Commit 6a589118 authored by Drew Blessing's avatar Drew Blessing

Clarify LDAP troubleshooting ldap_search example [ci skip]

A customer noted an error/lack of clarity in the LDAP documentation
with the `ldap_search` example. Previously, if taken literally, the
customer may have expected the `$` variables to be automatically
replaced or if they paste the exact `user_filter` contents the
parentheses would have been incorrect. Let's just simply the filter
and use exactly what's in the configuration.
parent fb952df9
...@@ -257,6 +257,24 @@ the LDAP server's SSL certificate is performed. ...@@ -257,6 +257,24 @@ the LDAP server's SSL certificate is performed.
## Troubleshooting ## Troubleshooting
### Debug LDAP user filter with ldapsearch
This example uses ldapsearch and assumes you are using ActiveDirectory. The
following query returns the login names of the users that will be allowed to
log in to GitLab if you configure your own user_filter.
```
ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$base" "$user_filter" sAMAccountName
```
- Variables beginning with a `$` refer to a variable from the LDAP section of
your configuration file.
- Replace ldaps:// with ldap:// if you are using the plain authentication method.
Port `389` is the default `ldap://` port and `636` is the default `ldaps://`
port.
- We are assuming the password for the bind_dn user is in bind_dn_password.txt.
### Invalid credentials when logging in ### Invalid credentials when logging in
- Make sure the user you are binding with has enough permissions to read the user's - Make sure the user you are binding with has enough permissions to read the user's
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment