"Prevent users from changing their profile name" setting should not affect LDAP sync profile name updates
Summary
If an instance is using LDAP to manage users, the expectation is that LDAP be the single source-of-truth for user data such as their GitLab profile name
. By browsing to Admin > Settings > General > Account and Limit, an administrator can disable the ability for users to change their profile name by checking the Prevent users from changing their profile name
box. With this setting enabled, an administrator can still use the Admin console or API to change the user's profile name, however an LDAP sync will not change the profile name, even if it has been changed on the LDAP side.
In general the expectation should be that user information fields are updated via LDAP. There is no indication that this feature should prevent LDAP username changes and in my opinion, LDAP sync should override the setting.
Steps to reproduce
- Create an instance with LDAP sync enabled
- Ensure that the
name
attribute is configured:-
attributes: name: ['displayName']
in gitlab.rb`
-
- Check the
Prevent users from changing their profile name
box in Admin > Settings > General > Account and Limit - Change the user's
displayName
on the ldap server - Trigger an LDAP sync
- Observe that the profile name is not updated
What is the current bug behavior?
The Prevent users from changing their profile name
setting prevents user profile names being synced with LDAP
What is the expected correct behavior?
Prevent users from changing their profile name
box should prevent users from manually updating their profile name from the UI. It should not prevent LDAP sync from updating it.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)