-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After Update to 1.22.0 LDAP Login is not working anymore #31228
Comments
Are you using a self-signed certificate, and which LDAP server are you using? |
Could be a TLS cipher issue. Check if your LDAP server supports TLS 1.2 or higher with tools like https://github.com/drwetter/testssl.sh. golang since v1.22 requires TLS 1.2 or higher by default. |
Same here. Self-signed certificate with "skip TLS verification" selected. Used testssl.sh to check protocols:
OS is Debian 12 bookworm. Gitea running using amd64 binary. |
Same here. I'm using an OpenLDAP proxy. TLS1.2 is supported:
|
Actually it's likely not TLS-version related as per https://tip.golang.org/doc/go1.22#minor_library_changes:
So the TLS client has not changed it's requirement in go 1.22/gitea 1.22, only the server has. |
I've captured the LDAP traffic between Gitea and our LDAP server with tcpdump and analysed it with Wireshark. Our LDAP server only supports Why this happened requires further analysis. Compare the following TLS Client Hello Output between Gitea v1.22.0 and v1.21.11
|
The situation seems clear to me:
https://tip.golang.org/doc/go1.22#minor_library_changes Exporting the required env var
|
@adamoutler |
I'm sorry, but I'm using a docker container setup and I'd need to adjust code to do this. I assume it will be fixed soon enough. |
Ok, I'm closing and pinning this since it's working as intended. People affected should look into upgrading their LDAP server to support modern ciphers and if that's not possible you can workaround preferably with |
Working OpenLDAP/slapd config:
To enable ECDHE ciphers
|
Description
Hi,
I've upgrade to 1.22.0 and after the update LDAP login is no longer possible.
I see tls handshake failures in the logfile:
2024/06/03 11:18:01 ...dap/source_search.go:424:SearchEntries() [E] LDAP Connect error, our.ldap.server:LDAP Result Code 200 "Network Error": remote error: tls: handshake failure
2024/06/03 11:18:01 .../ldap/source_sync.go:55:Sync() [E] SyncExternalUsers LDAP source failure [ourldapserver], skipped
Gitea Version
1.22.0
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.39.3
Operating System
RHEL 8.9
How are you running Gitea?
running gitea from downloads: gitea-1.22.0-linux-amd64
Database
PostgreSQL
The text was updated successfully, but these errors were encountered: