Allow users to share email in LDAP configuration

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Description

At the moment ldap authenticates by username, then it goes through a series of steps to match existing users. First, extern_uid (DN) followed by email. This is because DNs can change so the extern_uid isn't always identical.

When the same email address is assigned to multiple users those users are logged in as each other causing obvious issues.

Proposal

Rather than authenticate in this order: username > extern_uid > user email

Would it be possible to authenticate as follows? username + user email > extern_uid

Links / references

ZD: https://gitlab.zendesk.com/agent/tickets/74294

Documentation blurb

1. Why should someone use it; what's the underlying problem.

(As requested by customer):

Basically, the reason is that the second account is a system account. Thus, we usually point that address when setting it up to a user’s email address to avoid spamming a whole group of people. In our environment, it is okay to have multiple accounts with the same address as the UID is the unique identifier, not the email and UID.

2. What is the solution.

Rather than authenticate in this order: username > extern_uid > user email

Would it be possible to authenticate as follows? username + user email > extern_uid

3. How does someone use this

This feature will be active without any user input.