Mis behaviour in user identity when using AD as authentication source
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Hi, I fill up this issue following support ticket 173579(internal) on the support request.
We have an omnibus install of gitlab with a link to AD for user authentication. In our AD we have some generic users for integration purpose, usually the email of the generic user of a project is the e-mail of the lead developer of the project.
As gitlab use email as source for authentication I have observed the following behaviour. When logging on gitlab with the generic user we impersonate the lead developer getting all its credentials for projects access and the lead developer account name change for the generic user name so at first you do not realise that you are using the lead dev account.
This was observed on gitlab 12.10.14, we have upgraded since to 13.3.6 but I have not tested this on 13.3.6.
As a workaround I defined a dummy email for the generic user in AD and then when logiing ti was creating a new account properly for this user.
I know that the request of having users with the same e-mail has been around for sometimes and is probably not easy to achieve even if that would be the best solution for the issue I have encountered. Meanwhile could it be possible for security purpose to at least prevent a user to log and create an account if its e-mail is already used by another user.
Regards, Sebastien Chanson