服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Gitlab和LDAP针对CommuniGate Pro服务器
Intereting Posts
mod_wsgi守护进程模式 – 每个虚拟主机configuration的WSGIDaemonProcess? 仅对部分用户进行网站故障诊断 VirtualBox克隆Ubuntu服务器networking错误 用于发布原始HTTP命令的实用程序? 在Windows Server 2012 R2中强制DHCP保留更新到辅助DHCP服务器 使用微软自己的SMTP服务器与第三方服务器有什么优缺点? 通过Windowsvalidation的所有网站上的HTTP 403; 如何确定根本原因? 自动启用和禁用特定服务的简短维护窗口 我如何查看我的Kubernetes入口控制器的日志? 我是否可以将组策略应用于安装了特定软件的系统? VLAN连接问题和标记 为一台服务器configuration两个IP? Linux上的仅限内部DNS主从服务器(无Internet) – recursion? DRBD设置问题 Ubuntu,iSCSI LIO监听任何IPv4

Gitlab和LDAP针对CommuniGate Pro服务器

我目前正在尝试将我们的GitLabauthentication到由CommuniGate Pro服务器提供的LDAP。 当使用命令行testing(如ldapsearch )时,我正在validation和获取信息。 但是当我尝试从GitLab的Web界面中获得

无法从Ldapmainvalidation您的身份,因为“凭据无效”。

从LDAP服务器上的日志中,我看到以下内容: 

 11:39:51.061 4 LDAP-000601([xx.xx.xx.99]:37160) BINDing as '[email protected]' 11:39:51.061 2 LDAP-000601([xx.xx.xx.99]:37160) ACCOUNT([email protected]) connected(CLRTXT) [xx.xx.xx.99]:37160->[xx.xx.xx.251]:636(tls) 11:39:51.062 4 LDAP-000601([xx.xx.xx.99]:37160) Logged in as <master>. authType=0 11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching(base) '' 11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching where (objectClass=*) 11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching for (altServer namingContexts supportedCapabilities...) 11:39:51.064 4 LDAP-000601([xx.xx.xx.99]:37160) '' retrieved 11:39:51.064 2 LDAP-000601([xx.xx.xx.99]:37160) search finished 11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching(sub) 'cn=domain.bg' 11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching where (uid=f.lastname) 11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching for ALL 11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) search paging: n=126, cookie='' 11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) 'uid=f.lastname,cn=domain.bg' retrieved 11:39:51.105 2 LDAP-000601([xx.xx.xx.99]:37160) search finished 11:39:51.121 2 LDAP-000601([xx.xx.xx.99]:37160) ACCOUNT([email protected]) disconnected ([xx.xx.xx.99]:37160) 11:39:51.121 4 LDAP-000601([xx.xx.xx.99]:37160) BINDing as 'uid=f.lastname,cn=domain.bg' 11:39:51.121 1 LDAP-000601([xx.xx.xx.99]:37160) BIND failed. Error Code=incorrect password or account name 11:39:51.122 3 LDAP-000601([xx.xx.xx.99]:37160) request reading failed. Error Code=TLS connection closed by peer 11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) TLS connection is closing 11:39:51.122 2 TLS-576189 closed by LDAP-000601 11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) closing connection 11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) releasing stream

当我尝试使用ldapsearch

 ldapsearch -x -LLL -H ldaps://mx01.ldap.net -D '[email protected]' -W -b 'cn=domain.bg' "(uid=f.lastname)"

我可以validation: 

 12:15:51.336 4 LDAP-000612([xx.xx.xx.33]:53142) [xx.xx.xx.251]:636 <- [xx.xx.xx.33]:53142 incoming connection(mx01.ldap.net) 12:15:51.383 2 TLS-578274 created(TLSv1.2,AES256_SHA256) for LDAP-000612 12:15:51.441 4 LDAP-000612([xx.xx.xx.33]:53142) TLS-578274(AES256_SHA256) connection accepted for DOMAIN(mx01.ldap.net) 12:15:51.448 4 LDAP-000612([xx.xx.xx.33]:53142) BINDing as '[email protected]' 12:15:51.448 2 LDAP-000612([xx.xx.xx.33]:53142) ACCOUNT([email protected]) connected(CLRTXT) [xx.xx.xx.33]:53142->[xx.xx.xx.251]:636(tls) 12:15:51.448 4 LDAP-000612([xx.xx.xx.33]:53142) Logged in as uid=f.lastname,domain.bg=domain.bg,cn=domain.bg. authType=0 12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching(sub) 'cn=domain.bg' 12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching where (uid=f.lastname) 12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching for ALL 12:15:51.453 4 LDAP-000612([xx.xx.xx.33]:53142) 'uid=f.lastname,cn=domain.bg' retrieved 12:15:51.453 2 LDAP-000612([xx.xx.xx.33]:53142) search finished 12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) disconnecting 12:15:51.459 2 LDAP-000612([xx.xx.xx.33]:53142) ACCOUNT([email protected]) disconnected ([xx.xx.xx.33]:53142) 12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) TLS connection is closing 12:15:51.459 2 TLS-578274 closed by LDAP-000612 12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) closing connection 12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) releasing stream

我的configuration如下: 

 main: label: 'Domain.Bg LDAP' host: 'mx01.ldap.net' port: 636 uid: 'uid' method: 'ssl' bind_dn: '[email protected]' password: 'password' active_directory: false allow_username_or_email_login: true base: 'top' user_filter: ''

RAILS_ENV=production gitlab-rake -v --trace gitlab:ldap:check check也是成功的。

任何有类似问题的人? 从我在日志中看到的问题,我认为问题是在使用postmaster进行身份validation后,在BINDing as 'uid=f.lastname,cn=domain.bg' 。 有没有办法让GitLab使用BINDing as '[email protected]'为用户,而postmaster是通过身份validation?

对于绑定为uid=f.lastname,cn=domain.bg与CommuniGate一起使用,该logging应该包含userPassword属性。 CommuniGate中的LDAP中央目录可以configuration为将帐户密码复制到目录logging。

另一个选项是在CommuniGate中启用LDAP直接configuration选项:这种情况下,使用指向帐户logging的DN的操作将在服务器帐户上下文中运行,而不是在LDAP目录logging的上下文中运行。