Allow empty LDAP email (!133320) · Merge requests · GitLab.org / GitLab

Jarka Košanová requested to merge 24956-saml-ldap-sync-fix into master Oct 04, 2023

What does this MR do and why?

It fixes an error when email is nil on LDAP. If email is nil, the linked provider email is used instead.

How to set up and validate locally

Setup SAML
Setup LDAP
Pick one LDAP user and update their attributes so that uid matches the Oauth uid and email is nil
- I edited gitlab-development-kit/gitlab-openldap/frontend.example.com.ldif following entry:

dn: uid=1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe

changed uid in dn and removed mail line

Try to log in with the user using SAML

This should fail on master but should work on this branch. A new user with 2 identities should be correctly created

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #24956 (closed)

Edited Oct 04, 2023 by Jarka Košanová

Allow empty LDAP email

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports