Skip to content
Snippets Groups Projects
New issue look: Off

LDAP search error: Not Allowed On RDN

    • Closed (moved) Issue created by username-removed-289841 @fernandoneto

    Im performing some test's with gitlab and im stuck at ldap authentication. when i try do login by ldap im getting this error. Captura_de_ecrã_de_2015-11-04_17_23_35

    in the logs im getting this

    Started POST "/users/auth/ldapmain/callback" for 127.0.0.1 at 2015-11-04 16:59:36 +0000
Processing by OmniauthCallbacksController#ldapmain as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"john.doe", "password"=>"[FILTERED]"}
LDAP search error: Not Allowed On RDN
Redirected to http://192.168.99.100/users/sign_in
Completed 302 Found in 1050ms (ActiveRecord: 16.5ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2015-11-04 16:59:49 +0000
Processing by SessionsController#new as HTML
Completed 200 OK in 62ms (Views: 16.4ms | ActiveRecord: 3.2ms)

    but if i login with root account and navigate to user's menu my user is created.

    This is my config file in ldap section

    ldap:
    enabled: True
    servers:
    main: 
        label: 'example'
        host: 'my.domain.com'
        port: 389
        uid: 'uid'
        method: 'plain' # "tls" or "ssl" or "plain"
        bind_dn: 'dc=admin,dn=domain,dn=com'
        password: 'some_password'
        active_directory: False
        allow_username_or_email_login: True
        block_auto_created_users: false
        base: 'ou=users,dn=domain,dn=com'
        user_filter: ''
        attributes:
            username: ['uid', 'userid', 'sAMAccountName']
            email:    ['mail', 'email', 'userPrincipalName']
            name:       'cn'
            first_name: 'givenName'
            last_name:  'sn'

    im not an expert in ldap, so if anyone can help me with this will be awesome

    Designs

    Child items ...

    • Activity

    • username-removed-279229
      username-removed-279229 @megamorf ·

      Try
      bind_dn: 'cn=admin,dc=domain,dc=com' instead of bind_dn: 'dc=admin,dn=domain,dn=com' and
      base: 'ou=users,dc=domain,dc=com' instead of base: 'ou=users,dn=domain,dn=com'

      Link: http://stackoverflow.com/questions/26850655/ldap-error-code-67-not-allowed-on-rdn

      Edited by username-removed-279229
    • username-removed-289841
      username-removed-289841 @fernandoneto ·
      Author

      @megamorf doesn't work with that Captura_de_ecrã_de_2015-11-04_22_06_41

    • username-removed-386624 Added ldap label

      Added ldap label

    • Felipe Artur moved to gitlab#3901

      moved to gitlab#3901

    • Felipe Artur
      Felipe Artur @felipe_artur ·
      Maintainer

      Hey! :wave:

      GitLab is moving all development for both GitLab Community Edition and Enterprise Edition into a single codebase. The current gitlab-ce repository will become a read-only mirror, without any proprietary code. All development is moved to the current gitlab-ee repository, which we will rename to just gitlab in the coming weeks. As part of this migration, issues will be moved to the current gitlab-ee project.

      If you have any questions about all of this, please ask them in our dedicated FAQ issue.

      https://gitlab.com/gitlab-org/gitlab-ee/issues/13855

      You can also find more information here:

      Frequently Asked Questions

      For an up to date list of questions and answers, please take a look at https://gitlab.com/gitlab-org/gitlab-ee/issues/13855

      What will we do with the repository names?

      https://gitlab.com/gitlab-org/gitlab-ee/ will become https://gitlab.com/gitlab-org/gitlab, and https://gitlab.com/gitlab-org/gitlab-ce will become https://gitlab.com/gitlab-org/gitlab-foss.

      Why rename gitlab-ce to gitlab-foss?

      Using "gitlab" and "gitlab-ce" would be confusing, so we decided to rename gitlab-ce to gitlab-foss to make the purpose of this FOSS repository more clear

      I created a merge requests for CE, and this got closed. What do I need to do?

      You will need to create a merge request at https://gitlab.com/gitlab-org/gitlab-ee/. This link will eventually redirect to https://gitlab.com/gitlab-org/gitlab.

      How does the licensing work in this new setup?

      Everything in the ee/ directory is proprietary. Everything else is free and open source software. If your merge request does not change anything in the ee/ directory, the process of contributing changes is the same as when using the gitlab-ce repository.

      Will you accept merge requests on the gitlab-ce/gitlab-foss project after it has been renamed?

      No. Merge requests submitted to this project will be closed automatically.

      Will I still be able to view old issues and merge requests in gitlab-ce/gitlab-foss?

      Yes.

      How will this affect users of GitLab CE using Omnibus?

      No changes will be necessary, as the packages built remain the same.

      How will this affect users of GitLab CE that build from source?

      Once the project has been renamed, you will need to change your Git remotes to use this new URL. GitLab will take care of redirecting Git operations so there is no hard deadline, but we recommend doing this as soon as the projects have been renamed.

      Where can I see a timeline of the remaining steps?

      https://gitlab.com/gitlab-org/gitlab-ee/issues/13304

      Will community contributions submitted to the new "gitlab" repository be available in the new gitlab-foss repository?

      Yes, these changes will be synced to gitlab-foss automatically, several times per day.

    • Felipe Artur locked this issue

      locked this issue

    • Nikola Milojevic mentioned in merge request !14785

      mentioned in merge request !14785

    Please register or sign in to reply