GitLab authorization fails in 0.5 when DRONE_ORGS are set


I’ve head infinite redirect look when connecting drone to gitlab organisation.
It seems that team membership check is failing in the drone as demonstrated by following log line:

time=“2016-12-05T08:03:51Z” level=error msg="cannot verify team membership for .

After unsetting DRONE_ORGS authorization works correctly.


have you had a look at the recommended configurations?

this was discussed previously here

Yes, I’m using it with DRONE_OPEN=true.

the DRONE_ORGS are case sensitive. For example, DRONE_ORGS=foo might fail if GitLab returns DRONE_ORGS=Foo. Can you confirm you have the orgs setup correctly per the values GitLab is returning?

basically this is the block of code that is failing:

		// if self-registration is enabled for whitelisted organizations we need to
		// check the user's organization membership.
		if len(config.Orgs) != 0 {
			teams, terr := remote.Teams(c, tmpuser)
			if terr != nil || config.IsMember(teams) == false {
				logrus.Errorf("cannot verify team membership for %s.", u.Login)
				c.Redirect(303, "/login?error=access_denied")

Here are some possible reasons why this wouldn’t work:

  1. the endpoint to fetch the list of teams returns an error
  2. the list of teams does not match any teams in DRONE_ORGS (most likely)

I would recommend you dig into the code here to troubleshoot further at

Checked the org name, it is all lowercase and matches with value specified in DRONE_ORGS, I guess better diagnostics could help in future.