search

Adambean / gitlab-ce-ldap-sync

Synchronise users and groups (including group members) from an LDAP instance with Gitlab CE (and EE in free tier) self-hosted instance(s).
Apache License 2.0
59 stars 23 forks source link

Special characters in password halts user creation #8

Open frafra opened 5 years ago

frafra commented 5 years ago

While creating various hundreds of users, I got HTTP 500 responses, so I had to run the tool multiple times. All the failing users had a random password with a strange special character. Removing special characters from the password generator fixes the issue. A longer password could be used to improve security.

Adambean commented 5 years ago

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

All the failing users had a random password with a strange special character. A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

frafra commented 5 years ago

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

I am using it as a CLI tool; that error comes from the GitLab web server that does not seems happy to receive such kind of parameter.

All the failing users had a random password with a strange special character. A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

Password are generated by this tool, but they does not seem to be valid to GitLab. Modifying the password generator in order to use just a-zA-Z0-9 characters fixes the issue. To reproduce, just spin up a GitLab instance with Docker and synchronize few hundreds users.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

This issue happens while the tool is creating the new users on GitLab.

Adambean commented 5 years ago

Ah ok, I'll raise this issue with Gitlab because none of the characters I've specified are non-ASCII, so shouldn't be a problem.

The randomly used password is never used anyway. As per issue #9 you raised this is only done to satisfy a Gitlab API bug. You always authenticate using the password defined in the directory. (If the random password from this tool works to login that suggests Gitlab isn't binding to LDAP correctly.)

Did the Gitlab API give you any further information than HTTP 500? (Was there an exact message I can reference upstream?)

Adambean commented 5 years ago

Hi @frafra, With the above two commits now available in the master branch it would be worth trying this out again.