Skip to content

Add overarching `auto_link_user` Omniauth configuration

Zendesk: https://gitlab.zendesk.com/agent/tickets/104181

We currently have two different auto_link_user values for Omniauth: auto_link_ldap_user and auto_link_saml_user. These settings allow users to sign in with LDAP and SAML and have their existing (non-LDAP/non-SAML) account linked up as long as the email address matches their existing user. In the absence of these settings GitLab will produce a 422 error 'Email already taken'.

We should consider adding a generic/overarching configuration that is just auto_link_user. When this is set to true, a user signing in via any authentication method would have their existing user linked as long as the email address matches.

This would allow customers to easily migrate from, say, LDAP to Crowd, or LDAP to Google OAuth, etc. It's still necessary to configure this optionally in my opinion (and default to false) as it requires a conscious decision to trust email address as a source of truth for a user's identity. You probably don't want this set to true` on GitLab.com for example.