Setting User Cap causes LDAP user to be blocked during first sign in
Summary
When LDAP is appropriately configured on a self-managed GitLab instance, a new user can sign in with their LDAP identity and have the account automatically created. If there are no "block auto-created users" settings enabled, the user can directly sign into GitLab on the first attempt.
However, if the "user cap" setting is specified, the user is redirected to the sign in page and shown a "blocked pending Approval" message: This happens even if the user cap is set to say 50 and the current number of users is 5.
Steps to reproduce
- Set up LDAP with GitLab SM.
- Sign-up with new user via LDAP.
- User account is created and user is signed in without any issues
- Change User Cap settings in admin dashboard to some arbitrarily high number (say 100)
- Sign in with another new user
- User will be redirected back to sign in page with Blocked Pending Approval warning
What is the current bug behavior?
On first sign-in via LDAP, new user is always blocked pending approval even if the billable user count does not exceed the user cap count setting, and the following message is shown:
Your account is pending approval from your GitLab administrator and hence blocked. Please contact your GitLab administrator if you think this is an error.
What is the expected correct behavior?
New user should be active if the billable user count does not exceed the user cap count setting.
Investigating the source code
New user remains blocked pending approval if blocked_auto_created_omniauth_user?
returns true
.
def blocked_auto_created_omniauth_user?(user)
::Gitlab.config.omniauth.block_auto_created_users && user.identities.any?
end
::Gitlab.config.omniauth.block_auto_created_users
default is true
and user.identities.any?
returns true
if the user sign-up via LDAP.
Workaround
Explicitly change omniauth.block_auto_created_users
setting in gitlab.rb to false
.
NOTE: New user state is active, but blocked during first sign in. I think this is the same issue as #338980 (closed).