GitLab v6.2.0.pre 666849b - Access Denied when cloning via ssh

Question

UPDATE

This is user-specific. when I curl the url

http://localhost//api/v3/internal/allowed?key_id=22&action=git-upload-pack&ref=_any&project=analytics/dns-website

from the GitLab server using id 22, the response if "false". If I change the key_id to that of another user, the response is "true"

---

Whenever I clone an existing git repo (or push/pull from remote) using my LDAP credentials, I get the error:

Access denied. fatal: The remote end hung up unexpectedly

LDAP users in other domains are not affected.

I removed and re-added a public key to my GitLab profile and I can successfully test the ssh connection:

#ssh -vT git@git.mysite.com

OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
...
Welcome to GitLab, Keith Harris!
...
debug1: Exit status 0

gitlab-shell.log reports the following error:

W, [2013-10-15T16:55:43.226875 #23590] WARN -- : gitlab-shell: Access denied for git command <git-upload-pack 'analytics/dns-website.git'> by user with key key-22.

Answer 1

I am closing this question and will ask another now that I understand the problem has nothing to do with GitLab configuration.

I discovered that the api call was failing only for users in my domain, users in other enterprise domains are not affected.

lib/api/internal.rb line# 38 is returning false because Gitlab::LDAP::User.blocked?(user.extern_uid) == true

UPDATE

I got it working using PR #5400 https://github.com/gitlabhq/gitlabhq/pull/5400

Need to update lib/gitlab/ldap/user.rb:

def blocked?(dn)
    ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
    ldap.connection.search(base: dn, scope: Net::LDAP::SearchScope_BaseObject, size: 1).blank?
end