We currently use SubVersion but are looking to migrate to a Git-based solution in order to be able to carry out pre-commit code reviews. The requirements are that the central Git repository is hosted on-premises, has a visual front-end to allow management of projects, and uses Active Directory authentication.
As a trial, I have installed GitLab EE on a virtual machine running Ubuntu server 18.04. I have set up AD authentication using the following config:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'MyOrganisation'
host: '172.16.0.6'
port: 389
uid: 'sAMAccountName'
bind_dn: 'CN=ldapbinduser,CN=Users,DC=myorganisation,DC=com'
password: 'password'
timeout: 30
active_directory: true
allow_username_or_mail_login: false
lowercase_usernames: true
block_auto_created_users: true
base: 'OU=Software,OU=Engineering,DC=myorganisation,DC=com'
group_base: 'OU=Software,OU=Engineering,DC=myorganisation,DC=com'
admin_group: 'internal software dept'
EOS
This has been partially successful. A MyOrganisation tab appears in the GitLab logon page and members of the Software group are able to log on using their AD logon and password while non-members are not. Members of the “Internal Software Dept” group are not automatically assigned admin rights, but that’s fine because we can add them manually.
The problem comes when trying to push the history of an SVN repo into GitLab, or clone a repository. I have created an Internal Software group in GitLab and added a TestProject project to it with a readme.txt file. On my Windows 10 PC I have installed the Git Credential Manager for Windows. When I attempt to clone this to my PC using: git clone http://gitlab/internal-software/testproject.git I receive a message of :
fatal: unable to access 'http://gitlab/internal-software/testproject.git/': The requested URL returned error: 500 WireShark shows two attempts to connect with a 401 – Unauthorized response to the first, followed by a 500 – Internal Server Error response to the second:
1 local IP gitlab IP TCP 66 59710 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
2 gitlab IP local IP TCP 66 80 → 59710 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
3 local IP gitlab IP TCP 54 59710 → 80 [ACK] Seq=1 Ack=1 Win=525568 Len=0
4 local IP gitlab IP HTTP 241 GET /internal-software/testproject.git/info/refs?service=git-upload-pack HTTP/1.1
5 gitlab IP local IP TCP 60 80 → 59710 [ACK] Seq=1 Ack=188 Win=30336 Len=0
6 gitlab IP local IP HTTP 618 HTTP/1.1 401 Unauthorized (text/plain)
7 local IP gitlab IP TCP 54 59710 → 80 [ACK] Seq=188 Ack=565 Win=524800 Len=0
8 local IP gitlab IP HTTP 292 GET /internal-software/testproject.git/info/refs?service=git-upload-pack HTTP/1.1
9 gitlab IP local IP TCP 60 80 → 59710 [ACK] Seq=565 Ack=426 Win=31360 Len=0
10 gitlab IP local IP TCP 1514 80 → 59710 [ACK] Seq=565 Ack=426 Win=31360 Len=1460 [TCP segment of a reassembled PDU]
11 gitlab IP local IP TCP 1514 80 → 59710 [ACK] Seq=2025 Ack=426 Win=31360 Len=1460 [TCP segment of a reassembled PDU]
12 gitlab IP local IP HTTP 309 HTTP/1.1 500 Internal Server Error (text/html)
13 local IP gitlab IP TCP 54 59710 → 80 [ACK] Seq=426 Ack=3740 Win=525568 Len=0
14 local IP gitlab IP TCP 54 59710 → 80 [RST, ACK] Seq=426 Ack=3740 Win=0 Len=0
The content of the 500 – Internal Server Error response is the standard GitLab 500 – “Whoops, something went wrong on our end” page.
On the server, I went through the .log files in var/logs/gitlab/gitlab-rails and found this in production_json.log:
{"method":"GET","path":"/internal-software/testproject/git/info/refs","format":"/","controller":"Projects::GitHttpController","action":"info_refs","status":401,"duration":35.81,"view":1.05,"db":9.7,"time":"2019-09-19T08:37:55.371Z","params":[{"key":"service","value":git-upload-pack"},{"key":"namespage_id","value":"internal-software"},{"key":"project_id","value":"testproject.git"}],"remote_ip":"172.16.1.46","user_id":null,"username":null,"ua":git/2.17.0.windows.1","queue_duration":null,"correlation_id":"long_uid"} {"method":"GET","path":"/internal-software/testproject/git/info/refs","format":"/","controller":"Projects::GitHttpController","action":"info_refs","status":500,"error":"ArgumentError: encryption or method MUST be provided","duration":215.3,"view":0.0,"db":14.11,"time":"2019-09-19T08:37:55.803Z","params":[{"key":"service","value":git-upload-pack"},{"key":"namespage_id","value":"internal-software"},{"key":"project_id","value":"testproject.git"}],"remote_ip":"172.16.1.46","user_id":null,"username":null,"ua":git/2.17.0.windows.1","queue_duration":null,"correlation_id":"long_uid"}
These would seem to match up to the HTTP requests and responses above. The first is the 401 and the second is the 500.
The error message is ArgumentError: encryption or method MUST be provided I have tried searching for this on the GitLab site, Stack Overflow, Stack Exchange and some well-known search engines, but only get approximate results that don't match my problem.
