Ensure LDAP Group Sync by Filter sanitizes DNs
What does this MR do?
Fixes #8285 (closed).
This changes the LDAP Group Sync by filter feature and ensures that member DNs are normalized/downcases so comparison happens correctly.
This also adds in-memory caching of filter results. We've always done in-memory caching of other LDAP Group Sync search results to reduce the number of calls to LDAP. It was an easy add and brought everything into alignment.
Of note, the initial diagnosis from #8285 (closed) wasn't quite correct. All normalization prior to this change was actually done transparently because most LDAP search results are fed through the ...::LDAP::Group
or ...::LDAP::Person
class which does the normalization for us. This MR doesn't change that, but it also brings normalization into a common location to ensure that all DNs are normalized regardless of where they come from. For LDAP Group Sync by CN, this is redundant but for LDAP Group Sync by filter it's important. I think the change brings a lot of clarity, though.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process. -
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan?