Support first name and last name attributes in LDAP user sync
Problem to solve
LDAP User Sync now updates the user name. This supports syncing the user name to the attribute defined for name in the LDAP configuration, which is set to cn by default. However, when a user is initially created via LDAP login, and no full name could be found at the attribute specified for name, the full name is determined using the attributes specified for first_name and last_name. This is currently not supported in user sync - if there is a name found at the attribute for name, it is synced. If nothing is found, then the name isn't touched during the sync. The attributes for first_name and last_name are not queried during the LDAP user sync.
Feature requested in customer ticket: https://gitlab.zendesk.com/agent/tickets/121647 (internal use only)
Intended users
Systems Administrator who maintains the LDAP servers for user authentication.
Further details
The LDAP user sync updates the user via the update_user_attributes method. The user is found in the customer's LDAP server, and only certain attributes are queried for the user. You can simulate this in the rails console (open via sudo gitlab-rails console):
# define the ldap config
config = Gitlab::Auth::LDAP::Config.new('<your LDAP server here>')
# attributes passed to LDAP search for user
Gitlab::Auth::LDAP::Person.ldap_attributes(config)The first_name and last_name attributes aren't included in this LDAP user search query, and aren't currently available for the LDAP user sync. The name attribute is queried, and the sync will update it if it exists.
Proposal
Support using the first_name and last_name attributes for the user name inn LDAP user sync when the attribute specified for name doesn't have information.
Documentation
LDAP User Sync documentation: https://docs.gitlab.com/ee/administration/auth/ldap-ee.html#user-sync
What does success look like, and how can we measure that?
LDAP user sync will support using the first_name and last_name attributes for the user name when the attribute specified for name doesn't have information.
What is the type of buyer?
Starter, as LDAP user sync is a Starter feature.