Skip to content

Enable extra slug sanitization on user provisioning

Andrew Evans requested to merge 439623-cleanup-extra-slug-path-sanitization into master

What does this MR do and why?

Enable extra slug sanitization on user provisioning

This removes the feature flag for extra_slug_path_sanitization , which is currently enabled for GitLab.com . The new code we are keeping adds some extra sanitization to usernames when provisioning users via LDAP, SCIM, and oAuth. This should avoid errors where users cannot be provisionined due to invalid usernames in the provisioning IdP

Feature flag introduced in !145038 (merged)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-02-16_at_11.45.47_AM Screenshot_2024-02-16_at_1.37.35_PM

How to set up and validate locally

  1. Configure your local GDK to allow LDAP sign-in as per the GDK howto
  2. in gitlab-openldap/frontend.example.com.ldif , alter user mary to have the following info: 
    dn: uid=mary--,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: Mary--
...
  3. run cd gitlab-openldap && make clean default to reload the data in LDAP
  4. ensure there is no pre-existing mary user in your local GDK install (use gdk reset-data if needed)
  5. attempt to log in via LDAP with the username mary-- and the default password
  6. With this change (or on main branch with feature-flag enabled) you should be able to log in as expected.

Related to #439623 (closed)

Merge request reports