0

I configured Gitea to authenticate against an AD server, and I'm receiving the following error:

[...dels/login_source.go:390 LoginViaLDAP()] [E] LDAP Connect error, my.ad.server.address.here:LDAP Result Code 200 "Network Error": read tcp <gitea host ip>:37590-><ad server ip>:389: read: connection reset by peer

What is strange to me is that the number 37590 in the example above always changes at each occurrence. Is it a port number? If true, how can I track it so I can whitelist it at the AD server firewall?

I'm a newbie in Go, so I can't figure out what's happening.

Rodrigo Balest
  • 326
  • 10
  • 17
  • 1
    That is an ephemeral source port. When an application creates a connection to a different host, the source port is chosen (somewhat) randomly from an unused port in the list of ephemeral ports on the host OS. You should whitelist the network address, not the transport address. – Ron Maupin Sep 04 '19 at 17:04

1 Answers1

3

The 37590 that you see is the source port. It is the port that the server will use when replying and helps your computer know which application the response is for. It's normal for that to change on each request.

You are correct in thinking that this is a network problem. The error message "connection reset by peer" means that someone along the line (either a firewall along the path, or the host itself) closed the connection. (a little more detail here)

If it is a firewall that is not allowing you, then you need a rule allowing access from gitea host ip:any to ad server ip:389.

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84