Prevent email being updated when logging in using LDAP user

ldap

(Mike) #1

Have a property in sonar.properties to disable user email update when using LDAP authentication.

My LDAP does not have the email address attribute set (mail) and no other attribute contains the email address. There should be a way to prevent using ldap.user.emailAttribute to set or update the user’s email address.

Since my LDAP doesn’t have that attribute, the email is empty. Using the admin tool, I can go and set the user’s email but as soon as the user logs back in, the email is resetted to “empty” - this is very annoying.


(G Ann Campbell) #4

Hi,

Thanks for the suggestion. We’re not going to move on this under the theory that if you delegate authentication to another system, then all user information should come form that external system.

 
Ann


(Mike) #5

Hi Ann,

Authentication should stick to authenticating that the user is who he says he is, by validating the username and password.

I do agree that when the user logs on for the very first time, the user’s initial information should come from the authentication authority. But as an administrator of SonarQube, I would like to override this information, like the name and the email for example, and that the changes made do not get overridden when the user logs back in. Once the user is authenticated, the details that an admin is allowed to change should not be refreshed. Or else, remove the ability for the system admin to change the name and the email, and that will close the subject.


(Julien Lancelot) #6

Hi Mike,

In order to make thinks simple, we’d like to keep the fact that the authentication system is fully responsible of giving the login, name and email to SonarQube.
If we introduce some way to only sync partial data, then it will be a nightmare to investigate any issue that will be encountered, and it will be hard for user to understand how it’s working.

Regards,
Julien Lancelot