Clarify LDAP troubleshooting ldap_search example [ci skip]

A customer noted an error/lack of clarity in the LDAP documentation
with the `ldap_search` example. Previously, if taken literally, the
customer may have expected the `$` variables to be automatically
replaced or if they paste the exact `user_filter` contents the
parentheses would have been incorrect. Let's just simply the filter
and use exactly what's in the configuration.
This commit is contained in:
Drew Blessing 2016-11-15 15:03:44 -06:00
parent fb952df93e
commit 6a5891185c

View file

@ -257,6 +257,24 @@ the LDAP server's SSL certificate is performed.
## Troubleshooting ## Troubleshooting
### Debug LDAP user filter with ldapsearch
This example uses ldapsearch and assumes you are using ActiveDirectory. The
following query returns the login names of the users that will be allowed to
log in to GitLab if you configure your own user_filter.
```
ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$base" "$user_filter" sAMAccountName
```
- Variables beginning with a `$` refer to a variable from the LDAP section of
your configuration file.
- Replace ldaps:// with ldap:// if you are using the plain authentication method.
Port `389` is the default `ldap://` port and `636` is the default `ldaps://`
port.
- We are assuming the password for the bind_dn user is in bind_dn_password.txt.
### Invalid credentials when logging in ### Invalid credentials when logging in
- Make sure the user you are binding with has enough permissions to read the user's - Make sure the user you are binding with has enough permissions to read the user's