We are running Gitlab at work as our source code repository. It has been working fine for most users, but some users has had trouble using HTTPS authentication. There was no issues to login to the Gitlab web ui, but when using a git client to clone a repository over HTTPS would result in an error message saying
exit code 128
We are using LDAP authentication in Gitlab against our Active Directory.
It turns out that this was only affecting users with an "å" character in their distinguishedName attribute in Active Directory.
When creating users in Active directory the users Full name is a combination of the first and last name, unless you manually change it. The full name is then used to set both the displayName and distinguishedName attribute.
This causes a problem when the user has an "å" in their first or last name, since that character will then be included in the distinguishedName attribute, and will cause LDAP authentication againt gitlab from git to fail.
Rename the user account and change the Full name to use an "a" instead of "å" this will fix the distinguishedName attribute while leaving the displayName untouched.
After this change the git client should now be able to authenticate.
But this also caused another issue, after the rename the user is unable to login to the Gitlab web ui.
This is because Gitlab stores the external identities (the distinguishedName of the users) in it's database. And after the rename it no longer matches the value in the database.
So to fix this I needed to alter the database and manually update the external identifier to match.
Connect to your gitlab database (we are using Postgresql for our database server)
sudo -u postgres -H psql gitlabhq_production
Then select from identities to see the current values
select * from identities;
Then update the values that no longer match
update identities set extern_uid = '<new distinguished name>' where user_id = <user id>
to exit psql type
The user should now be able to authenticate both with git and the gitlab web ui.