Skip to content

"Error creating user, name is invalid" in LDAP sync #28288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BraggerXYZ opened this issue Nov 29, 2023 · 3 comments
Open

"Error creating user, name is invalid" in LDAP sync #28288

BraggerXYZ opened this issue Nov 29, 2023 · 3 comments
Labels
type/bug

Comments

@BraggerXYZ
Copy link

Description

Hi,

I encountered an issue with user synchronisation with our Active Directory since we upgraded to v1.19 in the logs:
Error creating user _XYZ: name is invalid [XYZ]: must be valid alpha or numeric or dash(-) or dot characters
(username sanitized for privacy)

The error message is misleading as _ is stated as valid character but is clearly the culprit here. Trying to add a local user with leading underscore fails with a much better error message:
Username can only contain alphanumeric chars ('0-9','a-z','A-Z'), dash ('-'), underscore ('_') and dot ('.'). It cannot begin or end with non-alphanumeric chars, and consecutive non-alphanumeric chars are also forbidden.

I dug into the source and uncovered the following commit which changed the valid username logic in v1.19:
2900dc9

This makes it impossible to create users with leading or trailing non-alphanumeric characters. Already existing users with leading or trailing non-alphanumeric characters still work, but we cannot create new ones. This breaks functionality because in our organization technical accounts (e.g. for CI integration) have to start with an underscore in our LDAP, it's policy and I cannot change that.
The commit message which introduced this new behaviour does not state why _ is now forbidden, I can only see a mention in the release notes, but not why this is introduced.

Why was this introduced and is there any chance we can get leading underscore back as a valid username as this breaks existing functionality in our org?

Gitea Version

v1.19.0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

2.21.0.windows.1

Operating System

Win Server 2019

How are you running Gitea?

locally installed as Windows service

Database

MSSQL
@BraggerXYZ
Copy link
Author

BraggerXYZ commented Nov 29, 2023
edited
Loading

Also the unit test for this new behaviour does not test for leading underscore, which it should if it is forbidden. :D
This tells me your intentions were for restricting a leading dot in the username (which does make sense) but for underscore I cannot find a reason why it should be forbidden.

@kdumontnu
Copy link
Contributor

@BraggerXYZ if we "normalized" the username by removing any leading non-alphanumberic characters (similar to GitHub, although they don't mention normalizing that specifically) would that solve your problem?

@kdumontnu kdumontnu mentioned this issue Dec 13, 2023
Closed
@BraggerXYZ
Copy link
Author

@kdumontnu Well no, we depend on a leading underscore as the first character of the username (to distinguish them as technical accounts from real users), and so removing any leading non-alphanumerics doesn't solve my problem. That's exactly what Gitea is doing now, so this is no help but current behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BraggerXYZ @kdumontnu