Skip to content
Snippets Groups Projects

LDAP authentication - if ldap-created user changed OU, he can't login

An LDAP-created user can't login after changing his OU in Active Directory.

Started POST "/users/auth/ldap/callback" for 127.0.0.1 at 2015-01-16 14:45:14 +0100

Processing by OmniauthCallbacksController#ldap as HTML

Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"XXXYYY", "password"=>"[FILTERED]"}

LDAP search error: No Such Object

In my /etc/gitlab/gitlab.rb file: gitlab_rails['ldap_uid'] = 'sAMAccountName'

An LDAP created account has as ldap uid: LDAP uid: CN=XXXYYY,OU=aaa,OU=bbb,OU=ccc,DC=ddd,DC=eee,DC=com

It seems to me that when you login on GITLAB, it checks with the LDAP uid saved on user creation. (Instead of the sAMAccountName) the sAMAccountName = XXXYYY

I have made a work-around by changing the lib/gitlab/ldap/access.rb file:

def allowed?

#if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)

if Gitlab::LDAP::Person.find_by_uid(user.username, adapter)

I'm working with the omnibus installation, so i suppose when i update, my modifications will be lost?

  1. Is this an issue or can this be described as normal behaviour ?

  2. If not an issue, I can try to resolve this via the API and update the ldap uid?

Version: 7.6.2