Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms

We accept half a dozen different authentication mechanisms for Git over HTTP. Fairly high in the list we were checking user password, which would also query LDAP. In the case of LFS, OAuth tokens or personal access tokens, we were unnecessarily hitting LDAP when the authentication will not succeed. This was causing some LDAP/AD systems to lock the account. Now, user password authentication is the last mechanism tried since it's the most expensive.
author: Drew Blessing <drew@gitlab.com> 2017-01-24 11:12:49 -0600
committer: Drew Blessing <drew@gitlab.com> 2017-01-30 13:05:47 -0600
commit: 29414ab0438583c7401e94a74a613497874b5e4e (patch)
tree: 8a6cbfabb629620eed7eec24b8d9129426ae2f01 /changelogs
parent: b78d06b78143b16dccc5d5afaa8796473b68bea1 (diff)
download: gitlab-ce-29414ab0438583c7401e94a74a613497874b5e4e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml b/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml
new file mode 100644
index 00000000000..05fbd8f0bf2
--- /dev/null
+++ b/changelogs/unreleased/24462-reduce_ldap_queries_for_lfs.yml
@@ -0,0 +1,4 @@
+---
+title: Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms
+merge_request: 8752
+author:
author	Drew Blessing <drew@gitlab.com>	2017-01-24 11:12:49 -0600
committer	Drew Blessing <drew@gitlab.com>	2017-01-30 13:05:47 -0600
commit	29414ab0438583c7401e94a74a613497874b5e4e (patch)
tree	8a6cbfabb629620eed7eec24b8d9129426ae2f01 /changelogs
parent	b78d06b78143b16dccc5d5afaa8796473b68bea1 (diff)
download	gitlab-ce-29414ab0438583c7401e94a74a613497874b5e4e.tar.gz