Gitlab e LDAP no CommuniGate Pro Server

Atualmente, estou tentando fazer com que nosso GitLab seja autenticado no LDAP fornecido pelo servidor CommuniGate Pro. Ao usar testes de linha de comando (como ldapsearch ), estou autenticando e obtendo informações com êxito. Mas quando eu tento fazer isso a partir da interface web do GitLab eu recebo

Could not authenticate you from Ldapmain because "Invalid credentials".

Nos logs do servidor LDAP, vejo o seguinte:

11:39:51.061 4 LDAP-000601([xx.xx.xx.99]:37160) BINDing as '[email protected]'
11:39:51.061 2 LDAP-000601([xx.xx.xx.99]:37160) ACCOUNT([email protected]) connected(CLRTXT) [xx.xx.xx.99]:37160->[xx.xx.xx.251]:636(tls)
11:39:51.062 4 LDAP-000601([xx.xx.xx.99]:37160) Logged in as <master>. authType=0
11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching(base) ''
11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching where (objectClass=*)
11:39:51.063 4 LDAP-000601([xx.xx.xx.99]:37160) searching for (altServer namingContexts supportedCapabilities...)
11:39:51.064 4 LDAP-000601([xx.xx.xx.99]:37160) '' retrieved
11:39:51.064 2 LDAP-000601([xx.xx.xx.99]:37160) search finished
11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching(sub) 'cn=domain.bg'
11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching where (uid=f.lastname)
11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) searching for ALL
11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) search paging: n=126, cookie=''
11:39:51.105 4 LDAP-000601([xx.xx.xx.99]:37160) 'uid=f.lastname,cn=domain.bg' retrieved
11:39:51.105 2 LDAP-000601([xx.xx.xx.99]:37160) search finished
11:39:51.121 2 LDAP-000601([xx.xx.xx.99]:37160) ACCOUNT([email protected]) disconnected ([xx.xx.xx.99]:37160)
11:39:51.121 4 LDAP-000601([xx.xx.xx.99]:37160) BINDing as 'uid=f.lastname,cn=domain.bg'
11:39:51.121 1 LDAP-000601([xx.xx.xx.99]:37160) BIND failed. Error Code=incorrect password or account name
11:39:51.122 3 LDAP-000601([xx.xx.xx.99]:37160) request reading failed. Error Code=TLS connection closed by peer
11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) TLS connection is closing
11:39:51.122 2 TLS-576189 closed by LDAP-000601
11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) closing connection
11:39:51.122 4 LDAP-000601([xx.xx.xx.99]:37160) releasing stream

Quando tento com ldapsearch :

ldapsearch -x -LLL -H ldaps://mx01.ldap.net -D '[email protected]' -W -b 'cn=domain.bg' "(uid=f.lastname)"

Eu sou capaz de autenticar:

12:15:51.336 4 LDAP-000612([xx.xx.xx.33]:53142) [xx.xx.xx.251]:636 <- [xx.xx.xx.33]:53142 incoming connection(mx01.ldap.net)
12:15:51.383 2 TLS-578274 created(TLSv1.2,AES256_SHA256) for LDAP-000612
12:15:51.441 4 LDAP-000612([xx.xx.xx.33]:53142) TLS-578274(AES256_SHA256) connection accepted for DOMAIN(mx01.ldap.net)
12:15:51.448 4 LDAP-000612([xx.xx.xx.33]:53142) BINDing as '[email protected]'
12:15:51.448 2 LDAP-000612([xx.xx.xx.33]:53142) ACCOUNT([email protected]) connected(CLRTXT) [xx.xx.xx.33]:53142->[xx.xx.xx.251]:636(tls)
12:15:51.448 4 LDAP-000612([xx.xx.xx.33]:53142) Logged in as uid=f.lastname,domain.bg=domain.bg,cn=domain.bg. authType=0
12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching(sub) 'cn=domain.bg'
12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching where (uid=f.lastname)
12:15:51.452 4 LDAP-000612([xx.xx.xx.33]:53142) searching for ALL
12:15:51.453 4 LDAP-000612([xx.xx.xx.33]:53142) 'uid=f.lastname,cn=domain.bg' retrieved
12:15:51.453 2 LDAP-000612([xx.xx.xx.33]:53142) search finished
12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) disconnecting
12:15:51.459 2 LDAP-000612([xx.xx.xx.33]:53142) ACCOUNT([email protected]) disconnected ([xx.xx.xx.33]:53142)
12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) TLS connection is closing
12:15:51.459 2 TLS-578274 closed by LDAP-000612
12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) closing connection
12:15:51.459 4 LDAP-000612([xx.xx.xx.33]:53142) releasing stream

Minha configuração é a seguinte:

main:
  label: 'Domain.Bg LDAP'
  host: 'mx01.ldap.net'
  port: 636
  uid: 'uid'
  method: 'ssl'
  bind_dn: '[email protected]'
  password: 'password'
  active_directory: false
  allow_username_or_email_login: true
  base: 'top'
  user_filter: ''

A verificação de RAILS_ENV=production gitlab-rake -v --trace gitlab:ldap:check foi bem-sucedida também.

Alguém com problema semelhante? Pelo que vejo nos logs, acho que o problema está no BINDing as 'uid=f.lastname,cn=domain.bg' após a autenticação com o postmaster. Existe uma maneira de fazer o GitLab usar BINDing as '[email protected]' para usuários, depois que o postmaster for autenticado?