Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v9.4.x] LDAP: Fix user disabling #74318

Merged
merged 4 commits into from
Sep 4, 2023
Merged

[v9.4.x] LDAP: Fix user disabling #74318

merged 4 commits into from
Sep 4, 2023

Conversation

gamab
Copy link
Contributor

@gamab gamab commented Sep 4, 2023

Backport f900098 from #74016
Backport 9e52414 from #73834

What is this feature?

In v9.x releases, LDAP users used to be disabled on login if they had been removed from the LDAP directory tree.
But we had a bug, we'd also disable non-ldap users.
In v10.x releases, with the move to the AuthBroker, we changed the approach and even if it's still impossible to log in with a removed LDAP user, we do not disable the user anymore.
This PR intends to restore the previous behavior in the AuthBroker but also fix the disabling to only target users that logged via LDAP.

Additionally, for large amount of ldap users (>500 users), active sync was only retrieving a single iteration of users (max 500 users) and therefore was disabling every user that wasn't returned considering them as deleted from the LDAP directory tree.

Why do we need this feature?

[Add a description of the problem the feature is trying to solve.]

Who is this feature for?

[Add information on what kind of user the feature is for.]

Which issue(s) does this PR fix?:

Fixes #

Special notes for your reviewer:

Please check that:

  • It works as expected from a user's perspective.
  • If this is a pre-GA feature, it is behind a feature toggle.
  • The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

@gamab gamab added this to the 9.4.x milestone Sep 4, 2023
@gamab gamab marked this pull request as ready for review September 4, 2023 12:25
@gamab gamab requested review from a team as code owners September 4, 2023 12:25
@gamab gamab requested review from alexanderzobnin, Jguer, zserge, mildwonkey and suntala and removed request for a team September 4, 2023 12:25
@gamab gamab merged commit 49d3cf7 into v9.4.x Sep 4, 2023
11 checks passed
@gamab gamab deleted the backport-74016-to-v9.4.x branch September 4, 2023 14:14
@zerok zerok modified the milestones: 9.4.x, 9.4.14 Sep 4, 2023
@gotjosh gotjosh mentioned this pull request Dec 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IevaVasiljeva IevaVasiljeva IevaVasiljeva approved these changes

@alexanderzobnin alexanderzobnin Awaiting requested review from alexanderzobnin alexanderzobnin is a code owner automatically assigned from grafana/grafana-authnz-team

@Jguer Jguer Awaiting requested review from Jguer Jguer is a code owner automatically assigned from grafana/grafana-authnz-team

@zserge zserge Awaiting requested review from zserge zserge is a code owner automatically assigned from grafana/backend-platform

@mildwonkey mildwonkey Awaiting requested review from mildwonkey mildwonkey is a code owner automatically assigned from grafana/backend-platform

@suntala suntala Awaiting requested review from suntala suntala is a code owner automatically assigned from grafana/backend-platform

Assignees
No one assigned
Labels
add to changelog area/backend backport A backport PR type/bug
Projects
None yet
Milestone
9.4.14
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gamab @IevaVasiljeva @zerok