我想为版本控制和持续集成设置git.
我使用docker-compose文件安装了git社区版,如https://docs.gitlab.com/omnibus/docker/README.html#install-gitlab-using-docker-compose的第2步所述.我的docker-compose.yml文件如下所示:
web:
image: 'gitlab/gitlab-ce:latest'
container_name: git
restart: always
hostname: 'gitserver'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitserver.local'
# Add any other gitlab.rb configuration here,each on its own line
ports:
- '80:80'
- '443:443'
- '22:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/ssl:/etc/gitlab/ssl'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
我修改了我的/srv/gitlab/config/gitlab.rb以包含LDAP:
gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'x.x.x.x'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'CN=git ldap,OU=Utility Accounts,OU=San Diego,OU=MYDOMAIN,DC=MYCOMPANY,DC=local'
password: 'MyPwd'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'CN=git ldap,DC=local'
EOS
Could not athenticate you from LDAPmain because invalid credentials
/srv/gitlab/logs/gitlab-rails/production.log显示:
Started POST "/users/auth/ldapmain/callback" for x.x.x.x at 2017-07-10 21:11:06 +0000
Processing by OmniauthCallbacksController#failure as HTML
Parameters: {"utf8"=>"â","authenticity_token"=>"BKIQtjz0mu0JlS5bDLGssJFeKGFOJ2cLPKSKAc5JqeyLPBQUkhuI0qcjOTZ9osQEqqlCzPn/PNDlreeENnN28A==","username"=>"xxx","password"=>"[FILTERED]"}
Redirected to https://gitserver.local/users/sign_in
Completed 302 Found in 5ms (ActiveRecord: 0.3ms)
Started GET "/users/sign_in" for x.x.x.x at 2017-07-10 21:11:06 +0000
Processing by SessionsController#new as HTML
Completed 200 OK in 143ms (Views: 92.4ms | ActiveRecord: 3.0ms)
我已经尝试了几种LDAP设置的排列和组合,但似乎没有任何效果.用户在网上有几个类似的设置/错误和建议他们如何解决他们的问题,但似乎没有一个适合我.
我尝试过的一些事情是1)注释掉绑定dn和pwd 2)将uid设置为uid而不是sAMAccountName 3)尝试使用plain和ssl方法4)将allow_username_or_email_login设置为false.
这个相同的LDAP设置被公司中的其他应用程序使用..所以它没有任何问题.
过去一周我一直在打墙.任何帮助表示赞赏.
谢谢!
更新:我尝试了跟随,但没有运气
1)Gitlab: LDAP “Invalid credentials”,but credentials are right
2)Gitlab LDAP Authentication
最佳答案