gitlab-ce-ldap-sync icon indicating copy to clipboard operation
gitlab-ce-ldap-sync copied to clipboard
verified publisher icon Adambean

Special characters in password halts user creation

Open frafra opened this issue 6 years ago • 4 comments

While creating various hundreds of users, I got HTTP 500 responses, so I had to run the tool multiple times. All the failing users had a random password with a strange special character. Removing special characters from the password generator fixes the issue. A longer password could be used to improve security.

frafra avatar Jun 24 '19 12:06 frafra

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

All the failing users had a random password with a strange special character. A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

Adambean avatar Jun 24 '19 16:06 Adambean

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

I am using it as a CLI tool; that error comes from the GitLab web server that does not seems happy to receive such kind of parameter.

All the failing users had a random password with a strange special character. A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

Password are generated by this tool, but they does not seem to be valid to GitLab. Modifying the password generator in order to use just a-zA-Z0-9 characters fixes the issue. To reproduce, just spin up a GitLab instance with Docker and synchronize few hundreds users.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

This issue happens while the tool is creating the new users on GitLab.

frafra avatar Jun 25 '19 07:06 frafra

Ah ok, I'll raise this issue with Gitlab because none of the characters I've specified are non-ASCII, so shouldn't be a problem.

The randomly used password is never used anyway. As per issue #9 you raised this is only done to satisfy a Gitlab API bug. You always authenticate using the password defined in the directory. (If the random password from this tool works to login that suggests Gitlab isn't binding to LDAP correctly.)

Did the Gitlab API give you any further information than HTTP 500? (Was there an exact message I can reference upstream?)

Adambean avatar Jun 25 '19 17:06 Adambean

Hi @frafra, With the above two commits now available in the master branch it would be worth trying this out again.

Adambean avatar Jul 10 '19 17:07 Adambean