Ungraceful handling of multiple LDAP servers can lead to unicorn failure
Summary
Listing two LDAP servers in the gitlab.rb configuration with either CE or with EE in unlicensed mode causes an ungraceful failure of chef and rails/unicorn. It is recognized this is an Enterprise only feature however specifying the second server in an unsupported setup should print a warning that all but the primary server will be ignored or show such a warning in the UI.
Consider the situation where a licensed EE installation expires.. Restarting rails in such a situation (or any runner cronjobs) breaks with an obtuse error and completely breaks the system and runner jobs. This would also effect a downgrade from ee -> ce https://docs.gitlab.com/ee/downgrade_ee_to_ce/
Another consideration is for installation workflow. Users should be able to specify all of their LDAP servers in the initial configuration prior to installing the license through the UI. Today we need to install the RPM, use root or only primary LDAP account to install the license file, then go back, edit the gitlab.rb to add the second LDAP server and reconfigure.
Steps to reproduce
Install gitlab CE or EE without installing license. Enable both a main and secondary LDAP server in the /etc/gitlab/gitlab.rb Run gitlab-ctl reconfigure. Stop / Start gitlab services fails.
What is the current bug behavior?
[root@gitlab-7 licenses]# sudo gitlab-rake gitlab:env:info
rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name `Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option.
/opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:11:in `<top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
What is the expected correct behavior?
A message / warning that the cookbook will ignore more than one ldap server unless license is installed? Or error handled more gracefully in some other manner.. perhaps ignoring other servers with a warning message in the UI that secondary is being ignored. We shouldn't break the application.
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 2.4.4p296 Gem Version: 2.7.6 Bundler Version:1.16.2 Rake Version: 12.3.1 Redis Version: 3.2.11 Git Version: 2.18.1 Sidekiq Version:5.1.3 Go Version: unknownGitLab information Version: 11.3.6-ee Revision: 8d9cf17 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql DB Version: 9.6.8 URL: https://gitlabtest.gsyt.ag HTTP Clone URL: https://gitlabtest.gsyt.ag/some-group/some-project.git SSH Clone URL: git@gitlabtest.gsyt.ag:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: no
GitLab Shell Version: 8.3.3 Repository storage paths:
- default: /var/lib/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git