Allow empty LDAP email
What does this MR do and why?
It fixes an error when email
is nil
on LDAP. If email is nil, the linked provider email is used instead.
How to set up and validate locally
-
Pick one LDAP user and update their attributes so that uid matches the Oauth uid and email is nil
- I edited
gitlab-development-kit/gitlab-openldap/frontend.example.com.ldif
following entry:
- I edited
dn: uid=1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
- changed
uid
indn
and removedmail
line
- Try to log in with the user using SAML
This should fail on master but should work on this branch. A new user with 2 identities should be correctly created
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #24956 (closed)
Edited by Jarka Košanová