Skip to content

LDAP Secrets modification post-13.7 upgrade

Summary

Unable to edit LDAP encrypted settings. Get error when running sudo gitlab-rake gitlab:ldap:secret:edit EDITOR=vim

Directory /var/opt/gitlab/gitlab-rails/shared/encrypted_settings does not exist. Create the directory and try again.

Steps to reproduce

Upgraded from 13.4.1 to 13.7.1 and tried to modify LDAP secrets to remove from plain text configuration gitlab.rb file. See above summary for command and error.

Example Project

N/A

What is the current bug behavior?

The secrets file is supposed to be generated automatically I thought with 13.7. I'm not sure what to do as I don't see anything relating to this on the documentation.

What is the expected correct behavior?

File should be opened in vim to edit and then I would remove those fields from gitlab.rb and reconfigure GitLab.

Relevant logs and/or screenshots

This is what I am following from our local help. image

Output of checks

N/A

Results of GitLab environment info

Expand for output related to GitLab environment info 
System information
System:         Ubuntu 18.04
Current User:   git
Using RVM:      no
Ruby Version:   2.7.2p137
Gem Version:    3.1.4
Bundler Version:2.1.4
Rake Version:   13.0.1
Redis Version:  5.0.9
Git Version:    2.29.0
Sidekiq Version:5.2.9
Go Version:     unknown

GitLab information
Version:        13.7.1
Revision:       c97c8073a0e
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     12.4
URL:            https://gitlab.mhc.net
HTTP Clone URL: https://gitlab.mhc.net/some-group/some-project.git
SSH Clone URL:  git@gitlab.mhc.net:some-group/some-project.git
Using LDAP:     yes
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:        13.14.0
Repository storage paths:
- default:      /var/opt/gitlab/git-data/repositories
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell
Git:            /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
Checking GitLab subtasks ...


Checking GitLab Shell ...


GitLab Shell: ... GitLab Shell version >= 13.14.0 ? ... OK (13.14.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful


Checking GitLab Shell ... Finished


Checking Gitaly ...


Gitaly: ... E0105 09:56:56.138950405     367 http_proxy.cc:76]           'forcepoint.mhc.net' scheme not supported in proxy URI
default ... OK


Checking Gitaly ... Finished


Checking Sidekiq ...


Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1


Checking Sidekiq ... Finished


Checking Incoming Email ...


Incoming Email: ... Reply by email is disabled in config/gitlab.yml


Checking Incoming Email ... Finished


Checking LDAP ...


LDAP: ... Server: ldapmain
not verifying SSL hostname of LDAPS server 'ldap.mhc.net:636'
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)
User output sanitized. Found 25 users of 100 limit.


Checking LDAP ... Finished


Checking GitLab App ...


Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
3/6 ... yes
3/7 ... yes
3/16 ... yes
3/18 ... yes
3/26 ... yes
3/27 ... yes
3/30 ... yes
3/31 ... yes
13/33 ... yes
9/34 ... yes
3/35 ... yes
7/36 ... yes
Redis version >= 4.0.0? ... yes
Ruby version >= 2.7.2 ? ... yes (2.7.2)
Git version >= 2.29.0 ? ... yes (2.29.0)
Git user has default SSH configuration? ... yes
Active users: ... 11
Is authorized keys file accessible? ... yes
GitLab configured to store new projects in hashed storage? ... yes
All projects are in hashed storage? ... yes


Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

Possible fixes

Unsure...

Edited by kczx3