summaryrefslogtreecommitdiff
path: root/doc/topics/git/troubleshooting_git.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/topics/git/troubleshooting_git.md')
-rw-r--r--doc/topics/git/troubleshooting_git.md37
1 files changed, 36 insertions, 1 deletions
diff --git a/doc/topics/git/troubleshooting_git.md b/doc/topics/git/troubleshooting_git.md
index f881826e74a..0aadde7f7c2 100644
--- a/doc/topics/git/troubleshooting_git.md
+++ b/doc/topics/git/troubleshooting_git.md
@@ -45,7 +45,7 @@ set to 50MB. The default is 1MB.
**If pushing over SSH**, first check your SSH configuration as 'Broken pipe'
errors can sometimes be caused by underlying issues with SSH (such as
authentication). Make sure that SSH is correctly configured by following the
-instructions in the [SSH troubleshooting](../../ssh/index.md#password-prompt-with-git-clone) documentation.
+instructions in the [SSH troubleshooting](../../user/ssh.md#password-prompt-with-git-clone) documentation.
If you're a GitLab administrator with server access, you can also prevent
session timeouts by configuring SSH `keep-alive` on the client or the server.
@@ -232,3 +232,38 @@ too small, the error persists.
Modifying the server is not always an option, and introduces more potential risk.
Attempt local changes first.
+
+## Password expired error on Git fetch via SSH for LDAP user
+
+If `git fetch` returns this `HTTP 403 Forbidden` error on a self-managed instance of
+GitLab, the password expiration date (`users.password_expires_at`) for this user in the
+GitLab database is a date in the past:
+
+```plaintext
+Your password expired. Please access GitLab from a web browser to update your password.
+```
+
+Requests made with a SSO account and where `password_expires_at` is not `null`
+return this error:
+
+```plaintext
+"403 Forbidden - Your password expired. Please access GitLab from a web browser to update your password."
+```
+
+To resolve this issue, you can update the password expiration by either:
+
+- Using the `gitlab-rails console`:
+
+ ```ruby
+ gitlab-rails console
+ user.update!(password_expires_at: nil)
+ ```
+
+- Using `gitlab-psql`:
+
+ ```sql
+ # gitlab-psql
+ UPDATE users SET password_expires_at = null WHERE username='<USERNAME>';
+ ```
+
+The bug was reported [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/332455).
View Lorry Controller Status