How to disable standard authentication ?

[nicolasgoudard]

Hello

I have created ldap instance 15.1 with docker-compose and authentication LDAP. It works well but I don't find the way to disable the standard auth ( sign in) , and the "signup" (register new account) and "forget password"; functionalities . There is a tab panel for standard auth signup, sign in, forget password , it still works, and I want to remove all these functionalities. I didn't find the parameter to set "false". Thanks you in advance for your help

[nicolasgoudard]

I have found it . Cannot do with docker-compose.yml

Go to web interface :

Admin /Settings /General / Sign in restrictions Uncheck "Allow Password Authentication from the web interface"

Admin /Settings /General / Sign-up restrictions

Uncheck "sign-up enabled"

[kkimurak]

FYI, we have configuration parameter GITLAB_SIGNUP_ENABLED but I noticed this might not work as expected. The change seems to be introduced in GitLab v7.7. Please refer https://gitlab.com/gitlab-org/gitlab-foss/-/issues/1095 and https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/2837

"The change" means that these configurations have been moved to database from gitlab.yml. The setting are password_authentication_enabled_for_web: boolean and signup_enabled: boolean in application_settings table. I think we can GITLAB_SIGNUP_ENABLED works again (for example, query the database on container startup according to the value of the parameter). This is just an idea but I will try to submit a PR if there is demand.

[nicolasgoudard]

@kkimurak thanks you . Yes I tried GITLAB_SIGNUP_ENABLED and GITLAB_SIGNIN_ENABLED but it doesn't work . So I have changed the settings in the web interface. It still works after restarting te contaient ( I don't lose the settings)

[Karocyt]

run this in your container once to set in database those things that you cannot set without UI otherwise. I should yell back at you if the key does not exist in your install.

echo "UPDATE application_settings SET signup_enabled = false, password_authentication_enabled_for_web = false" | gitlab-psql

If you run your own SQL thingy, bending the above to your will should be trivial too.

[VGerris]

run this in your container once to set in database those things that you cannot set without UI otherwise. I should yell back at you if the key does not exist in your install.

echo "UPDATE application_settings SET signup_enabled = false, password_authentication_enabled_for_web = false" | gitlab-psql

If you run your own SQL thingy, bending the above to your will should be trivial too.

this doesn't seem to work on 16.11:

root@gitlab-server:~# echo "UPDATE application_settings SET signup_enabled = false, password_authentication_enabled_for_web = false" | gitlab-psql
ERROR:  relation "application_settings" does not exist
LINE 1: UPDATE application_settings SET signup_enabled = false, pass...
               ^

[Karocyt]

Have you tried playing with sign-in Restrictions ?

[VGerris]

hi, I looked and do not see the relationship ? I want sign-up restrictions : https://docs.gitlab.com/ee/administration/settings/sign_up_restrictions.html and I do not want to use a webui to set it, I want to disable it at install time. It seems only an API call can do it or a hack via the db. I can't believe it, this should just be a config option ( that works ).

[VGerris]

and after some reading and looking at the API docs: https://docs.gitlab.com/ee/api/settings.html , I see that I can do: gitlab-rails runner '::Gitlab::CurrentSettings.update!(signup_enabled: false)' and that seems to work. Thank you for the pointer, it should be part of the docs and I also think it should just be an option in gitlab.rb. I will try to make a PR for docs. cheers

[VGerris]

create a merge request : https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151605

[VGerris]

it's merged : https://docs.gitlab.com/ee/administration/settings/sign_up_restrictions.html . Great that this can now be easily found. I think this can be closed? thank you.