Migrate from on-prem LDAP to Oauth2 in Kubernetes
Summary
I'm migrating an Omnibus Gitlab installation from on-prem to our AKS cluster (helm chart). In this process I want to go from using on-prem LDAP authentication to Azure oauth2. I'm wondering if it's possible to do this migration while moving from Omnibus to Helm chart?
Our on-prem instance does not have oauth2 configured, no auto-linking etc, it's just connected to an LDAP server. I have read this gitlab-org/gitlab-foss#15136 (closed) Also wondering if this is still accurate? The automatic account linking would be safe in our case since our Azure app registration is only valid for a select group of users.
Steps to reproduce
On-prem Omnibus docker installation of Gitlab with LDAP authentication Migrate to Gitlab running in Kubernetes cluster (AKS). Allow Oauth2 only login. Get error 422 when trying to login (e-mail acocunt is taken)
Configuration used
appConfig:
omniauth:
enabled: true
allowSingleSignOn:
- azure_oauth2
autoLinkLdapUser: true
autoLinkSamlUser: false
autoSignInWithProvider: null
blockAutoCreatedUsers: false
providers:
- secret: gitlab-azure-oauth2
Current behavior
Error 422:
Sign-in using azure_oauth2 auth failed
Sign-in failed because Email has already been taken.
Expected behavior
Auto link LDAP to Oauth2 users. Be able to access account and repos as before.