Skip to content

Allow empty LDAP email

Jarka Košanová requested to merge 24956-saml-ldap-sync-fix into master

What does this MR do and why?

It fixes an error when email is nil on LDAP. If email is nil, the linked provider email is used instead.

How to set up and validate locally

  1. Setup SAML

  2. Setup LDAP

  3. Pick one LDAP user and update their attributes so that uid matches the Oauth uid and email is nil

    • I edited gitlab-development-kit/gitlab-openldap/frontend.example.com.ldif following entry:
dn: uid=1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
  • changed uid in dn and removed mail line
  1. Try to log in with the user using SAML

This should fail on master but should work on this branch. A new user with 2 identities should be correctly created

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #24956 (closed)

Edited by Jarka Košanová

Merge request reports

Loading