Find a user by email from LDAP
What does this MR do?
In this MR we try to find the user by email when the lookup using DN fails.
I've tested this locally like this:
This is the identity I'm going to change:
[1] pry(main)> u = User.first
=> #<User id: 96, email: "bob@gitlab.com", created_at: "2017-05-31 06:55:22", updated_at: "2017-05-31 10:24:18", name: "bob-test bt. Testy", admin: false, projects_limit: 10, skype: "", linkedin: "", twitter: "", authentication_token: "68VsUytKzv9xwZsumspa", bio: nil, username: "bob-test-update", can_create_group: true, can_create_team: false, state: "active", color_scheme_id: 1, password_expires_at: nil, created_by_id: nil, last_credential_check_at: "2017-05-31 10:24:17", avatar: nil, hide_no_ssh_key: false, website_url: "", admin_email_unsubscribed_at: nil, notification_email: "bob@gitlab.com", hide_no_password: false, password_automatically_set: true, location: nil, encrypted_otp_secret: nil, encrypted_otp_secret_iv: nil, encrypted_otp_secret_salt: nil, otp_required_for_login: false, otp_backup_codes: nil, public_email: "", dashboard: 0, project_view: 2, consumed_timestep: nil, layout: 0, hide_project_limit: false, note: nil, otp_grace_period_started_at: nil, ldap_email: true, external: false, incoming_email_token: "d8ivq53wsivnslyplk8gk050e", organization: nil, authorized_projects_populated: true, auditor: false, ghost: nil, notified_of_own_activity: false, last_activity_on: nil, support_bot: nil, require_two_factor_authentication_from_group: false, two_factor_grace_period: 48, preferred_language: "en", rss_token: "8ywmrW27ogVUNYCJpxz8">
[2] pry(main)> u.ldap_identity
=> #<Identity:0x007f9adcbbbbc8
id: 24,
extern_uid: "CN=bob-test bt. Testy-1,CN=Users,DC=Vosmaer,DC=com",
provider: "ldapmain",
user_id: 96,
created_at: Wed, 31 May 2017 06:55:22 UTC +00:00,
updated_at: Wed, 31 May 2017 10:24:17 UTC +00:00,
secondary_extern_uid: nil>
[5] pry(main)> u.ldap_blocked?
=> false
Sync after changing the user in LDAP:
[6] pry(main)> Gitlab::LDAP::Access.allowed?(u, update_ldap_group_links_synchronously: true)
LDAP search error: No Such Object
Instantiating Gitlab::LDAP::Person with LDIF:
dn: CN=bob-test bt. Testy-2,CN=Users,DC=Vosmaer,DC=com
cn: bob-test bt. Testy-2
mail: bob@gitlab.com
memberof: CN=SecurityGroup,OU=Groups,DC=Vosmaer,DC=com
memberof: CN=DistributionGroup,OU=Groups,DC=Vosmaer,DC=com
samaccountname: bob-test-update
=> true
The first lookup fails, the second is done using the email
fields configured, for this LDAP and finds and updates the user & it's identity:
[11] pry(main)> u.ldap_identity
=> #<Identity:0x007f9adcbbbbc8
id: 24,
extern_uid: "CN=bob-test bt. Testy-2,CN=Users,DC=Vosmaer,DC=com",
provider: "ldapmain",
user_id: 96,
created_at: Wed, 31 May 2017 06:55:22 UTC +00:00,
updated_at: Wed, 31 May 2017 10:32:09 UTC +00:00,
secondary_extern_uid: nil>
Why was this MR needed?
To not incorrectly block the account when the DN changes. Causing the user not to have acces to their repositories until they sign in again into the web app and their DN is updated.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added - Tests
-
Added for this feature/bug -
All builds are passing
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Branch has no merge conflicts with master
(if it does - rebase it please) -
Squashed related commits together
What are the relevant issue numbers?
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22924 Closes #2522 (closed)
Edited by Bob Van Landuyt :neckbeard: