ldap_user_create_mode 'auto' does work without groups #74
Description
I run into a serious problem with Discourse login using LDAP. When a new user tries to login, he is redirected back to a login page without any message. Logs confirmed ldap passed successfully, but user wasn't created in Discourse. Existing users worked fine.
After debugging I discovered that ldap plugin doesn't create users if they have no groups provided by LDAP. I'm not quite sure what changed in our LDAP instance configuration, since it is not entirely under our control, but may have lead to a different data returned by LDAP regarding user groups.
Anyway I was able to workaround by this patch
--- /var/www/discourse/plugins/discourse-ldap-auth/lib/ldap_user.rb.old 2023-03-10 18:01:14.596939164 +0100
+++ /var/www/discourse/plugins/discourse-ldap-auth/lib/ldap_user.rb 2023-03-10 18:07:20.957617316 +0100
@@ -31,10 +31,10 @@
private
def create_user_groups(user_groups)
- return if user_groups.nil?
#user account must exist in order to create user groups
@user = User.create!(name: self.name, email: self.email, username: self.username)
@user.activate
+ return if user_groups.nil?
user_groups.each do |group_name|
group = Group.find_by(name: group_name)
@user.groups << group unless group.nil?All in all, I find it weird user instance is created only if groups are present. I'd expect the user object is created regardless.
Configuration:
- discourse 2.8.13
- discourse-ldap-auth 0.6.0
ldap filteris not set
I would provide a patch, but I can't write in Ruby and this workaround is as far as I could get.