Unable to connect to our LDAP

General

Prashanthmallu October 15, 2018, 8:55am 1

Hi,

we have many Third Party softwares integrated to our ADS active directory. They all seems to work normally.

But we are unable to connect to our LDAP using Gitea. I have gone through the document and tried various option.

can someone help us on this?

anon74399538 October 15, 2018, 1:06pm 2

To get help you’re probably going to have to provide more details or try asking on Stack Overflow unless you’re ready to buck up some cash for someone’s time.

Prashanthmallu October 15, 2018, 5:27pm 3

2018/10/15 14:32:06 [D] Template: home
2018/10/15 14:32:08 [D] Session ID: ab8bb5242b2770d0
2018/10/15 14:32:08 [D] CSRF Token: PYovUfQ1-ncppPXh79nmZV34Pss6MTUzOTU5NDEyNjU3MDAwMTUwMA==
2018/10/15 14:32:08 [D] Template: user/auth/signin
2018/10/15 14:32:18 [D] Session ID: ab8bb5242b2770d0
2018/10/15 14:32:18 [D] CSRF Token: PYovUfQ1-ncppPXh79nmZV34Pss6MTUzOTU5NDEyNjU3MDAwMTUwMA==
2018/10/15 14:32:18 [T] Dialing LDAP with security protocol (0) without verifying: false
2018/10/15 14:32:18 [T] LDAP will use BindDN.
2018/10/15 14:32:18 [T] Search for LDAP user: prasanth
2018/10/15 14:32:18 [D] Failed to bind as BindDN[CN=gitadmin,Users,DC=dsrc,DC=in]: LDAP Result Code 49 “Invalid Credentials”: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
2018/10/15 14:32:18 [W] Failed to login ‘prasanth’ via ‘ldap-test1’: user does not exist [uid: 0, name: prasanth, keyid: 0]
2018/10/15 14:32:18 [D] Template: user/auth/signin
2018/10/15 14:32:18 [I] Failed authentication attempt for prasanth from [::1]

Prashanthmallu October 15, 2018, 7:14pm 4

okay thanks for the info

anon74399538 October 16, 2018, 7:06am 5

No problem. Hope you’re able to figure it out. They’re may be some Issues on GitHub you can search through to help find your answer. Try searching for “LDAP” in the Git repo and if you do figure it out let us know how you did it here. Best of luck!

Prashanthmallu October 16, 2018, 8:26am 6

we got it working now, Thanks

1 Like

zane_shus October 22, 2018, 7:30pm 7

What did you do to get it working. I am in the same situation.

1 Like

jsmigiel January 2, 2019, 11:52pm 8

These are example settings that worked for me to authenticate with an Active Directory server:

Authentication Type:
LDAP (via BindDN)

Security Protocol:
Unencrypted

Host:
myserver.myexample.com

Port:
389

User Search Base:
CN=Users,DC=myexample,DC=com

Bind DN:
myreadonlyuser@myexample.com

Bind Password:
password1234

User filter:
(&(sAMAccountName=%s)(objectCategory=Person)(memberOf=CN=Gitea-group,DC=myexample,DC=com)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Admin filter:
(memberOf=CN=GiteaAdmins-group,DC=myexample,DC=com)

First name attribute:
givenName

Surname attribute:
sn

Email attribute:
mail

GiteaExample.png966×940 15.8 KB

1 Like

obohovyk January 12, 2019, 3:45pm 9

Hi everyone! the only one working solution I found for me is in attachment. It uses FreeIPA 4.4.
Main problem was in User Search Base.

Selection_044.png734×816 26.7 KB

vinodsatapara January 2, 2020, 12:48pm 10

I am having similar problem. How can i test the LDAP setting that i have added?

Do we have any test button on Authentication Source screen to test the setting?

silencej July 23, 2020, 6:36am 11

May I ask, where did you find these log?

vtmb August 6, 2020, 7:47am 12

Hello,
I see Free IPA is a bunch of software. Is it really worth the effort? I just want to use Active Directory for User Management but it wont work.

SonGokussj4 August 25, 2021, 5:09pm 13

Hi. I had the same problem. Resolved by changing DN from CN=myuser,OU=my,OU=company to myuser@my.company

1 Like

joatd December 28, 2022, 1:25am 14

I was able to get the Gitea authentication working using an old format for Guacamole (don’t ask). The good news is that it works. The bad news (I think) is that it ignores groups. Maybe someone else can expand on the following.

Autnetication Type:  LDAP (simple auth)
Authentication Name:  *whatever*
Security Protocol: Unencrypted
Host:  *IP of FreeIPA Server*
Port: 389
User Search Base:  cn=users, cn=compat,dc=*example*,dc=*com*
User DN: uid=%s,cn=users,cn=compat,dc=*example*,dc=*com*
User Filter:  (&(objectClass=posixAccount)(uid=%s))
Email attribute:  mail

With the above, only check the “This Authentication Source is Activated”

In the above, you’ll want to change the following (and leave off the asterisks):

• whatever
• IP of FreeIPA server
• example
• com

Now that I have that much working, Ill be experimenting with getting the encrypted version working.

Note: in developing the above “ldapsearch -x” was valuable.

joatd December 28, 2022, 1:28am 15

Also, to note: the documentation has you building and installing gitea.ldif in your FreeIPA server. Only do that if you plan on updating passwords from Gitea, back to FreeIPA. The LDIF is not needed if you’re not changing SSO passwords from within Gitea.

joatd December 28, 2022, 1:32am 16

Maybe I should add a description about my setup: I’m running Gitea and FreeIPA in separate Docker containers, running on the same host. The IP address used in the above is the external IP address for the Docker host. Both containers have ports forwarded to the host so that both services are externally reachable.

I’ll be trying to add a groups filter and an admin filter sometime in the near future.

Related Topics

Topic		Replies	Views	Activity
Active Directory Authentication Install/Maintain/Configure	0	929	December 27, 2019
Gitea LDAP not working Install/Maintain/Configure	1	1042	January 4, 2024
LDAP search looks for empty attribute causing it to fail Install/Maintain/Configure	1	672	March 23, 2022
Ldap configuration not working Install/Maintain/Configure	2	2217	May 27, 2020
LDAP via BindDN - Active Directory nested groups Install/Maintain/Configure	1	1850	June 11, 2023