Omniauth (auth0) fails after updating to GitLab 13.8
Summary
We have updated our production environment to Gitlab 13.8. After updating, OmniAuth returns an error 500. After digging into this, it seems that this change might have caused this error: afd40b38
The error we are receiving is:
Completed 500 Internal Server Error in 46ms (ActiveRecord: 10.6ms | Elasticsearch: 0.0ms | Allocations: 5764)
Settingslogic::MissingSetting (Missing setting 'servers' in 'ldap' section in /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml):
lib/gitlab/auth/ldap/config.rb:31:in `servers'
lib/gitlab/auth/ldap/config.rb:45:in `providers'
lib/gitlab/auth/o_auth/user.rb:153:in `ldap_person'
lib/gitlab/auth/o_auth/user.rb:146:in `creating_linked_ldap_user?'
lib/gitlab/auth/o_auth/user.rb:244:in `update_profile'
lib/gitlab/auth/o_auth/user.rb:29:in `initialize'
app/controllers/omniauth_callbacks_controller.rb:157:in `new'
app/controllers/omniauth_callbacks_controller.rb:157:in `build_auth_user'
app/controllers/omniauth_callbacks_controller.rb:161:in `sign_in_user_flow'
app/controllers/omniauth_callbacks_controller.rb:130:in `omniauth_flow'
app/controllers/omniauth_callbacks_controller.rb:17:in `handle_omniauth'
app/controllers/omniauth_callbacks_controller.rb:75:in `auth0'
Within our gitlab.yaml
(converted from gitlab.rb) we see the following settings in de LDAP section (this is a minimal version):
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
sync_time:
prevent_ldap_sign_in: false
To fix this it seems we have to define gitlab_rails['ldap_servers']
, but there isn't anything for us to define here as we do not use LDAP. We tried to set (though it is a little hacky), this, but with no succes:
gitlab_rails['ldap_enabled'] = false
gitlab_rails['ldap_servers'] = YAML.load '{}'
The reason why is because YAML.load thinks this is empty and it won't persist to the servers settings in de yaml file.
To resolve this issue, we have added servers: {}
to the config.rb. However this change will be overridden during a next update, therefor it is only a temporary fix.
ldap:
enabled: false
sync_time:
prevent_ldap_sign_in: false
servers: {}