LDAP users can no longer login after ldap server change
Created by: mthibaut
We recently changed LDAP servers and the format of our DNs changed.
In gitlab 6.9.2, people could still login if they first logged out, then logged in again. This would update the DN in the database and everything was fine.
But in 7.14.3, this is no longer the case, and I have to go in manually in the database to fix the DN for the user in the identities table.
This user cannot login as he is listed under an old DN:
gitlabhq_production=# SELECT * FROM identities WHERE identities.user_id = 468; id | extern_uid | provider | user_id | created_at | updated_at -----+---------------------------------------------------------+----------+---------+------------+------------ 433 | CN=someone,OU=active,OU=employees,OU=people,O=example.com | ldapmain | 468 | | (1 row)
After changing the DN to the format of the new LDAP server, it works:
START TRANSACTION; UPDATE identities SET extern_uid = CONCAT('CN=', (SELECT username FROM users WHERE id = identities.user_id), ',OU=Employees,OU=Example Users,DC=example,DC=com') WHERE identities.user_id = 468; COMMIT;
The same worked in 6.9.2 without having to perform these steps by having the user log out of the webinterface and login again.