LDAP user cannot clone repo, works for others with different LDAP connection string (#5355) · Issues · gpt / large_projects / gitlabhq1

LDAP user cannot clone repo, works for others with different LDAP connection string

Created by: keith9820

Gitlab 6.2 beta, with LDAP integration

User gets "Access denied. fatal: The remote end hung up unexpectedly error when attempting to clone a GitLab repo. Other users in different OUs don't have a problem.

When issued from the GitLab server, this curl request returns "false":

http://localhost//api/v3/internal/allowed?key_id=22&action=git-upload-pack&ref=_any&project=analytics/dns-website

When I change the key_id, this curl request returns "true":

http://localhost//api/v3/internal/allowed?key_id=16&action=git-upload-pack&ref=_any&project=analytics/dns-website

the [failing] user with key 22 (OU=NYC03) has this extern_uid:

CN=Keith Harris,OU=Users,OU=NYC03,OU=360i,OU=My_Company,DC=corp,DC=local

the [successful] user with key 16 (OU=DET01) has this extern_uid:

CN=Angie Semler,OU=Users,OU=DET01,OU=360i,OU=My_Company,DC=corp,DC=local

The code in lib/api/internal.rb, line# 38 is returning false because Gitlab::LDAP::User.blocked?(user.extern_uid) == true

On the GitLab server, I issued the ldapsearch command for the failing user and got a successful response;

ldapsearch -H ldap://nyc03dc01:3268 -b "CN=Keith Harris,OU=Users,OU=NYC03,OU=360i,OU=MySite,dc=corp,dc=local"