gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
 main: # 'main' is the GitLab 'provider ID' of this LDAP server
   label: 'LDAP'
   host: '********'
   port: 389
   uid: 'sAMAccountName'
   method: 'plain' # "tls" or "ssl" or "plain"
   bind_dn: 'CN=********,OU=********,DC=********,DC=***'
   password: '********'
   active_directory: true
   allow_username_or_email_login: false
   block_auto_created_users: false
   base: 'DC=********,DC=***'
   user_filter: ''
EOS

这导致可怕的“无法从Ldapmain授权您,因为”凭据无效“.”错误.我试过用户名(在bind_dn变量中)：“johnsmith@example.com”(基于用户名的电子邮件),“John Smith”(全名)和“johnsmith”(用户名).结果总是一样的.我的密码中有一个@ -sign.我不确定我是否需要逃避它,或者如何逃避它.

日志显示：

Started POST "/users/auth/ldapmain/callback" for 127.0.0.1 at 2015-07-22 17:15:01 -0400
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓","authenticity_token"=>"[FILTERED]","username"=>"********","password"=>"[FILTERED]"}
Redirected to http://192.168.56.102/users/sign_in
Completed 302 Found in 14ms (ActiveRecord: 3.6ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2015-07-22 17:15:01 -0400
Processing by SessionsController#new as HTML
Completed 200 OK in 20ms (Views: 8.3ms | ActiveRecord: 2.9ms)

和gitlab-rake gitlab：ldap：check显示：

Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain

Checking LDAP ... Finished

但是,当我从Ubuntu VM使用ldapsearch(所以相同的环境)时,我得到了一堆结果：

ldapsearch -x -h ******** -D "********@********.***" -W -b "OU=********,DC=***" -s sub "(cn=*)" cn mail sn dn

奇怪的是,结果中的DN看起来像这样：

dn: CN=John Smith,DC=***

也就是说,那里有一个额外的OU.我也看到ldapsearch命令有-s sub,我相信这意味着搜索子组.我不熟悉LDAP或Active Directory的细节.

所以我相信我错过了我的基础,但我不确定是什么.它也可能是用户过滤器的问题.我已经完成了必要的谷歌搜索,这让我走得很远,但现在我已经没有想法和解决方案了.