-
Notifications
You must be signed in to change notification settings - Fork 897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure user name is set even when common LDAP attributes are missing. #14142
Ensure user name is set even when common LDAP attributes are missing. #14142
Conversation
@abellotti and @kbrock Please review. @abellotti After consideration I have decided that your initial idea of solving this in both the ldap and httpd authenticators is the better way to go. Please see my description above. Thank you! JoeV |
Checked commit jvlcek@52f02f5 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like where you put the code and how the tests turned out.
Like how each authenticator fully owns populating the user record for their own domain
@@ -295,6 +295,34 @@ def authenticate | |||
expect(MiqTask.status_error?(task.status)).to be_truthy | |||
end | |||
end | |||
|
|||
context "when fullname is blank" do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like how test tests turned out joe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Nice Enhancement @jvlcek LGTM!! 👍 |
👍 Thanks @jvlcek! |
FYI : work for us, tested using ldap only. |
Thanks @yada for testing it out. |
Yes, Thank you @yada ! |
Ensure user name is set even when common LDAP attributes are missing. (cherry picked from commit b502d51) https://bugzilla.redhat.com/show_bug.cgi?id=1428859
Euwe backport details:
|
…isplayname Ensure user name is set even when common LDAP attributes are missing. (cherry picked from commit b502d51) https://bugzilla.redhat.com/show_bug.cgi?id=1428859
Addresses:
https://bugzilla.redhat.com/show_bug.cgi?id=1400567
Description of problem:
Currently, if an administrator has configured users in LDAP without the common
but not required attribute
displayName
, login to MiQ fails for those users.This PR adds functionality to set the user name to something other than
displayName
when it is missing. The user name is used by MiQ to display a header with the name
of the logged in user.
Two attempts to set the user name are made.
The first attempt will try to use the LDAP attributes for first and last name. Which are readable but also optional. Failing that the second attempt will use the userid, which is less attractive
but more foolproof.
Description of solution implementation:
This could have been solved by adjusting for an empty user name in the single
app/models/authenticator.rb
. However this resulted in other authenticationmechanisms exercising code that is limited to ldap and httpd authenticators.
The solution presented solves the problem in both the ldap and httpd authenticators.
Because the ldap authenticator code is being EOLed the end result will, in the near
future, have the solution in a single place, the httpd authenticators.
Steps for Testing/QA
Test 1:
Attempt to log in to MiQ with an LDAP user who's
displayName
attribute has been deleted.Test 2:
Attempt to log in to MiQ with an LDAP user who's
displayName
,sn
andgivenName
attributes have been deleted.These test should be repeated using both the MiQLdap client and External Auth