Skip to content
Snippets Groups Projects
New issue look: Off

Problem creating new user via LDAP after different user pushed a commit with the same email address?

    • Closed Issue created by username-removed-62296 @nneul

    Ran into a weird situation today with a new developer that couldn't create account via LDAP. Running 7.10.

    It was showing an error in logs

    unicorn.stdout.log:E, [2015-06-25T05:46:58.531959 #3936 (closed)] ERROR -- omniauth: (ldapmain) Authentication failure! ldap_error: NoMethodError, undefined method `provider' for nil:NilClass

    and then in application.log:

    June 25, 2015 05:46: (OAuth) Error saving user: ["Email has already been taken"]

    Here's where it gets weird - I found the email address in the 'emails' table, associated to a completely DIFFERENT user. Talking to the other devs, apparently, the other user that was involved pushed changes into repo that were authored by this other userid.

    I completely get assigning "known" possible email addresses by default when commits come in, but seems like an authentication request should override that and take ownership of the address. The situation of one user (with perms) pushing changes in for a completely different author that hasn't yet been granted access - seems like it would be fairly likely.

    Designs

    Child items ...

    • Activity

    • username-removed-271743
      username-removed-271743 @Meatballs__ ·

      I had similar issues after upgrading to 8.0.4-CE.

      The user was a standard user, then LDAP was integrated and he attempted to login with LDAP.

      Got the following error in application.log:

      (OAuth) Error saving user: ["Email has already been taken"]

      unicorn/unicorn_stdout.log has:

      I, [2015-10-08T13:55:52.075836 #18154]  INFO -- omniauth: (ldapmain) Callback phase initiated.
E, [2015-10-08T13:55:52.345279 #18154] ERROR -- omniauth: (ldapmain) Authentication failure! ldap_error: NoMethodError, undefined method `provider' for nil:NilClass

      production.log:

      Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"email@address.com", "password"=>"[FILTERED]"}
Completed 500 Internal Server Error in 525ms (ActiveRecord: 13.3ms)

      The email table was empty?

      irb(main):002:0> Email.count
=> 0

      I fixed by manually adding an identity to the user as per https://gitlab.com/gitlab-org/gitlab-ce/issues/946 but replacing ldap for ldapmain:

      Find user ID from email

      u=User.find_by_email "legacy@test.com"

      Create Identity object (Don't forget to substitute 5 with User ID form previous step

      i=Identity.create(extern_uid: "uid=legacyldap,ou=Users,dc=ldap,dc=test,dc=com", provider: "ldapmain", user_id:u.id)
    • username-removed-62296 Status changed to closed

      Status changed to closed

    • Nikola Milojevic mentioned in merge request !14785

      mentioned in merge request !14785

    Please register or sign in to reply