Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Special characters in password halts user creation #8

Open
frafra opened this issue Jun 24, 2019 · 4 comments
Open

Special characters in password halts user creation #8

frafra opened this issue Jun 24, 2019 · 4 comments
Assignees
@Adambean
Labels
bug Something isn't working waiting on external Waiting on an external issue to be resolved

Comments

@frafra
Copy link

frafra commented Jun 24, 2019
edited

While creating various hundreds of users, I got HTTP 500 responses, so I had to run the tool multiple times. All the failing users had a random password with a strange special character. Removing special characters from the password generator fixes the issue.
A longer password could be used to improve security.
@Adambean Adambean added the invalid This doesn't seem right label Jun 24, 2019
@Adambean
Copy link
Owner

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

All the failing users had a random password with a strange special character.
A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

@Adambean Adambean self-assigned this Jun 24, 2019
Adambean added a commit that referenced this issue Jun 24, 2019
@Adambean
Console: Added check to ensure this tool is being run in a command li…
1bda98d 
…ne environment, and not via a web server.

(I thought the Symfony console component did this already.)

#8
@frafra
Copy link
Author

frafra commented Jun 25, 2019
edited

HTTP 500 responses

This is a CLI tool, not a web tool. You shouldn't be running this through a web server. Does your web server error log indicate any further details as to what the error is?

I am using it as a CLI tool; that error comes from the GitLab web server that does not seems happy to receive such kind of parameter.

All the failing users had a random password with a strange special character.
A longer password could be used to improve security.

This tool doesn't read password attributes at all. If you have a specific error message from the tool I'm interested.

Password are generated by this tool, but they does not seem to be valid to GitLab. Modifying the password generator in order to use just a-zA-Z0-9 characters fixes the issue.
To reproduce, just spin up a GitLab instance with Docker and synchronize few hundreds users.

If this issue occurs in Gitlab itself after the sync has completed that would be an issue between Gitlab and LDAP. (At this point this tool is no longer involved.)

This issue happens while the tool is creating the new users on GitLab.

@Adambean
Copy link
Owner

Adambean commented Jun 25, 2019
edited

Ah ok, I'll raise this issue with Gitlab because none of the characters I've specified are non-ASCII, so shouldn't be a problem.

The randomly used password is never used anyway. As per issue #9 you raised this is only done to satisfy a Gitlab API bug. You always authenticate using the password defined in the directory. (If the random password from this tool works to login that suggests Gitlab isn't binding to LDAP correctly.)

Did the Gitlab API give you any further information than HTTP 500? (Was there an exact message I can reference upstream?)

@Adambean Adambean added bug Something isn't working and removed invalid This doesn't seem right labels Jun 25, 2019
@Adambean Adambean added the waiting on external Waiting on an external issue to be resolved label Jul 6, 2019
Adambean added a commit that referenced this issue Jul 6, 2019
@Adambean
Taken out non-alphanumeric characters from the password generator unt…
20b1f47 
…il an external issue with Gitlab is resolved:

https://gitlab.com/gitlab-org/gitlab-ce/issues/63843

The weakness of the random passwords produced triggers me so hard. I really do hope this is temporary.
#8
@BOW-el BOW-el mentioned this issue Jul 9, 2019
Merged
@Adambean
Copy link
Owner

Hi @frafra,
With the above two commits now available in the master branch it would be worth trying this out again.

@eformat eformat mentioned this issue May 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Adambean Adambean

Labels
bug Something isn't working waiting on external Waiting on an external issue to be resolved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frafra @Adambean