Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms (!8752) · Merge requests · GitLab.org / GitLab FOSS

Drew Blessing requested to merge dblessing/gitlab-ce:24462-reduce_ldap_queries_for_lfs into master Jan 24, 2017

What does this MR do?

We accept half a dozen different authentication mechanisms for Git over HTTP. Fairly high in the list we were checking user password, which would also query LDAP. In the case of LFS, OAuth tokens or personal access tokens, we were unnecessarily hitting LDAP when the authentication will not succeed. This was causing some LDAP/AD systems to lock the account. Now, user password authentication is the last mechanism tried since it's the most expensive.

Are there points in the code the reviewer needs to double check?

No.

Why was this MR needed?

Hitting LDAP is expensive, especially when we're trying to authenticate a user's account with bogus passwords. It was causing account lockouts for some LDAP/AD systems.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated
API support added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

Closes #24462 (closed)

Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms