Skip to content

LDAP sync not working if Username Attribute not specified #21072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pezhovski opened this issue Sep 5, 2022 · 1 comment · Fixed by #25278
Closed

LDAP sync not working if Username Attribute not specified #21072

pezhovski opened this issue Sep 5, 2022 · 1 comment · Fixed by #25278
Labels
type/bug
Milestone
1.19.4

Comments

@pezhovski
Copy link
Contributor

Description

When LDAP Authentication configured only with required fields, sync_external_users not creating accounts.
Enable user synchronization option is checked.

When trying to login with user from connected LDAP, new user is created with username taken from uid probably.
On the next sync this user is marked as inactive.

It either documentation problem or a bug.

Gitea Version

1.17.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Using compose file

---
version: "2"

services:
  db:
    image: bitnami/postgresql:latest
    user: 1001
    environment:
      - POSTGRESQL_USER=gitea
      - POSTGRESQL_PASSWORD=gitea
      - POSTGRESQL_DATABASE=gitea
    networks:
      - gitea-network

  gitea:
    image: gitea/gitea:1.17.1-rootless
    user: 1000:1000
    environment:
      - DB_TYPE=postgres
      - DB_HOST=db:5432
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=gitea
    volumes:
      - ./gitea-config:/etc/gitea
      - ./gitea-data:/var/lib/gitea
    ports:
      - "3000:3000"
    depends_on:
      - db
    networks:
      - gitea-network

  ldap1:
    image: glauth/glauth
    user: 1000
    volumes:
      - ./ldap-config.cfg:/app/config/config.cfg
    networks:
      - gitea-network

Database

PostgreSQL
@Zettat123
Copy link
Contributor

related to

gitea/services/auth/source/ldap/source_sync.go

Lines 89 to 91 in 73ae718

if len(su.Username) == 0 {
continue
}

@lunny lunny added this to the 1.19.4 milestone Jun 15, 2023
@Zettat123 Zettat123 mentioned this issue Jun 15, 2023
Merged
lunny pushed a commit that referenced this issue Jun 20, 2023
@Zettat123
Fix LDAP sync when Username Attribute is empty (#25278)
33cd74a 
Fix #21072

![image](https://github.com/go-gitea/gitea/assets/15528715/96b30beb-7f88-4a60-baae-2e5ad8049555)

Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.

This PR improves the sync logic, if username is empty, the email address
will be used to find user.
@GiteaBot GiteaBot mentioned this issue Jun 20, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Jun 20, 2023
@Zettat123 @GiteaBot
Fix LDAP sync when Username Attribute is empty (go-gitea#25278)
73e34b1 
Fix go-gitea#21072

![image](https://github.com/go-gitea/gitea/assets/15528715/96b30beb-7f88-4a60-baae-2e5ad8049555)

Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.

This PR improves the sync logic, if username is empty, the email address
will be used to find user.
lunny pushed a commit that referenced this issue Jun 20, 2023
@GiteaBot @Zettat123
Fix LDAP sync when Username Attribute is empty (#25278) (#25379)
dfefe86 
Backport #25278 by @Zettat123

Fix #21072


![image](https://github.com/go-gitea/gitea/assets/15528715/96b30beb-7f88-4a60-baae-2e5ad8049555)

Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.

This PR improves the sync logic, if username is empty, the email address
will be used to find user.

Co-authored-by: Zettat123 <[email protected]>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.19.4
Development

Successfully merging a pull request may close this issue.

Fix LDAP sync when Username Attribute is empty Zettat123/gitea
3 participants
@lunny @Zettat123 @pezhovski