Freeipa ldap yubikeys cannot clone, push, pull, etc... from gitlab

FreeIPA LDAP is used by Gilab to login via HTTPS and using accounts with or without yubikey assigned to them can log in in just fine.

Git clone from shell with account NOT having yubikey mapped in LDAP works fine. (can clone, pull, push…)

Git clone from shell with account having yubikey mapped in LDAP does NOT work.

#:blush: git clone https://x.x.x.x/stuff/kvakva.git
Cloning into ‘kvakva’…
Username for ‘https://x.x.x.x’: USERNAME
Password for ‘https://x.x.x.x/’: PASSWORD + YUBIKEY OTP

error: RPC failed; HTTP 401 curl 22 The requested URL returned error: 401
fatal: The remote end hung up unexpectedly

Two-factor authorization as such is NOT enabled in Gitlab. I would expect that password+otp combo for user is passed to LDAP for validation (just to clarify, yubikeys are mapped to ldap and not gitlab). All other apps to that and some reason Gitlab error out.

Any idea?

This looks to be the same as (or related to) Gitlab CE with LDAP (FreeIPA with OTP) Problems (#19103) · Issues · / GitLab · GitLab