500 Error When Pushing Or Pulling With HTTPS

Hello,

I’m getting a 500 error when I try to do git push or git pull with an ldap user from a Gitlab Omnibus instance over https through an nginx reverse proxy.

gitlab-ctl tail is showing

ArgumentError (encryption or method MUST be provided):

lib/gitlab/auth/ldap/authentication.rb:40:in `new'
lib/gitlab/auth/ldap/authentication.rb:40:in `adapter'
lib/gitlab/auth/ldap/authentication.rb:29:in `login'
lib/gitlab/auth.rb:108:in `block (2 levels) in find_with_user_password'
lib/gitlab/auth.rb:107:in `each'
lib/gitlab/auth.rb:107:in `find'
lib/gitlab/auth.rb:107:in `block in find_with_user_password'
lib/gitlab/auth/unique_ips_limiter.rb:19:in `limit_user!'
lib/gitlab/auth.rb:84:in `find_with_user_password'
lib/gitlab/auth.rb:171:in `user_with_password_for_git'
lib/gitlab/auth.rb:55:in `find_for_git_client'
app/controllers/repositories/git_http_client_controller.rb:118:in `handle_basic_authentication'
app/controllers/repositories/git_http_client_controller.rb:41:in `authenticate_user'
lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in `call'
lib/gitlab/middleware/rails_queue_duration.rb:33:in `call'
lib/gitlab/metrics/rack_middleware.rb:16:in `block in call'
lib/gitlab/metrics/transaction.rb:56:in `run'
lib/gitlab/metrics/rack_middleware.rb:16:in `call'
lib/gitlab/request_profiler/middleware.rb:17:in `call'
lib/gitlab/jira/middleware.rb:19:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:21:in `call'
lib/gitlab/middleware/multipart.rb:172:in `call'
lib/gitlab/middleware/read_only/controller.rb:50:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:21:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:76:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'

==> /var/log/gitlab/gitlab-workhorse/current <==
{"content_type":"text/html; charset=utf-8","correlation_id":"01F3PE65DZKMZ89SHGC3557PEP","duration_ms":240,"host":"git.domain.local","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:0","remote_ip":"127.0.0.1","route":"^/.+\\.git/info/refs\\z","status":500,"system":"http","time":"2021-04-20T01:26:48Z","ttfb_ms":240,"uri":"/user/test.git/info/refs?service=git-receive-pack","user_agent":"git/2.27.0.windows.1","written_bytes":2926}

It looks like it just wants me to set an encryption method in my gitlab.rb file, which I did, but even after restarting it’s still throwing this 500 error.

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'Network Login'
    host: 'dc.domain.local'
    port: 389
    uid: 'sAMAccountName'
    bind_dn: 'cn=gitlab,ou=Domain Users,dc=domain,dc=local'
    password: 'password'
    encryption: 'plain'
    smartcard_auth: false
    active_directory: true
    allow_username_or_email_login: true
    lowercase_usernames: true
    block_auto_created_users: false
    base: 'dc=domain,dc=local'
    user_filter: ''
EOS

Ldap users can login from a web browser, they just can’t push, clone, pull, etc. with https. Local users work fine.

Anything I’m missing?