Skip to content

Login Error 502 with enabled omniauth_auto_link_ldap_user after upgrade to 13.12.2

Summary

After upgrading to Gitlab 13.12.2 logging in is really slow and sometime results in an Error 502.

Steps to reproduce

  1. Configure Gitlab with ldap, omniauth kerberos and kerberos_simple_ldap_linking_allowed_realms
  2. Enable omniauth_auto_link_ldap_user
  3. Login with an ldap account

What is the current bug behavior?

Login is really slow and only sometimes succeeds. Results in an 502 Error otherwise.

What is the expected correct behavior?

Logins should be quick and not result in an 502 Error

Relevant logs and/or screenshots

{"method":"POST","path":"/users/auth/ldapmain/callback","format":"html","controller":"Ldap::OmniauthCallbacksController","action":"ldapmain","status":500,"time":"2021-06-02T07:31:25.139Z","params":[{"key":"utf8","value":"✓"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"username","value":"cschenk"},{"key":"password","value":"[FILTERED]"}],"remote_ip":"<some_ip>","user_id":null,"username":null,"ua":"Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0","correlation_id":"01F75T2VQGJFN5WFD9KM7XSN4E","meta.caller_id":"Ldap::OmniauthCallbacksController#ldapmain","meta.remote_ip":"<some_ip>","meta.feature_category":"authentication_and_authorization","meta.client_id":"ip/<some_ip>","redis_calls":1,"redis_duration_s":0.00019,"redis_read_bytes":74,"redis_write_bytes":85,"redis_shared_state_calls":1,"redis_shared_state_duration_s":0.00019,"redis_shared_state_read_bytes":74,"redis_shared_state_write_bytes":85,"db_count":8,"db_write_count":3,"db_cached_count":1,"cpu_s":0.17859,"mem_objects":34434,"mem_bytes":5127776,"mem_mallocs":19616,"mem_total_bytes":6505136,"exception.class":"Rack::Timeout::RequestTimeoutException","exception.message":"Request ran for longer than 60000ms","exception.backtrace":["lib/gitlab/auth/ldap/adapter.rb:52:in `block in ldap_search'","lib/gitlab/auth/ldap/adapter.rb:51:in `ldap_search'","lib/gitlab/auth/ldap/adapter.rb:87:in `users_search'","lib/gitlab/auth/ldap/adapter.rb:33:in `users'","lib/gitlab/auth/ldap/adapter.rb:37:in `user'","ee/lib/ee/gitlab/auth/ldap/person.rb:18:in `block in find_by_email'","ee/lib/ee/gitlab/auth/ldap/person.rb:17:in `each'","ee/lib/ee/gitlab/auth/ldap/person.rb:17:in `find_by_email'","lib/gitlab/auth/o_auth/user.rb:166:in `find_ldap_person'","ee/lib/ee/gitlab/auth/o_auth/user.rb:14:in `find_ldap_person'","lib/gitlab/auth/o_auth/user.rb:157:in `block in ldap_person'","lib/gitlab/auth/o_auth/user.rb:155:in `each'","lib/gitlab/auth/o_auth/user.rb:155:in `ldap_person'","lib/gitlab/auth/o_auth/user.rb:148:in `creating_linked_ldap_user?'","lib/gitlab/auth/o_auth/user.rb:264:in `update_profile'","lib/gitlab/auth/o_auth/user.rb:29:in `initialize'","ee/lib/ee/gitlab/auth/ldap/user.rb:13:in `initialize'","app/controllers/omniauth_callbacks_controller.rb:157:in `new'","app/controllers/omniauth_callbacks_controller.rb:157:in `build_auth_user'","app/controllers/omniauth_callbacks_controller.rb:161:in `sign_in_user_flow'","app/controllers/ldap/omniauth_callbacks_controller.rb:23:in `ldap'","ee/lib/gitlab/ip_address_state.rb:10:in `with'","ee/app/controllers/ee/application_controller.rb:40:in `set_current_ip_address'","app/controllers/application_controller.rb:490:in `set_current_admin'","lib/gitlab/session.rb:11:in `with_session'","app/controllers/application_controller.rb:481:in `set_session_storage'","lib/gitlab/i18n.rb:99:in `with_locale'","lib/gitlab/i18n.rb:105:in `with_user_locale'","app/controllers/application_controller.rb:475:in `set_locale'","app/controllers/application_controller.rb:468:in `block in set_current_context'","lib/gitlab/application_context.rb:70:in `block in use'","lib/gitlab/application_context.rb:70:in `use'","lib/gitlab/application_context.rb:27:in `with_context'","app/controllers/application_controller.rb:459:in `set_current_context'","lib/gitlab/middleware/speedscope.rb:13:in `call'","lib/gitlab/request_profiler/middleware.rb:17:in `call'","lib/gitlab/jira/middleware.rb:19:in `call'","lib/gitlab/middleware/go.rb:20:in `call'","lib/gitlab/etag_caching/middleware.rb:21:in `call'","lib/gitlab/middleware/multipart.rb:172:in `call'","lib/gitlab/middleware/read_only/controller.rb:50:in `call'","lib/gitlab/middleware/read_only.rb:18:in `call'","lib/gitlab/middleware/same_site_cookies.rb:27:in `call'","lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'","lib/gitlab/middleware/basic_health_check.rb:25:in `call'","lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'","lib/gitlab/middleware/request_context.rb:21:in `call'","config/initializers/fix_local_cache_middleware.rb:11:in `call'","lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'","lib/gitlab/metrics/requests_rack_middleware.rb:76:in `call'","lib/gitlab/middleware/release_env.rb:12:in `call'"],"db_duration_s":0.03489,"view_duration_s":0.0,"duration_s":59.94169}

Results of GitLab environment info

Expand for output related to GitLab environment info 
Using LDAP:	yes
Using Omniauth:	yes
Omniauth Providers: kerberos_spnego

Workarounds

Disabling omniauth_auto_link_ldap_user

Edited by Christopher Schenk