git SSH Clone URL: git@Server_IP:some-project.git Using LDAP: yes Using Omniauth: no

GitLab Shell Version: 2.0.0 Repositories: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks/ Git: /opt/gitlab/embedded/bin/git

Related to #7690 (but in this case users passing the filter are created but cannot log in)