Bug #23041
open
External User Group Sync incorrectly removes users
Description
When a group in Foreman linked to two external user group is being synced, the sync is being case-sensitive and users where the case does not match get removed on the first sync and then added again on the next sync.
1. Should we prevent users from changing their username when they are linked to an LDAP auth source?
2. Should we make the group syncing case-insensitive?
Let's clarify with an example:
Username in Foreman: "admin-abc123", Username in AD: "Admin-Abc123" -> User gets removed.
This happens after the username was manually changed to lowercase.
Updated by Timo Goebel about 6 years ago
#21353 disables user login editing for external users. This mitigates the issue.
Updated by Marek Hulán about 6 years ago
- Status changed from New to Need more information
I thought we always downcase login automatically by User#set_lower_login before save callback - https://github.com/theforeman/foreman/blob/develop/app/models/user.rb#L105 (added in 1.7.0 by #4439. And also changing login for non-internal users should be disabled already by User# check_permissions_for_changing_login https://github.com/theforeman/foreman/blob/develop/app/models/user.rb#L682-L691. The later check was added in 1.17 by #21353
What version of Foreman this was observed on?
Updated by Timo Goebel about 6 years ago
- Status changed from Need more information to New
Updated by Tomer Brisker almost 4 years ago
- Category changed from 218 to Users, Roles and Permissions