I just updated to the most recent version of gitlab-omnibus (I believe 10.1, but I’m not positive). None of my users can login now, and I'm not seeing anything incredibly useful in the error logs.
I’m not 100% certain which version of gitlab-omnibus I came from, but it hadn’t been more than a month since I updated, so probably a later 9.x version.
The error I’m getting is
Could not authenticate you from Ldapmain because "Ssl connect returned=1 errno=0 state=error: certificate verify failed".
at the login screen when anyone goes to login. When I tail all of the logs using gitlab-ctl tail, I get the following error on login attempt.
{"method":"POST","path":"/users/auth/ldapmain/callback","format":"html","controller":"OmniauthCallbacksController","action":"failure","status":302,"duration":6.6,"view":0.0,"db":0.0,"location":"https://gitlab.mycompany.com/users/sign_in","time":"2017-10-24T01:37:36.538Z","params":{"utf8":"✓","authenticity_token":"[FILTERED]","username":"my.name","password":"[FILTERED]"},"remote_ip":"192.168.0.81","user_id":null,"username":null}
I've checked that nothing was changed with the certs I'm currently using, and nothing in the gitlab.rb file has changed. The last time I had a problem similar to this, gitlab had changed the name of one of the fields in the gitlab.rb file...but that doesn't appear to be the issue this time.
Once I rebuild the server from a backup, I can look up what the last version I had was, and I'll update here.
As it turns out, they did release that there would be a breaking change in LDAP (for most people).
From Gitlab 10.0 Release
After adding
verify_certificates: falseto my ldap configuration, everything works again.