With the release of GitLab 13.2 I ran into a serious issue when logging in. The issues behaviour was, that I would only get an HTTP 502 error whenever I’m trying to sign in.

his could not be resolved by changing the configuration or restarting GitLab, leaving me with no other option than restoring the server from the last back up. The next morning (new day, new chance) I tried the upgrade again and ran into the same problem. This time however I started looking for in the issue I received an eMail about when updating my GitLab. Turns out other had the same problem with the LDAP authentication after the update.

Their idea was to force verify all (primary) eMail-Addresses, granting their users access to service again. Since I had a snapshot of the server and no other option, I tried this myself. The problem was solved and I was able to sign in again.

What happened

I’m not entirely sure about that, but I believe it has something to do with a security related fix to GitLab where you had to verify your eMail-Addresses again. This led to users having no verified username, hence blocking the log in to the service. Somebody wrote about a similar issue in the discussion of that issue.

How to verify all eMail-Addresses

Ok, this does yet not solve my problem but at least gives me an angle of attack.

1) Open the command line of your GitLab server.

2) Open a GitLab Rails console (as described in the GitLab documentation):

sudo gitlab-rails console

3) Wait for some minutes until your CLI looks like it’s waiting for input (Don’t expect this to be fast!). Then enter the following command:

User.all.each  {|u| u.confirmed_at = Time.now; u.save}

This command will then force-verify the users and thus allow them to sign in again.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.