Hello everyone,
I’ve set up a Gitlab Instance running in Docker, behind an NGINX Reverse Proxy.
Everything is working great so far, except when I’m trying to authenticate using LDAP for cloning a repo.
When I’m trying to clone using an LDAP Account, I got this message:
$ git clone https://gitlab.mycompany.local/group/repo_name.git
Cloning into 'repo_name'...
fatal: unable to access 'https://gitlab.mycompany.local/group/repo_name.git': The requested
URL returned error: 500
Everything works fine with a regular, local account:
$ git clone https://gitlab.mycompany.local/group/repo_name.git
Cloning into 'repo_name'...
remote: Enumerating objects: 594, done.
remote: Counting objects: 100% (594/594), done.
remote: Compressing objects: 100% (281/281), done.
remote: Total 1915 (delta 534), reused 341 (delta 313), pack-reused 1321
Receiving objects: 100% (1915/1915), 2.98 MiB | 5.33 MiB/s, done.
Resolving deltas: 100% (1698/1698), done.
Here are my Gitlab info:
System information
System:
Current User: git
Using RVM: no
Ruby Version: 2.6.5p114
Gem Version: 2.7.10
Bundler Version:1.17.3
Rake Version: 12.3.3
Redis Version: 5.0.7
Git Version: 2.24.1
Sidekiq Version:5.2.7
Go Version: unknown
GitLab information
Version: 12.7.0
Revision: 680a5284470
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 10.9
URL: https://gitlab.mycompany.local
HTTP Clone URL: https://gitlab.mycompany.local/some-group/some-project.git
SSH Clone URL: ssh://git@gitlab.mycompany.local:9022/some-group/some-project.git
Using LDAP: yes
Using Omniauth: yes
Omniauth Providers:
GitLab Shell
Version: 11.0.0
Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Git: /opt/gitlab/embedded/bin/git
In my production.log, I can see this:
Completed 500 Internal Server Error in 85ms (ActiveRecord: 4.5ms | Elasticsearch: 0.0ms)
ArgumentError (encryption or method MUST be provided):
lib/gitlab/auth/ldap/authentication.rb:40:in `new'
lib/gitlab/auth/ldap/authentication.rb:40:in `adapter'
lib/gitlab/auth/ldap/authentication.rb:29:in `login'
lib/gitlab/auth.rb:98:in `block (2 levels) in find_with_user_password'
lib/gitlab/auth.rb:97:in `each'
lib/gitlab/auth.rb:97:in `find'
lib/gitlab/auth.rb:97:in `block in find_with_user_password'
lib/gitlab/auth/unique_ips_limiter.rb:19:in `limit_user!'
lib/gitlab/auth.rb:74:in `find_with_user_password'
lib/gitlab/auth.rb:159:in `user_with_password_for_git'
lib/gitlab/auth.rb:53:in `find_for_git_client'
app/controllers/projects/git_http_client_controller.rb:105:in `handle_basic_authentication'
app/controllers/projects/git_http_client_controller.rb:38:in `authenticate_user'
lib/gitlab/i18n.rb:55:in `with_locale'
lib/gitlab/i18n.rb:61:in `with_user_locale'
app/controllers/application_controller.rb:461:in `set_locale'
lib/gitlab/application_context.rb:18:in `with_context'
app/controllers/application_controller.rb:453:in `set_current_context'
lib/gitlab/error_tracking.rb:34:in `with_context'
app/controllers/application_controller.rb:545:in `sentry_context'
lib/gitlab/middleware/rails_queue_duration.rb:27:in `call'
lib/gitlab/metrics/rack_middleware.rb:17:in `block in call'
lib/gitlab/metrics/transaction.rb:62:in `run'
lib/gitlab/metrics/rack_middleware.rb:17:in `call'
lib/gitlab/request_profiler/middleware.rb:17:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:13:in `call'
lib/gitlab/middleware/multipart.rb:117:in `call'
lib/gitlab/middleware/read_only/controller.rb:48:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:23:in `call'
config/initializers/fix_local_cache_middleware.rb:9:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:49:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'
Here is my docker-compose.yml file:
version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:latest
restart: always
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.mycompany.local'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['real_ip_trusted_addresses'] = [ 'REDACTED' ]
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on'
gitlab_rails['gitlab_shell_ssh_port'] = 9022
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
main:
label: 'LDAP'
host: REDACTED
port: 389
uid: 'sAMAccountName'
bind_dn: 'REDACTED'
password: "REDACTED"
active_directory: true
base: 'DC=mycompany,DC=local'
EOS
ports:
- '5802:80'
- '5902:443'
- '9022:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
The weird thing is that when I’m trying to login through the WebUI, everything is working as expected …
Any clues would be appreciated .