Filter by attributes #27
Comments
|
Yes, that should be very possible. If you switch to the |
|
ok thank you. I'm using master branch now. And I found out that the mistake is my fault : In baseDn parameter I added userDn ..... Now retrieving LDAP users is ok, but I've a cURL error : Gitlab failure: cURL error 60: SSL certificate problem: unable to get local issuer certificate I think it's because of I'm behind a proxy. But even I configure environment variable it doesn't work. any idea ? |
|
That sounds like a certificate chain trust issue, which is external to this tool. (This uses trust from your system's cryptographic framework.) Common causes are self signed certificates untrusted by the system (including self/corporate CAs) or the end entity certificate hasn't been stapled with its parent issuer correctly, meaning the trusted root can't be determined. |
|
You were right, it's a certificate issue. Now I'm making progress but with another error :-( : [error] Gitlab failure: "public_email" must be an email you have verified I don't know if I will succeed ! :-( |
|
That came from a change to the Gitlab API only allowing us to set the public email address of an account that is already verified, which is quite silly. Related: #21 What message appears before that problem? It'll either be "Creating Gitlab user" or "Updating Gitlab user #". |
|
Ouch. Silly indeed... The error appears after "Creating Gitlab user" message. |
|
That's an incredibly strange quirk of the Gitlab platform... !$this->dryRun ? ($gitlabUser = $gitlab->api("users")->create($ldapUserDetails["email"], $gitlabUserPassword, [
"username" => $gitlabUserName,
"reset_password" => false,
"name" => $ldapUserDetails["fullName"],
"extern_uid" => $ldapUserDetails["dn"],
"provider" => $gitlabConfig["ldapServerName"],
"public_email" => $ldapUserDetails["email"],
"admin" => $ldapUserDetails["isAdmin"],
"can_create_group" => $ldapUserDetails["isAdmin"],
"skip_confirmation" => true,
"external" => $ldapUserDetails["isExternal"],
])) : $this->logger->warning("Operation skipped due to dry run.");Change !$this->dryRun ? ($gitlabUser = $gitlab->api("users")->create($ldapUserDetails["email"], $gitlabUserPassword, [
"username" => $gitlabUserName,
"reset_password" => false,
"name" => $ldapUserDetails["fullName"],
"extern_uid" => $ldapUserDetails["dn"],
"provider" => $gitlabConfig["ldapServerName"],
"email" => $ldapUserDetails["email"],
"admin" => $ldapUserDetails["isAdmin"],
"can_create_group" => $ldapUserDetails["isAdmin"],
"skip_confirmation" => true,
"external" => $ldapUserDetails["isExternal"],
])) : $this->logger->warning("Operation skipped due to dry run."); |
|
ok, it works by changing public_email by email :-) Once all users have been created, there is this error : Gitlab failure: 403 Forbidden - LDAP blocked users cannot be modified by the API My token is "full privileges". Is it another gitlab blocking ? |
|
That is also external to this tool. Searching for "LDAP blocked users cannot be modified by the API" brings up this which may be of use: https://stackoverflow.com/questions/40990190/how-do-i-unblock-ldap-users-in-gitlab-ce |
…ail" instead of "public_email". #21 #27 (comment)
|
Some users was blocked indeed. Unblocking this users remove this error. Now, all news users are well created. Existing users are updated... until "Gitlab failure: 403 Forbidden" Forbidden but why ? :-( |
|
There's limited knowledge this tool can provide on that as the 403 error is returned by the Gitlab API. You may get more information by increasing verbosity ( |
Hi,
Is it possible to use filter with attributes instead objects ? For example userFilter: (&(attrib1=x)(attrib2=y))
In my cas it doesn't work.
Thanks
The text was updated successfully, but these errors were encountered: