Gitlab CE with LDAP (FreeIPA with OTP) Problems
Summary
We use LDAP via FreeIPA. In FreeIPA, we've enabled OTP, which, in the case of LDAP-compatible systems, the OTP is appended to the password, and works as expected. We use this, for instance, in a Fortigate for auth, and other places. It works for the Gitlab CE Web UI, however, git via CLI does not work as expected. It gives messages such as the below:
Password for 'https://test.user@gitlab.example.org':
Counting objects: 7, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 401 bytes | 0 bytes/s, done.
Total 4 (delta 3), reused 0 (delta 0)
error: RPC failed; result=22, HTTP code = 401
fatal: The remote end hung up unexpectedly
fatal: The remote end hung up unexpectedly
Everything up-to-date```
```git clone https://gitlab.example.org/siteops/repo.git
Cloning into 'repo'...
Username for 'https://gitlab.example.org': test.user
Password for 'https://test.user@gitlab.example.org':
error: RPC failed; result=22, HTTP code = 401
fatal: The remote end hung up unexpectedly```
However, some things work:
```[test.user@mgmt01 repo]$ git pull
Username for 'https://gitlab.example.org': test.user
Password for 'https://test.user@gitlab.example.org':
Already up-to-date.```
It seems that some operations require a second authentication round, and that fails, perhaps due to the OTP.
### Steps to reproduce
Use LDAP with OTP (appended to the password)
### What is the expected *correct* behavior?
Proper authentication