sync_ssh_keys isn't syncing the keys
Summary
A customer is trying to feed SSH Public Keys directly from the OpenLDAP data in FreeIPA to the GitLab installation.
After configuring 'sync_ssh_keys' => 'ipaSshPubKey'
as part of the ldap_servers
parameter, no key is being synced and the users need to re-upload them manually.
Steps to reproduce
- Setup config to include
gitlab_rails['ldap_servers'] = { <LDAP_SERVERS_REDACTED>, 'sync_ssh_keys' => 'ipaSshPubKey'}
- Install
gitlab/gitlab-ee
docker container, and pass config withGITLAB_OMNIBUS_CONFIG
environment variable
What is the current bug behavior?
- The SSH Keys aren't synced, and users need to upload them in GitLab
What is the expected correct behavior?
- SSH Keys should be synced to the installation
Details of package version
Docker Container Image: `gitlab/gitlab-ee` *(13.3.5-ee / `f2cfe35c0b4`)*
Environment details
- Operating System: Dockerized using
gitlab/gitlab-ee:latest
(currently running13.3.6-ee (d7bc82f4b06)
) - Installation Target, remove incorrect values:
- VM: Ubuntu 18.04 (updated weekly) on XCP-ng (basically Xen Server) running Docker (
19.03.13, build 4484c46d9d
)
- VM: Ubuntu 18.04 (updated weekly) on XCP-ng (basically Xen Server) running Docker (
- Installation Type, remove incorrect values:
- Upgrade from version... last time
gitlab/gitlab-ee (13.3.5-ee / f2cfe35c0b4)
, but we upgrade frequently keeping up with the Docker container releases as much as possible.
- Upgrade from version... last time
- Is there any other software running on the machine: The VM is dedicated to GitLab running in Docker. There is also the
gitlab/gitlab-runner:latest
running. - Is this a single or multiple node installation? YES
- Resources
- CPU:
8 vCPU
(Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz) - Memory total:
24GB
- CPU:
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
external_url 'https://gitlab.example.com/'; gitlab_rails['time_zone'] = 'America/Los_Angeles'; gitlab_rails['gitlab_default_theme'] = 2; letsencrypt['enabled'] = false; nginx['enable'] = true; nginx['redirect_http_to_https'] = true; nginx['listen_port'] = 443; nginx['listen_https'] = true; nginx['ssl_certificate'] = '/etc/gitlab/ssl/gitlab.example.com.crt'; nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/gitlab.example.com.key'; gitlab_rails['omniauth_auto_link_ldap_user'] = true; gitlab_rails['omniauth_block_auto_created_users'] = true; gitlab_rails['lfs_enabled'] = true; gitlab_rails['lfs_object_store_enabled'] = true; gitlab_rails['lfs_object_store_remote_directory'] = 'gitlab.lfs'; gitlab_rails['lfs_object_store_connection'] = { 'provider' => 'AWS', 'region' => 'us-west-1', 'aws_access_key_id' => '', 'aws_secret_access_key' => '', 'host' => '', 'endpoint' => 'https://:9000', 'path_style' => true }; gitlab_rails['ldap_enabled'] = true; gitlab_rails['ldap_servers'] = { '' => { 'label' => '', 'host' => '', 'port' => 389, 'method' => 'tls', 'uid' => 'uid', 'verify_certificates' => true, 'bind_dn' => 'uid=,cn=users,cn=accounts,dc=example,dc=com', 'password' => '', 'active_directory' => false, 'base' => 'cn=accounts,dc=example,dc=com', 'lowercase_usernames' => true, 'attributes' => { 'username' => ['uid'], 'email' => ['mail'], 'name' => 'displayName', 'first_name' => 'givenName', 'last_name' => 'sn' }, 'sync_ssh_keys' => 'ipaSshPubKey' } }; registry_external_url 'https://'; registry['enable'] = true; registry['storage'] = { 's3' => { 'accesskey' => '', 'secretkey' => '', 'bucket' => 'gitlab.registry', 'region' => 'us-west-1', 'regionendpoint' => 'https://:9000' } }; registry['debug_addr'] = 'localhost:5001'; registry_nginx['listen_port'] = 5005; registry_nginx['redirect_http_to_https'] = true; registry_nginx['listen_https'] = true; registry_nginx['proxy_set_headers'] = { 'Host' => '$http_host', 'X-Real-IP' => '$remote_addr', 'X-Forwarded-For' => '$proxy_add_x_forwarded_for', 'X-Forwarded-Proto' => 'https', 'X-Forwarded-Ssl' => 'on' }; nginx['custom_gitlab_server_config'] = 'location /-/plantuml/ { proxy_cache off; proxy_pass http://gitlab.example.com:8888/; }'; gitlab_rails['smtp_enable'] = true; gitlab_rails['smtp_address'] = 'smtp.mandrillapp.com'; gitlab_rails['smtp_port'] = 587; gitlab_rails['smtp_user_name'] = ''; gitlab_rails['smtp_password'] = ''; gitlab_rails['smtp_authentication'] = 'login'; gitlab_rails['smtp_enable_starttls_auto'] = true;