Bug: Admin mode and LDAP users
Summary
We're using AD for authorizing the users and we've recently update our gitlab to 13.11.3.
I've activated the Admin mode (Require additional authentication for administrative tasks).
Since then every time any of the administrators that are signing in with LDAP account cannot do any of the administrative tasks - yes the ldap login confirmation form is displayed, but it's not accepting the password they're using to sign in.
Fortunately i still have one admin account that is not related to our domain, so i was able to disable it again.
Steps to reproduce
- have users in AD
- give some of the AD users Administrative permissions
- activate Admin mode
- log as AD user with administrative permissions
- open Admin section of Gitlab
- enter your AD login again
What is the current bug behavior?
Not passing through the reauthetication of AD user to GitLab administration.
What is the expected correct behavior?
Being able to open GitLab administration even with active Admin mode and AD user.
Workaround
For anyone ending up here looking for a solution to re-gain access to the admin area you can disable this option through the rails console.
sudo gitlab-rails console
::Gitlab::CurrentSettings.update_attributes!(admin_mode: false)