<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=332455) </details> <!--IssueSummary end--> ### Summary `git fetch` shows `Your password expired. Please access GitLab from a web browser to update your password.` for a LDAP GitLab account on a self-hosted instance (since GitLab Community Edition 13.12.2). The account has a password expiration in the past (2014-07-24; probably from when it wasn't an LDAP account yet) in GitLab's database (`users.password_expires_at`). Setting `password_expires_at` to `NULL` via gitlab-psql fixed it. #### Results of GitLab environment info <!-- Input any relevant GitLab environment information if needed. --> <details> <summary>Expand for output related to GitLab environment info</summary> <pre> System information System: Current User: git Using RVM: no Ruby Version: 2.7.2p137 Gem Version: 3.1.4 Bundler Version:2.1.4 Rake Version: 13.0.3 Redis Version: 6.0.12 Git Version: 2.31.1 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.12.2 Revision: d98457affdf Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 12.6 URL: https://*snip* HTTP Clone URL: https://*snip*/some-group/some-project.git SSH Clone URL: git@*snip*:some-group/some-project.git Using LDAP: yes Using Omniauth: no GitLab Shell Version: 13.18.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git </pre> </details> #### Results of GitLab application Check <!-- Input any relevant GitLab application check information if needed. --> <details> <summary>Expand for output related to the GitLab application check</summary> <pre> Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.18.0 ? ... OK (13.18.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 1/1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results) User output sanitized. Found 8 users of 100 limit. Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 5/2 ... yes 5/4 ... yes 5/7 ... yes 5/8 ... yes 5/9 ... yes 5/11 ... yes 5/12 ... yes 5/13 ... yes 5/15 ... yes 12/17 ... yes 5/20 ... yes 5/21 ... yes 5/22 ... yes 5/25 ... yes 5/29 ... yes 6/30 ... yes 5/31 ... yes 6/33 ... yes 18/34 ... yes 9/37 ... yes 20/40 ... yes 13/42 ... yes 5/45 ... yes 4/46 ... yes 9/47 ... yes 20/49 ... yes 5/51 ... yes 5/52 ... yes 20/54 ... yes 9/57 ... yes 5/59 ... yes 5/60 ... yes 5/61 ... yes 5/63 ... yes 5/65 ... yes 5/66 ... yes 5/69 ... yes 3/70 ... yes 5/71 ... yes 5/73 ... yes 20/74 ... yes 5/78 ... yes 6/81 ... yes 13/82 ... yes 24/83 ... yes 24/84 ... yes 24/85 ... yes 5/86 ... yes 23/87 ... yes 23/88 ... yes 9/89 ... yes 23/91 ... yes 5/97 ... yes 6/98 ... yes 28/99 ... yes 28/100 ... yes 28/101 ... yes 28/102 ... yes 13/103 ... yes 28/105 ... yes 5/106 ... yes 5/107 ... yes 2/108 ... yes 4/109 ... yes 5/110 ... yes 5/111 ... yes 5/112 ... yes 5/113 ... yes 13/114 ... yes 5/115 ... yes 3/116 ... yes 4/118 ... yes 28/119 ... yes 4/121 ... yes 4/122 ... yes 4/123 ... yes 5/124 ... yes 5/125 ... yes 28/126 ... yes 13/127 ... yes 5/128 ... yes 5/129 ... yes 5/131 ... yes 5/133 ... yes 4/134 ... yes 