Enable extra slug sanitization on user provisioning
What does this MR do and why?
Enable extra slug sanitization on user provisioning
This removes the feature flag for extra_slug_path_sanitization
, which
is currently enabled for GitLab.com . The new code we are keeping adds
some extra sanitization to usernames when provisioning users via LDAP,
SCIM, and oAuth. This should avoid errors where users cannot be
provisionined due to invalid usernames in the provisioning IdP
Feature flag introduced in !145038 (merged) Relates to #442650 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
- Configure your local GDK to allow LDAP sign-in as per the GDK howto
- in
gitlab-openldap/frontend.example.com.ldif
, alter usermary
to have the following info:dn: uid=mary--,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: Mary-- ...
- run
cd gitlab-openldap && make clean default
to reload the data in LDAP - ensure there is no pre-existing
mary
user in your local GDK install (usegdk reset-data
if needed) - attempt to log in via LDAP with the username
mary--
and the default password - With this change (or on main branch with feature-flag enabled) you should be able to log in as expected.
Related to #439623 (closed)
Edited by Adil Farrukh