LDAP users are keyed against the wrong username.

[NickH-nz]

Issue Type

• Bug Report
• Feature enhancement

Summary

When using the LDAP authentication plugin, users are keyed against the wrong username.

Basic environment details

GoCD Version: 20.7.0 (12097-f4f86ca8d433edaf9235ed92790c11e19d7be4ed).
LDAP Plugin: LDAP Authentication Plugin for GoCD v2.0.1-90 (bundled)

Steps to Reproduce

1. Setup LDAP plugin to accept both mail or uid (|(uid={0})(mail={0})) connected to a directory at example.com.
2. Login with email ([email protected])
3. Logout
4. Login with uid (nick)
5. Notice that two users have been created

Expected Results

I would expect users to be created with a username equal to their uid attribute.
Specifying either mail or uid (or any combination supported by the user filter) at login would log you into the same user.

Actual Results

Users are created with usernames equal to the value entered into the username field at login.
A user is created for each variant supplied in the login field, even if mapped to the same LDAP user.

Possible Fix

• Use the LDAP uid attribute to key users, rather than the user-supplied value.
• Alternatively, supply a config option on the plugin to specify how the username field should be filled.

[maheshp]

You are right, on successful authentication the plugin returns a user with the username same as that in the credentials.
The GoCD LDAP Authorization Plugin has an options to specify the UserNameAttributein the Authorization Configuration, maybe consider using it.