Searching for LDAP users cares about unimportant whitespaces around commas

Description

LDAP GroupSync doesn’t ignore space characters around the , when searching for existing GitLab user LDAP identities.

i.e, Even though the following 2 dns are the same, when GroupSync is run and searches for users, it does not consider them the same person:

cn=user1,ou=users,dc=gitlab,dc=com
cn=user1, ou=users, dc=gitlab, dc=com

Example from GroupSync output:

# When the user's LDAP identity is cn=user1, ou=users, dc=gitlab, dc=com
EE::Gitlab::LDAP::Sync::Group: User with DN `cn=user1,ou=users,dc=gitlab,dc=com` should have access to 'groupA' group but there is no user in GitLab with that identity. Membership will be updated once the user signs in for the first time.

Proposal

The current method to find a user by their LDAP identity (method here) searches for the case-insensitive dn but does not strip spaces around the ,, which is allowed in LDAP.

Possible fix: use a regular expression to strip spaces off from right after the ,. While it is not the issue, it may be beneficial to do the same around the = because, as per https://www.ldap.com/ldap-dns-and-rdns, LDAP shouldn’t care about spaces around the equals sign either.

Links / references

Ticket where this is a problem: https://gitlab.zendesk.com/agent/tickets/80851

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

Feature assurance
Documentation
Added to features.yml

/cc @balameb @dblessing @mydigitalself

Edited Aug 16, 2017 by Harish Ramachandran