[Solved] Cannot sign in with username containing underscore

we are currently evaluating Gitlab self-managed.

In doing so, we have connected the authentication to our Active Directory. As “uid” “userPrincipalName” is configured (but problem also exists with “sAMAccountName”).
We have users whose userPrincipalName contains an underscore, e.g. “test_user@internal.com”.
These users cannot log in to Gitlab. In the error message of the website we get “Could not authenticate you from Ldapmain because ‘Invalid credentials for test user@internal.com’” (Attention: The underscore is already missing in the error message).

I have already read about the bug Pages will not work with usernames, groups or projects that end in a -, contain dots, or are otherwise not valid domain labels (#20184) · Issues · GitLab.org / GitLab · GitLab, but we do not use Pages, so it is probably a different problem.

I also read that it’s probably a design guideline of Gitlab to replace underscores with spaces - but for usernames? That doesn’t make any sense.

Can anyone help us?

I’m wondering if it is something specific with LDAP integration.

I have a test Gitlab environment, and if I create a normal user within Gitlab, so without LDAP, or SAML, or some other external method, it works fine. I tested with test_user and also using the email address test_user@mydomain.com and it worked fine. I was able to login. So the underscore is supported for usernames as well as email addresses.

I’ll look into the Gitlab LDAP docs and see if I can find anything else, but a basic Gitlab install does work with underscores for usernames, so LDAP/AD should also work. Unfortunately I don’t have a Gitlab+LDAP configuration, so I cannot help with checking/testing that. Could well be some extra LDAP config is needed.

Hello iwalker,
thanks for ruling out gitlab side.
I took another look at the LDAP config and realized that I had configured the wrong “base:”.
With this, Gitlab cannot find the users. Users with underscore are our admin users, they are in a different OU than the normal users. Of course I had configured the “base” to the normal users and not to the OU above… Sorry!
Now everything works.

1 Like