sync_ssh_keys isn't syncing the keys

Summary

A customer is trying to feed SSH Public Keys directly from the OpenLDAP data in FreeIPA to the GitLab installation. After configuring 'sync_ssh_keys' => 'ipaSshPubKey' as part of the ldap_servers parameter, no key is being synced and the users need to re-upload them manually.

Steps to reproduce

  • Setup config to include
gitlab_rails['ldap_servers'] = {  <LDAP_SERVERS_REDACTED>, 'sync_ssh_keys' => 'ipaSshPubKey'}
  • Install gitlab/gitlab-ee docker container, and pass config with GITLAB_OMNIBUS_CONFIG environment variable

What is the current bug behavior?

  • The SSH Keys aren't synced, and users need to upload them in GitLab

What is the expected correct behavior?

  • SSH Keys should be synced to the installation

Details of package version

Docker Container Image: `gitlab/gitlab-ee` *(13.3.5-ee / `f2cfe35c0b4`)*

Environment details

  • Operating System: Dockerized using gitlab/gitlab-ee:latest (currently running 13.3.6-ee (d7bc82f4b06))
  • Installation Target, remove incorrect values:
    • VM: Ubuntu 18.04 (updated weekly) on XCP-ng (basically Xen Server) running Docker (19.03.13, build 4484c46d9d)
  • Installation Type, remove incorrect values:
    • Upgrade from version... last time gitlab/gitlab-ee (13.3.5-ee / f2cfe35c0b4), but we upgrade frequently keeping up with the Docker container releases as much as possible.
  • Is there any other software running on the machine: The VM is dedicated to GitLab running in Docker. There is also the gitlab/gitlab-runner:latest running.
  • Is this a single or multiple node installation? YES
  • Resources
    • CPU: 8 vCPU (Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz)
    • Memory total: 24GB

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb` 
external_url 'https://gitlab.example.com/';
gitlab_rails['time_zone'] = 'America/Los_Angeles';
gitlab_rails['gitlab_default_theme'] = 2;
letsencrypt['enabled'] = false;
nginx['enable'] = true;
nginx['redirect_http_to_https'] = true;
nginx['listen_port'] = 443;
nginx['listen_https'] = true;
nginx['ssl_certificate'] = '/etc/gitlab/ssl/gitlab.example.com.crt';
nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/gitlab.example.com.key';
gitlab_rails['omniauth_auto_link_ldap_user'] = true;
gitlab_rails['omniauth_block_auto_created_users'] = true;
gitlab_rails['lfs_enabled'] = true;
gitlab_rails['lfs_object_store_enabled'] = true;
gitlab_rails['lfs_object_store_remote_directory'] = 'gitlab.lfs';
gitlab_rails['lfs_object_store_connection'] = {
    'provider' => 'AWS',
    'region' => 'us-west-1',
    'aws_access_key_id' => '',
    'aws_secret_access_key' => '',
    'host' => '',
    'endpoint' => 'https://:9000',
    'path_style' => true
};
gitlab_rails['ldap_enabled'] = true;
gitlab_rails['ldap_servers'] = {
    '' => {
        'label' => '',
        'host' =>  '',
        'port' => 389,
        'method' => 'tls',
        'uid' => 'uid',
        'verify_certificates' => true,
        'bind_dn' => 'uid=,cn=users,cn=accounts,dc=example,dc=com',
        'password' => '',
        'active_directory' => false,
        'base' => 'cn=accounts,dc=example,dc=com',
        'lowercase_usernames' => true,
        'attributes' => {
            'username' => ['uid'],
            'email' => ['mail'],
            'name' => 'displayName',
            'first_name' => 'givenName',
            'last_name' => 'sn'
        },
        'sync_ssh_keys' => 'ipaSshPubKey'
    }
};
registry_external_url 'https://';
registry['enable'] = true;
registry['storage'] = {
    's3' => {
        'accesskey' => '',
        'secretkey' => '',
        'bucket' => 'gitlab.registry',
        'region' => 'us-west-1',
        'regionendpoint' => 'https://:9000'
    }
};
registry['debug_addr'] = 'localhost:5001';
registry_nginx['listen_port'] = 5005;
registry_nginx['redirect_http_to_https'] = true;
registry_nginx['listen_https'] = true;
registry_nginx['proxy_set_headers'] = {
    'Host' => '$http_host',
    'X-Real-IP' => '$remote_addr',
    'X-Forwarded-For' => '$proxy_add_x_forwarded_for',
    'X-Forwarded-Proto' => 'https',
    'X-Forwarded-Ssl' => 'on'
};
nginx['custom_gitlab_server_config'] = 'location /-/plantuml/ { proxy_cache off; proxy_pass http://gitlab.example.com:8888/; }';
gitlab_rails['smtp_enable'] = true;
gitlab_rails['smtp_address'] = 'smtp.mandrillapp.com';
gitlab_rails['smtp_port'] = 587;
gitlab_rails['smtp_user_name'] = '';
gitlab_rails['smtp_password'] = '';
gitlab_rails['smtp_authentication'] = 'login';
gitlab_rails['smtp_enable_starttls_auto'] = true;
Edited by Kristof Goossens