Unable to connect to our LDAP


we have many Third Party softwares integrated to our ADS active directory. They all seems to work normally.

But we are unable to connect to our LDAP using Gitea. I have gone through the document and tried various option.

can someone help us on this?

To get help you’re probably going to have to provide more details or try asking on Stack Overflow unless you’re ready to buck up some cash for someone’s time.

2018/10/15 14:32:06 [D] Template: home
2018/10/15 14:32:08 [D] Session ID: ab8bb5242b2770d0
2018/10/15 14:32:08 [D] CSRF Token: PYovUfQ1-ncppPXh79nmZV34Pss6MTUzOTU5NDEyNjU3MDAwMTUwMA==
2018/10/15 14:32:08 [D] Template: user/auth/signin
2018/10/15 14:32:18 [D] Session ID: ab8bb5242b2770d0
2018/10/15 14:32:18 [D] CSRF Token: PYovUfQ1-ncppPXh79nmZV34Pss6MTUzOTU5NDEyNjU3MDAwMTUwMA==
2018/10/15 14:32:18 [T] Dialing LDAP with security protocol (0) without verifying: false
2018/10/15 14:32:18 [T] LDAP will use BindDN.
2018/10/15 14:32:18 [T] Search for LDAP user: prasanth
2018/10/15 14:32:18 [D] Failed to bind as BindDN[CN=gitadmin,Users,DC=dsrc,DC=in]: LDAP Result Code 49 “Invalid Credentials”: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
2018/10/15 14:32:18 [W] Failed to login ‘prasanth’ via ‘ldap-test1’: user does not exist [uid: 0, name: prasanth, keyid: 0]
2018/10/15 14:32:18 [D] Template: user/auth/signin
2018/10/15 14:32:18 [I] Failed authentication attempt for prasanth from [::1]

okay thanks for the info

No problem. Hope you’re able to figure it out. They’re may be some Issues on GitHub you can search through to help find your answer. Try searching for “LDAP” in the Git repo and if you do figure it out let us know how you did it here. Best of luck!

we got it working now, Thanks

1 Like

What did you do to get it working. I am in the same situation.

1 Like

These are example settings that worked for me to authenticate with an Active Directory server:

Authentication Type:
LDAP (via BindDN)

Security Protocol:



User Search Base:

Bind DN:

Bind Password:

User filter:

Admin filter:

First name attribute:

Surname attribute:

Email attribute:

1 Like

Hi everyone! the only one working solution I found for me is in attachment. It uses FreeIPA 4.4.
Main problem was in User Search Base.

I am having similar problem. How can i test the LDAP setting that i have added?

Do we have any test button on Authentication Source screen to test the setting?

May I ask, where did you find these log?

I see Free IPA is a bunch of software. Is it really worth the effort? I just want to use Active Directory for User Management but it wont work.

Hi. I had the same problem. Resolved by changing DN from CN=myuser,OU=my,OU=company to myuser@my.company

1 Like

I was able to get the Gitea authentication working using an old format for Guacamole (don’t ask). The good news is that it works. The bad news (I think) is that it ignores groups. Maybe someone else can expand on the following.

Autnetication Type:  LDAP (simple auth)
Authentication Name:  *whatever*
Security Protocol: Unencrypted
Host:  *IP of FreeIPA Server*
Port: 389
User Search Base:  cn=users, cn=compat,dc=*example*,dc=*com*
User DN: uid=%s,cn=users,cn=compat,dc=*example*,dc=*com*
User Filter:  (&(objectClass=posixAccount)(uid=%s))
Email attribute:  mail

With the above, only check the “This Authentication Source is Activated”

In the above, you’ll want to change the following (and leave off the asterisks):

  • whatever
  • IP of FreeIPA server
  • example
  • com

Now that I have that much working, Ill be experimenting with getting the encrypted version working.

Note: in developing the above “ldapsearch -x” was valuable.

Also, to note: the documentation has you building and installing gitea.ldif in your FreeIPA server. Only do that if you plan on updating passwords from Gitea, back to FreeIPA. The LDIF is not needed if you’re not changing SSO passwords from within Gitea.

Maybe I should add a description about my setup: I’m running Gitea and FreeIPA in separate Docker containers, running on the same host. The IP address used in the above is the external IP address for the Docker host. Both containers have ports forwarded to the host so that both services are externally reachable.

I’ll be trying to add a groups filter and an admin filter sometime in the near future.