With SAML + LDAP error occurs if LDAP does not have an email address value

Zendesk: https://gitlab.zendesk.com/agent/tickets/107214

A customer has a situation where users are already able to sign in via SAML successfully. SAML provides the necessary attributes like name and email address. Now they want to add LDAP so they can use group sync. Their LDAP system does not have email attributes for users, though. When configured with LDAP + SAML and with auto_link_ldap_user set, GitLab attempts to update the user's profile with information from the sign in provider and from LDAP. This fails when LDAP cannot provide an email address.

NoMethodError (undefined method `first' for nil:NilClass):
lib/gitlab/auth/o_auth/user.rb:246:in `update_profile'
lib/gitlab/auth/o_auth/user.rb:19:in `initialize'
app/controllers/omniauth_callbacks_controller.rb:125:in `new'
app/controllers/omniauth_callbacks_controller.rb:125:in `sign_in_user_flow'
app/controllers/omniauth_callbacks_controller.rb:102:in `omniauth_flow'
app/controllers/omniauth_callbacks_controller.rb:40:in `saml'

The code in question:

if creating_linked_ldap_user? && gl_user.email == ldap_person.email.first
  metadata.set_attribute_synced(:email, true)
  metadata.provider = ldap_person.provider
end

Specifically ldap_person.email is nil so .first fails.