Skip to content

Set username from the returned LDAP attributes.

Andrea Callia D'Iddio requested to merge fix-impersonation into master

With this MR, when logging in, the current username is set directly from the returned LDAP attributes, which prevents any issue with special operators used when specifying the username - e.g. impersonation operator, without the need to handle the impersonation logic, and therefore keeping the impersonation logic in just one place.

By doing this, there is no need to involve the auth.py module in the management of impersonation operators, keeping it "agnostic" with respect to how the username is specified and handled by the LDAP authenticator.

Before this fix, usernames like adumble as hpotter were added in the AuthenticatedUser table, instead of just hpotter, preventing the app from retrieving the right data associated with the impersonated user hpotter.

Edited by Andrea Callia D'Iddio

Merge request reports

Loading