Fix LDAP authentication on systems not using a base of dc=comsh-fix-ldap-base-options

By default, the Net::LDAP library uses an LDAP base of `dc=com` if no value
is provided. Systems that used a different base would have LDAP searches fail
since the base was not passed along properly.

Closes #43926

3 files changed, 8 insertions, 0 deletions

diff --git a/changelogs/unreleased/sh-fix-ldap-base-options.yml b/changelogs/unreleased/sh-fix-ldap-base-options.yml
new file mode 100644
index 00000000000..f0cb2e49944
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-ldap-base-options.yml
@@ -0,0 +1,5 @@
+---
+title: Fix LDAP authentication on systems not using a base of dc=com
+merge_request:
+author:
+type: fixed
diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb
index 77185f52ced..3cf1e4f3451 100644
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -53,6 +53,7 @@ module Gitlab
 
         def adapter_options
           opts = base_options.merge(
+            base: base,
             encryption: encryption_options
           )
 
diff --git a/spec/lib/gitlab/auth/ldap/config_spec.rb b/spec/lib/gitlab/auth/ldap/config_spec.rb
index 82587e2ba55..649e34a7cd0 100644
--- a/spec/lib/gitlab/auth/ldap/config_spec.rb
+++ b/spec/lib/gitlab/auth/ldap/config_spec.rb
@@ -31,6 +31,7 @@ describe Gitlab::Auth::LDAP::Config do
     it 'constructs basic options' do
       stub_ldap_config(
         options: {
+          'base'       => 'dc=example,dc=com',
           'host'       => 'ldap.example.com',
           'port'       => 386,
           'encryption' => 'plain'
@@ -38,6 +39,7 @@ describe Gitlab::Auth::LDAP::Config do
       )
 
       expect(config.adapter_options).to eq(
+        base: 'dc=example,dc=com',
         host: 'ldap.example.com',
         port: 386,
         encryption: nil