Could not authenticate you from Ldapmain because "Undefined local variable or method `ldap servers'

Hello *,
after upgrading my omnibus installation from 12.10.14 to 13.0.10 i can’t login to my system using LDAP.
It gives me the error above after a timeout. What is odd, it recognises my credentials. When I provide a wrong password, it will display that I provided wrong credentials.

Everything runs on a VM except for the runners. The AD/LDAP server is external.
Linux gitlab-1 4.15.0-48-generic
Ubuntu 18.04

I tried multiple formats of the LDAP configuration in gitlab.rb, none worked for me.
Before the upgrade we had this one running since many month:

external_url 'https://some-url.com'
git_data_dirs('default' => { 'path' => '/var/opt/gitlab/git-data' })

# Setup for Gitlab Pages
pages_external_url 'https://some-domain'
pages_nginx['redirect_http_to_https'] = true
pages_nginx['ssl_certificate'] = '/etc/gitlab/ssl/pages-nginx.crt'
pages_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/pages-nginx.key'

# Setup nginx configuration (vhost) from node attributes
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/gitlab/ssl/some-cert.crt'
nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/some-key.key'

# Setup Gitlab Rails application from node attributes
gitlab_rails['ldap_enabled'] = true
gitlab_rails['gitlab_default_projects_features_visibility_level'] = 'private'
gitlab_rails['gravatar_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'emailfrom'
gitlab_rails['smtp_domain'] = 'smtp-domain'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = '127.0.0.1'
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_ssl'] = false
gitlab_rails['smtp_force_ssl'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['time_zone'] = 'Europe/Berlin'
gitlab_rails['backup_keep_time'] = 432000

# Setup monitoring whitelist
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '10.0.0.0/8']

# LDAP information was read from a encrypted data bag
gitlab_rails['ldap_host'] = '<ldap-server>'
gitlab_rails['ldap_port'] = 636
gitlab_rails['ldap_uid'] = 'sAMAccountName'
gitlab_rails['ldap_method'] = 'ssl'
gitlab_rails['ldap_bind_dn'] = '<bind-user>'
gitlab_rails['ldap_password'] = 'some-password'
gitlab_rails['ldap_allow_username_or_email_login'] = false
gitlab_rails['ldap_base'] = '<ldap base>'

gitlab_rails['ldap_servers'] = YAML.load <<-EOS
main:
  host: '<ldap-server>'
  port: 636
  method: 'ssl'
  bind_dn: '<bind-user>'
  password: 'some-password'
  ca_file: 'path-to-ca-file'
  base: 'base'
  uid: 'sAMAccountName'
  allow_username_or_email_login: false
EOS

I think the upper configuration is obsolete. I also tried the new?! format:

gitlab_rails['ldap_servers'] = {
'main' => {
  'label' => 'ldap',
  'host' =>  'ldap-host',
  'port' => 636,
  'uid' => 'sAMAccountName',
  'encryption' => 'simple_tls',
  'verify_certificates' => true,
  'bind_dn' => 'bind-dn',
  'password' => 'some-password',
  'tls_options' => {
    'ca_file' => 'path-to-ca-file'
  },
  'timeout' => 10,
  'active_directory' => true,
  'allow_username_or_email_login' => false,
  'block_auto_created_users' => false,
  'base' => 'base-dn'
  }
}

I ran gitlab-ctl reconfigure multiple times and also restarted the server. The connection seems to work since it gives me wrong credentials error when provided. I have also 2 Factor auth enabled but I don’t get to that page.

==> /var/log/gitlab/gitlab-rails/production_json.log <==
{"method":"POST","path":"/users/auth/ldapmain/callback","format":"html","controller":"Ldap::OmniauthCallbacksController","action":"ldapmain","status":500,"time":"2020-07-29T16:51:11.208Z","params":[{"key":"utf8","value":"✓"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"username","value":"username"},{"key":"password","value":"[FILTERED]"}],"remote_ip":"ip","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15","queue_duration_s":0.00371,"correlation_id":"6a6rxcmlKm9","meta.caller_id":"Ldap::OmniauthCallbacksController#ldapmain","redis_calls":6,"redis_duration_s":0.000673,"cpu_s":10.29,"exception.class":"ActionView::Template::Error","exception.message":"undefined local variable or method `ldap_servers' for #<#<Class:0x00007f629bd741c8>:0x00007f629600c670>","exception.backtrace":["app/views/devise/shared/_tabs_ldap.html.haml:9","app/views/devise/sessions/new.html.haml:5","app/controllers/application_controller.rb:132:in `render'","app/controllers/concerns/authenticates_with_two_factor.rb:38:in `locked_user_redirect'","app/controllers/concerns/authenticates_with_two_factor.rb:32:in `handle_locked_user'","app/controllers/concerns/authenticates_with_two_factor.rb:22:in `prompt_for_two_factor'","app/controllers/omniauth_callbacks_controller.rb:166:in `sign_in_user_flow'","app/controllers/ldap/omniauth_callbacks_controller.rb:23:in `ldap'","app/controllers/application_controller.rb:496:in `set_current_admin'","lib/gitlab/session.rb:11:in `with_session'","app/controllers/application_controller.rb:487:in `set_session_storage'","app/controllers/application_controller.rb:481:in `set_locale'","lib/gitlab/error_tracking.rb:48:in `with_context'","app/controllers/application_controller.rb:546:in `sentry_context'","app/controllers/application_controller.rb:474:in `block in set_current_context'","lib/gitlab/application_context.rb:52:in `block in use'","lib/gitlab/application_context.rb:52:in `use'","lib/gitlab/application_context.rb:20:in `with_context'","app/controllers/application_controller.rb:467:in `set_current_context'"],"db_duration_s":0.01029,"view_duration_s":0.0,"duration_s":10.44041}
{"method":"POST","path":"/users/auth/ldapmain/callback","format":"html","controller":"OmniauthCallbacksController","action":"failure","status":302,"location":"https://url/users/sign_in","time":"2020-07-29T16:51:11.225Z","params":[{"key":"utf8","value":"✓"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"username","value":"username"},{"key":"password","value":"[FILTERED]"}],"remote_ip":"172.31.216.38","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15","queue_duration_s":0.00371,"correlation_id":"6a6rxcmlKm9","meta.caller_id":"OmniauthCallbacksController#failure","redis_calls":6,"redis_duration_s":0.000673,"cpu_s":10.3,"db_duration_s":0.00283,"view_duration_s":0.0,"duration_s":0.01486}
{"method":"GET","path":"/users/sign_in","format":"html","controller":"SessionsController","action":"new","status":200,"time":"2020-07-29T16:51:11.344Z","params":[],"remote_ip":"172.31.216.38","user_id":null,"username":null,"ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15","queue_duration_s":0.003546,"correlation_id":"nd1D0RzELza","meta.caller_id":"SessionsController#new","redis_calls":4,"redis_duration_s":0.000411,"cpu_s":0.03,"db_duration_s":0.00104,"view_duration_s":0.01231,"duration_s":0.02521}

Thanks for any help!

I have the same issue, but my setup uses the official Docker container with version 13.2.1.

• GitLab Shell 13.3.0
• GitLab Workhorse v8.37.0
• GitLab API v4
• Ruby 2.6.6p146
• Rails 6.0.3.1
• PostgreSQL 11.7

I eventually downgraded to 12.10.14 again and restored a backup.
I added the following line to the ldap config and it worked afterwards with 13.0.10 but not with 13.2.1. Also after downgrading to 13.0.10 again. Really weird.
gitlab_rails['prevent_ldap_sign_in'] = false