Give SAML priority over LDAP when logging in via SAML
We are using GitLab 8.5.12 with SAML and LDAP to authenticate users.
I noticed that "auto_link_saml_user: true" does not link a user to SAML when the user cannot be found in LDAP. It only works when turning off LDAP. The reason is that in lib/gitlab/saml/user.rb priority is given to LDAP.
This is not what I want. So I changed the sequence to give priority to SAML. With that it works for both LDAP and SAML.
Here is the change:
diff --git a/lib/gitlab/saml/user.rb b/lib/gitlab/saml/user.rb
index b1e3011..7742656 100644
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -14,14 +14,14 @@ module Gitlab
def gl_user
@user ||= find_by_uid_and_provider
- if auto_link_ldap_user?
- @user ||= find_or_create_ldap_user
- end
-
if auto_link_saml_enabled?
@user ||= find_by_email
end
+ if auto_link_ldap_user?
+ @user ||= find_or_create_ldap_user
+ end
+
if signup_enabled?
@user ||= build_new_user
end