LDAP Attribute 'email' setting is being ignored
Summary
When Logging in with user account from ZIMBRA ZCS 8.5.0 Community edition using the ldap auth, the setting for email field doesnt work as expected, even though properly set up under ldap configuration.
Steps to reproduce
My gitlab.yml is configured as follows ( some parts are hidden because science :p ):
label: 'LDAP-Main'
host: 'my-company-zimbra-host'
port: 389
uid: 'uid'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: '*********************'
password: '********************'
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: 5
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: false
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: true
# To maintain tight control over the number of active users on your GitLab installation,
# enable this setting to keep new users blocked until they have been cleared by the admin
# (default: false).
block_auto_created_users: false
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: 'ou=people,dc=******,dc=com'
# Filter LDAP users
#
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
# Ex. (employeeType=developer)
#
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
#
user_filter: ''
# LDAP attributes that GitLab will use to create an account for the LDAP user.
# The specified attribute can either be the attribute name as a string (e.g. 'mail'),
# or an array of attribute names to try in order (e.g. ['mail', 'email']).
# Note that the user's LDAP login will always be the attribute specified as `uid` above.
attributes:
# The username will be used in paths for the user's own projects
# (like `gitlab.example.com/username/project`) and when mentioning
# them in issues, merge request and comments (like `@username`).
# If the attribute specified for `username` contains an email address,
# the GitLab username will be the part of the email address before the '@'.
username: 'uid'
email: 'zimbraMailDeliveryAddress'
# If no full name could be found at the attribute specified for `name`,
# the full name is determined using the attributes specified for
# `first_name` and `last_name`.
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
# GitLab EE only: add more LDAP servers
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database
# so that GitLab can remember which LDAP server a user belongs to.
# uswest2:
# label:
# host:
# ....
Standard Zimbra installation, with some tweaks (enabling extra schema (posixAccount)). But nothing out of ordinary
Expected behavior
email: 'zimbraMailDeliveryAddress' << === this should be used as users DEFAULT AND PRIMARY email address instead the contents of attribute mail are used and this is problem, because zimbra stores every email alias in this field so user has multiple addresses, but i need the primary addres which is stored in this field only, but configuration is being ignored so i cant set it
Relevant logs and/or screenshots
No errors in logs
Output of checks
bundle exec rake gitlab:ldap:check RAILS_ENV=production
Checking LDAP ...
LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
DN: uid=*,ou=people,dc=******,dc=com uid: *
DN: uid=admin,ou=people,dc=*****,dc=com uid: admin
Checking LDAP ... Finished
Results of GitLab Application Check
Checking GitLab Shell ...
GitLab Shell version >= 2.6.10 ? ... OK (2.6.10)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
hooks directories in repos are links: ...
Frameworks / The Elder Scrolls ... ok
Pelmet / Matekey.com ... ok
Pelmet / Mobbes.com ... ok
Frameworks / ldap-login ... ok
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files:
/home/git/repositories: OK
/home/git/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 3.0.5
Send ping to redis server: PONG
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Address formatted correctly? ... yes
IMAP server credentials are correct? ... yes
Init.d configured correctly? ... yes
MailRoom running? ... yes
Checking Reply by email ... Finished
Checking LDAP ...
LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
DN: uid=*,ou=people,dc=*****,dc=com uid: *
DN: uid=admin,ou=people,dc=*****,dc=com uid: admin
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ...
Frameworks / The Elder Scrolls ... yes
Pelmet / Matekey.com ... yes
Pelmet / Mobbes.com ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.2.3)
Your git bin path is "/usr/local/git/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.1)
Active users: 17
Checking GitLab ... Finished
Results of GitLab Environment Info
System information
System:
Current User: git
Using RVM: no
Ruby Version: 2.2.3p173
Gem Version: 2.4.5.1
Bundler Version:1.11.2
Rake Version: 10.5.0
Sidekiq Version:4.0.1
GitLab information
Version: 8.5.0-ee
Revision: 5c75fb2
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: https://*************
HTTP Clone URL: https://*************/some-group/some-project.git
SSH Clone URL: git@**************:some-group/some-project.git
Using LDAP: yes
Using Omniauth: no
GitLab Shell
Version: 2.6.10
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/local/git/bin/git
Possible fixes
This line is totally ignored in config
email: 'zimbraMailDeliveryAddress'