Comments (1)
TL;DR: Use 'cn=accounts,dc=testdomain,dc=com'
rather than 'dc=testdomain,dc=com'
as the latter causes Gitlab to not return information.
This appears to be a Gitlab issue around not handling RFC2307 schema responses well (h/t @tylerauerbeck). https://stackoverflow.com/questions/28302774/gitlabs-ldap-login-against-freeipa-server-stuck-in-a-set-email-loop
It appears that FreeIPA systems return two LDAP schemas and Gitlab does not necessarily select the same schema to follow as another LDAP client such as ldapsearch.
It's not entirely clear how Gitlab handles this as troubleshooting with just the base domain suffix seems to return no values whatsoever but prepending the cn=accounts
returns values. If attributes are not being populated it's worth checking via the gitlab-rails console to ensure that Gitlab is finding the values you expect to be found.
You can copy and paste most of these commands (modify the oc rsh
to reflect the actual running pod) to check. Wait for the gitlab rails console to return the irb
prompt before starting as you may get unexpected interactions otherwise. This can take several seconds.
#Remote shell into pod (make sure you're in the pod namespace and select the actual pod, the below pod is specific to this demo)
oc rsh gitlab-ce-1-rsfkq
#Launch Gitlab console
gitlab-rails console
#Bind to LDAP source (change 'ldapmain' if you have multiple LDAP sources)
adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain')
#Set your search criteria (this search criteria is wildcard and will return everything! You can constrain it by targeting a specific UID
options = {
# :base is required
# use .base or .group_base
base: adapter.config.base,
# :filter is optional
# 'cn' looks for all "cn"s under :base
# '*' is the search string - here, it's a wildcard
filter: Net::LDAP::Filter.eq('cn', '*'),
# :attributes is optional
# the attributes we want to get returned
attributes: %w(dn cn mail memberuid member submember uniquemember memberof)
}
#Run the search
adapter.ldap_search(options)
from enablement-framework.
Related Issues (20)
- Add ability to deploy autoscaler
- ADD - Sealed Secrets to the setup HOT 1
- Create GHA workflow to handle tagging and active tag sorting.
- Pin Operators To Specific Versions HOT 3
- deploy cluster logging operator.... HOT 1
- Fix npm permission for CRW image
- ๐งจ install Chart is NOT idempotent ๐งจ
- ๐โโฌ GitLab web hooks error HOT 1
- ๐ monitoring rbac fails for student user ๐
- Add IPA Passthrough SSL HOT 1
- HMW have more confident in cluster updates? โ๏ธ
- TL500 chart fails on StackRox deployment HOT 3
- ๐ Make Pet Battle deployment part of this chart HOT 1
- stack tl500 image has not include java 17
- ๐ - Gitlab LDAP bindDN and base not fully qualified HOT 4
- Make tl500-base Cert-Utils operator installation optional
- "subscriptions" CRD short name causing conflicts HOT 1
- Nexus not populated with Labs NPM Resources - No Error - Jenkins Fails HOT 3
- [enhancement] operators all have their own namespaces HOT 3
- Not able to deploy dev workspaces HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enablement-framework.