5/135 ... yes 5/136 ... yes 20/137 ... yes 28/138 ... yes 5/139 ... yes 8/140 ... yes 4/141 ... yes 5/142 ... yes 5/143 ... yes 13/145 ... yes 5/146 ... yes 30/147 ... yes 5/149 ... yes 5/151 ... yes 5/152 ... yes 13/153 ... yes 5/154 ... yes 12/155 ... yes 5/156 ... yes 6/157 ... yes 5/158 ... yes 5/159 ... yes 5/160 ... yes 5/161 ... yes 5/162 ... yes 5/163 ... yes 5/164 ... yes 5/165 ... yes 13/166 ... yes 5/167 ... yes 5/168 ... yes 5/169 ... yes 5/170 ... yes 5/171 ... yes 5/174 ... yes 5/175 ... yes 5/176 ... yes 13/177 ... yes 4/178 ... yes 5/179 ... yes 5/181 ... yes 5/182 ... yes 28/183 ... yes 28/184 ... yes 28/185 ... yes 12/186 ... yes 5/187 ... yes 13/188 ... yes 5/189 ... yes 13/191 ... yes 5/192 ... yes 5/193 ... yes 5/194 ... yes 6/195 ... yes 5/196 ... yes 13/197 ... yes 23/198 ... yes 9/199 ... yes 13/200 ... yes 13/201 ... yes 2/202 ... yes 5/205 ... yes 13/206 ... yes 5/207 ... yes 5/208 ... yes 5/209 ... yes 5/211 ... yes 5/212 ... yes 43/213 ... yes 5/214 ... yes 20/215 ... yes 5/217 ... yes 5/218 ... yes 5/220 ... yes 20/221 ... yes 20/222 ... yes 5/223 ... yes 5/224 ... yes 5/225 ... yes 20/226 ... yes 5/227 ... yes 38/228 ... yes 5/229 ... yes 5/230 ... yes 5/232 ... yes 23/233 ... yes 5/235 ... yes 5/236 ... yes 2/237 ... yes 51/238 ... yes 51/239 ... yes 5/240 ... yes 20/241 ... yes 5/242 ... yes 52/243 ... yes 52/244 ... yes 13/245 ... yes 5/246 ... yes 5/247 ... yes 2/248 ... yes 5/250 ... yes 20/252 ... yes 5/256 ... yes 5/257 ... yes 5/258 ... yes 5/259 ... yes 58/260 ... yes 58/261 ... yes 58/262 ... yes 20/264 ... yes 5/295 ... yes 5/296 ... yes 2/297 ... yes 23/298 ... yes 20/299 ... yes 20/300 ... yes 5/301 ... yes 20/302 ... yes 9/303 ... yes 20/305 ... yes 61/307 ... yes 5/308 ... yes 61/309 ... yes 61/310 ... yes 61/312 ... yes 38/314 ... yes 61/315 ... yes 38/316 ... yes 12/318 ... yes 12/319 ... yes 12/320 ... yes 38/321 ... yes 38/323 ... yes 12/324 ... yes 12/325 ... yes 61/326 ... yes 12/327 ... yes 12/328 ... yes 38/329 ... yes 12/330 ... yes 12/331 ... yes 5/332 ... yes 5/333 ... yes 12/337 ... yes 64/338 ... yes 38/339 ... yes 38/343 ... yes 12/344 ... yes 12/345 ... yes 20/347 ... yes 12/348 ... yes 12/349 ... yes 12/350 ... yes 87/351 ... yes 38/352 ... yes 5/354 ... yes 61/355 ... yes 12/356 ... yes 38/357 ... yes 5/358 ... yes 38/359 ... yes 5/360 ... yes 20/361 ... yes 61/363 ... yes 38/364 ... yes 38/365 ... yes 5/366 ... yes 20/368 ... yes Redis version >= 5.0.0? ... yes Ruby version >= 2.7.2 ? ... yes (2.7.2) Git version >= 2.31.0 ? ... yes (2.31.1) Git user has default SSH configuration? ... yes Active users: ... 16 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Checking GitLab App ... Finished Checking GitLab subtasks ... Finished </pre> </details> #### Current Workaround Execute the following query in `gitlab-rails dbconsole`: ``` update users set password_expires_at = null where username='<USERNAME>'; ``` (Extracted from https://gitlab.com/gitlab-org/gitlab/-/issues/332455#note_594243653)