Give SAML priority over LDAP when logging in via SAML

We are using GitLab 8.5.12 with SAML and LDAP to authenticate users.

I noticed that "auto_link_saml_user: true" does not link a user to SAML when the user cannot be found in LDAP. It only works when turning off LDAP. The reason is that in lib/gitlab/saml/user.rb priority is given to LDAP.

This is not what I want. So I changed the sequence to give priority to SAML. With that it works for both LDAP and SAML.

Here is the change:

diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb
index b1e3011..7742656 100644
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -14,14 +14,14 @@ module Gitlab
       def gl_user
         @user ||= find_by_uid_and_provider

-        if auto_link_ldap_user?
-          @user ||= find_or_create_ldap_user
-        end
-
         if auto_link_saml_enabled?
           @user ||= find_by_email
         end

+        if auto_link_ldap_user?
+          @user ||= find_or_create_ldap_user
+        end
+
         if signup_enabled?
           @user ||= build_new_user
         end

Edited Jun 23, 2025 by 🤖 GitLab Bot 🤖