GitLab CE Custom error message - ldap host get exposed

Hello everyone,

We are using GitLab CE and have connected LDAP for login. However, the error message “Could not authenticate you from LDAPSERVERNAME because ‘Invalid credentials for Username’” appears after an incorrect login. This means that the server name from LDAP is exposed. Is there a solution to this, perhaps how the error message can be adjusted or how the type of error message can be switched off?

Thank you!

Okay, I have now managed to get Ldapmain to appear. Is it possible to get rid of the Ldap before the main?

Not sure what your full LDAP config is, but do you have the label field?

# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
#     label: 'LDAP'

Maybe you can configure the label field with whatever to hide it.

Yeah, the label is LOCAL-NEW at our side, currently for testing. But the security guy wants us to modify the error message, so that also “Could not authenticate you from LDAPSERVERNAME because ‘Invalid credentials for Username’” is just ‘Invalid credentials for Username’

I doubt very much you can modify that message, there is nothing in the docs about it: Integrate LDAP with GitLab | GitLab

Suggest, opening an issue here to make a request for that: Issues · / GitLab · GitLab

Theoretically, this could be resolved most likely by editing the following file /opt/gitlab/embedded/service/gitlab-rails/config/locales/devise.en.yml since it includes the

failure: "Could not authenticate you from %{kind} because \"%{reason}\"."

the problem with editing this manually is either:

  1. Upgrading your Gitlab could overwrite this file meaning you lose your changes.
  2. Upgrading Gitlab may not overwrite this file after the changes, meaning you would have inconsistency in your Gitlab installation for potential new fixes relating to Gitlab.

The correct way forward would be to open an issue. Temporarily you could try editing that file, but as I mentioned, this could bite you later.

1 Like