search

samdoran / ansible-role-gitlab

Ansible role for GitLab CE Omnibus
30 stars 21 forks source link

active_directory configuration not working #10

Closed hajaalin closed 7 years ago

hajaalin commented 7 years ago

This Ansible configuration

# site.yml
  gitlab_ldap_servers:
    - name: gitlab_ldap_main
      provider_id: main
      label: 'LDAP'
      host: 'ldapXXXX.it.helsinki.fi'
      port: 636
      uid: 'uid'
      method: 'ssl'
      bind_dn: "XXXX"
      password: "XXXX"
      active_directory: True
      allow_username_or_email_login: False
      base: 'ou=people,dc=helsinki,dc=fi'
      user_filter: '(|(memberOf=cn=grp-1,ou=groups,dc=helsinki,dc=fi)(memberOf=cn=grp-2,ou=groups,dc=helsinki,dc=fi))'

results in

# /etc/gitlab/gitlab.rb
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
  main:
    label: 'LDAP'
    host: 'ldapXXXX.it.helsinki.fi'
    port: 636
    uid: 'uid'
    method: 'ssl'
    bind_dn: 'XXXX'
    password: 'XXXX'
    active_directory: 'True'
    allow_username_or_email_login: 'False'
    base: 'ou=people,dc=helsinki,dc=fi'
    user_filter: '(|(memberOf=cn=grp-1,ou=groups,dc=helsinki,dc=fi)(memberOf=cn=grp-2,ou=groups,dc=helsinki,dc=fi))'
EOS

The problem seems to be that GitLab (Ruby?) doesn't recognize 'True' as boolean. Here it looks like the syntax should be active_directory: true.

In my case the way the problem made it self felt was that the user filter with or, (|( )( )), did not work ("Invalid filter syntax" in unicorn_stderr.log). When I manually edited the line in gitlab.rb and restarted, the error disappeared and I was again able to log in.

cat /etc/os-release 
NAME="Red Hat Enterprise Linux Server"
VERSION="7.3 (Maipo)"
samdoran commented 7 years ago

I believe I fixed this. Please let me know if it works for you. Thanks for finding it!

hajaalin commented 7 years ago

Works for me now. Thanks for the quick fix!

samdoran commented 7 years ago

Thanks for finding this and verifying the fix!