diff options
author | Drew Blessing <drew@gitlab.com> | 2016-11-15 15:03:44 -0600 |
---|---|---|
committer | Drew Blessing <drew@gitlab.com> | 2016-11-15 15:06:04 -0600 |
commit | 6a5891185c6edde0a300adee30e936d44b6180e0 (patch) | |
tree | 05a7b0249389ec68d63ab1a048418b876a324e1f | |
parent | fb952df93e4944bc681baa119249ad31c3943a70 (diff) | |
download | gitlab-ce-6a5891185c6edde0a300adee30e936d44b6180e0.tar.gz |
Clarify LDAP troubleshooting ldap_search example [ci skip]
A customer noted an error/lack of clarity in the LDAP documentation
with the `ldap_search` example. Previously, if taken literally, the
customer may have expected the `$` variables to be automatically
replaced or if they paste the exact `user_filter` contents the
parentheses would have been incorrect. Let's just simply the filter
and use exactly what's in the configuration.
-rw-r--r-- | doc/administration/auth/ldap.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md index fd23047f027..d3f216fb3bf 100644 --- a/doc/administration/auth/ldap.md +++ b/doc/administration/auth/ldap.md @@ -257,6 +257,24 @@ the LDAP server's SSL certificate is performed. ## Troubleshooting +### Debug LDAP user filter with ldapsearch + +This example uses ldapsearch and assumes you are using ActiveDirectory. The +following query returns the login names of the users that will be allowed to +log in to GitLab if you configure your own user_filter. + +``` +ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$base" "$user_filter" sAMAccountName +``` + +- Variables beginning with a `$` refer to a variable from the LDAP section of + your configuration file. +- Replace ldaps:// with ldap:// if you are using the plain authentication method. + Port `389` is the default `ldap://` port and `636` is the default `ldaps://` + port. +- We are assuming the password for the bind_dn user is in bind_dn_password.txt. + + ### Invalid credentials when logging in - Make sure the user you are binding with has enough permissions to read the user's |