diff options
author | Drew Blessing <drew@gitlab.com> | 2017-01-24 11:12:49 -0600 |
---|---|---|
committer | Drew Blessing <drew@gitlab.com> | 2017-01-30 13:05:47 -0600 |
commit | 29414ab0438583c7401e94a74a613497874b5e4e (patch) | |
tree | 8a6cbfabb629620eed7eec24b8d9129426ae2f01 /changelogs | |
parent | b78d06b78143b16dccc5d5afaa8796473b68bea1 (diff) | |
download | gitlab-ce-29414ab0438583c7401e94a74a613497874b5e4e.tar.gz |
Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms
We accept half a dozen different authentication mechanisms for
Git over HTTP. Fairly high in the list we were checking user
password, which would also query LDAP. In the case of LFS,
OAuth tokens or personal access tokens, we were unnecessarily
hitting LDAP when the authentication will not succeed. This
was causing some LDAP/AD systems to lock the account. Now,
user password authentication is the last mechanism tried since
it's the most expensive.
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml b/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml new file mode 100644 index 00000000000..05fbd8f0bf2 --- /dev/null +++ b/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml @@ -0,0 +1,4 @@ +--- +title: Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms +merge_request: 8752 +author: |