invalid credentials – LDAP access error in git community edition

I want to setup git for version control and continous integration.

I installed git community edition using docker-compose file as described in step 2 of My docker-compose.yml files looks like:

  • Unable to reach Bash Shell on 'docker attach'
  • Deploying Perl Docker Container to Elastic Beanstalk
  • How to prevent Dockerfile caching git clone
  • Mounting directories on ECS via API?
  • Multiple Docker images in .gitlab-ci.yml
  • How to manage secrets in a Microservice / Container / Cloud environment?
  • web:
      image: 'gitlab/gitlab-ce:latest'
      container_name: git
      restart: always
      hostname: 'gitserver'
          external_url 'https://gitserver.local'
          # Add any other gitlab.rb configuration here, each on its own line
        - '80:80'
        - '443:443'
        - '22:22'
        - '/srv/gitlab/config:/etc/gitlab'
        - '/srv/gitlab/ssl:/etc/gitlab/ssl'
        - '/srv/gitlab/logs:/var/log/gitlab'
        - '/srv/gitlab/data:/var/opt/gitlab'

    I modifed my /srv/gitlab/config/gitlab.rb to include LDAP:

    gitlab_rails['ldap_enabled'] = true
    ###! **remember to close this block with 'EOS' below**
    gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
       main: # 'main' is the GitLab 'provider ID' of this LDAP server
         label: 'LDAP'
         host: 'x.x.x.x'
         port: 636
         uid: 'sAMAccountName'
         method: 'ssl' # "tls" or "ssl" or "plain"
         bind_dn: 'CN=git ldap,OU=Utility Accounts,OU=San Diego,OU=MYDOMAIN,DC=MYCOMPANY,DC=local'
         password: 'MyPwd'
         active_directory: true
         allow_username_or_email_login: false
         block_auto_created_users: false
         base: 'CN=git ldap,OU=Utility Accounts,OU=San Diego,OU=MYDOMAIN,DC=MYCOMPANY,DC=local'

    I get the following error on login:

    Could not athenticate you from LDAPmain because invalid credentials

    /srv/gitlab/logs/gitlab-rails/production.log shows:

    Started POST "/users/auth/ldapmain/callback" for x.x.x.x at 2017-07-10 21:11:06 +0000
    Processing by OmniauthCallbacksController#failure as HTML
      Parameters: {"utf8"=>"â", "authenticity_token"=>"BKIQtjz0mu0JlS5bDLGssJFeKGFOJ2cLPKSKAc5JqeyLPBQUkhuI0qcjOTZ9osQEqqlCzPn/PNDlreeENnN28A==", "username"=>"xxx", "password"=>"[FILTERED]"}
    Redirected to https://gitserver.local/users/sign_in
    Completed 302 Found in 5ms (ActiveRecord: 0.3ms)
    Started GET "/users/sign_in" for x.x.x.x at 2017-07-10 21:11:06 +0000
    Processing by SessionsController#new as HTML
    Completed 200 OK in 143ms (Views: 92.4ms | ActiveRecord: 3.0ms)

    I have tried several permutations and combinations of LDAP settings but nothing seems to work. There are several similar settings/error and suggestions by users on the net on how they solved their problem but none seem to work for me.

    Some of the things that I tried are 1) commenting out bind dn and pwd 2) setting uid to uid instead of sAMAccountName 3) tried both plain and ssl methods 4) setting allow_username_or_email_login to false.

    This same LDAP settings is used by other apps in the company.. so nothing wrong with it.

    I have been hitting the wall for the last one week. Any help is appreciated.


    UPDATE: I tried the followign but no luck
    1) Gitlab: LDAP "Invalid credentials", but credentials are right
    2) Gitlab LDAP Authentication

    UPDATE2: Note that am only able to login as git ldap and not as myself. I would like everyone to login with their own credentials

  • Why can't I get git to ignore a folder?
  • How to do a non-fast-forward git merge to a branch that isn't checked out?
  • How to check if git merge problems have been fixed?
  • Pulling changes from fork parent in Git
  • Satis Private Repository - satis.json structure
  • Undo Git Stash Pop with Merge Conflicts and Other Files in Working Directory
  • One Solution collect form web for “invalid credentials – LDAP access error in git community edition”

    Note that the bind dn and base dn are exactly the same. Having CN in base dn allows only that user to login. Changing it to ‘OU=MYDOMAIN,DC=MYCOMPANY,DC=local’ allows all users to login

    Git Baby is a git and github fan, let's start git clone.