Skip to content

Authentication of new users from Ldapmain causing "Undefined method `provider' for nil:nilclass" when sign-up restrictions are in place

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

Authentication of new users from Ldapmain causing "Undefined method `provider' for nil:nilclass" when sign-up restrictions are in place and this is the first time the ldap user tries to sign-in on the gitlab instance.

Issue was already reported in omnibus-gitlab#4735 (closed) but closed by the creator. We are still experience this issue.

Steps to reproduce

  1. Use gitlab instance with LDAP connection set up.
  2. LDAP users do have email domain mycompany.com or *.mycompany.com and automatic "non-blocked" account creation is enabled for LDAP users.
  3. Setup sign-up restrictions
    • Allow sign-up for non-ldap users for specific domains
    • Example:
      • externals.com
      • *.externals.com
  4. A ldap user with assigned email john.doe@mycompany.com is using LDAP login the first time and uses valid credentials.
  5. Step before will cause
    1. the Error message "Undefined method `provider' for nil:nilclass" if John Doe never signed in on this gitlab instance
    2. No error if John Doe already signed in before without the sign-up restrictions in place.

We are currently running Gitlab 14.9.3 from docker image gitlab/gitlab-ee:latest an can produce the issue reported.

The proposal from @rodrigito on omnibus-gitlab#4735 (closed) to whitelist the ldap email domains is a workaround we currently use.

What is the current bug behavior?

The Error message "Undefined method `provider' for nil:nilclass" if an LDAP user never signed in on this gitlab instance

What is the expected correct behavior?

  1. LDAP User successfully sign in without error message.
  2. If this is the first time of the ldap user signing in: The gitlab account is created automatically according to the gitlab instance configuration.

Relevant logs

Relevant logs 
2022-04-22T14:49:49.205Z: (ldapmain) Callback phase initiated.
2022-04-22T14:49:50.015Z: (ldapmain) Authentication failure! invalid_credentials: OmniAuth::Strategies::LDAP::InvalidCredentialsError, Invalid credentials for john.doe@mycompany.com
2022-04-22T14:50:04.650Z: (ldapmain) Callback phase initiated.
2022-04-22T14:50:05.391Z: (LDAP) Error saving user XXXXXXXXXXXXXXXXXXXXXXXXX (john.doe@mycompany.com): ["Email is not allowed for sign-up. Please use your regular email address. Check with your administrator."]
2022-04-22T14:50:05.395Z: (ldapmain) Authentication failure! ldap_error: NoMethodError, undefined method `provider' for nil:NilClass
2022-04-22T15:01:19.653Z: (ldapmain) Callback phase initiated.
2022-04-22T15:01:19.879Z: (LDAP) Error saving user XXXXXXXXXXXXXXXXXXXXXXXXX (john.doe@mycompany.com): ["Email is not allowed for sign-up. Please use your regular email address. Check with your administrator."]
2022-04-22T15:01:19.884Z: (ldapmain) Authentication failure! ldap_error: NoMethodError, undefined method `provider' for nil:NilClass
2022-04-22T15:01:34.795Z: (ldapmain) Callback phase initiated.
2022-04-22T15:01:35.070Z: (LDAP) saving user ohn.doe@mycompany.com from login with admin => false, extern_uid => XXXXXXXXXXXXXXXXXX
2022-04-22T15:01:35.083Z: Instantiating Gitlab::Auth::Ldap::Person with LDIF:
2022-04-22T15:10:54.286Z: (ldapmain) Callback phase initiated.

Details of package version

Provide the package version installation details 
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-============================================================
un  gitlab-ce                    (no description available)
ii  gitlab-ee      14.9.3-ee.0  amd64        GitLab Enterprise Edition (including NGINX, Postgres, Redis)

Environment details

  • Operating System: CentOS 7.7
  • Installation Target:
    • Other: docker
  • Installation Type:
    • New Installation
  • Is there any other software running on the machine: no
  • Is this a single or multiple node installation? Single
  • Resources
    • CPU: Intel(R) Xeon(R) Gold 6142 CPU @ 2.60GHz`
    • Memory total: 16266568 kB

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb` 
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
  main: # 'main' is the GitLab 'provider ID' of this LDAP server 
    label: 'LDAP'
    host: 'ldap.mycompany.com'
    port: 389
    uid: 'mail'
    bind_dn: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
    password: 'XXXXXXXXXXXX'
    encryption: 'plain'
    active_directory: true
    allow_username_or_email_login: false
    block_auto_created_users: false
    base: 'XXXXXXXXXXXXXX'
    user_filter: '(&(objectCategory=person)(objectClass=user))'
    attributes:
      username:   'mailNickname'
      name:       'displayName'
      first_name: 'givenName'
      last_name:  'sn'
EOS

Front-end configuration Allowed domains for sign-ups:

externals.com
*.externals.com
Edited by 🤖 GitLab Bot 🤖