Ldap login without sync (!464) · Merge requests · amiv / Amivapi

Johannes Zumthurm requested to merge ldap-login-without-sync into master May 25, 2022

Created by: temparus

If some LDAP fields are not present in the LDAP response of ETH, the whole user synchronization fails currently and the users cannot log in as described in #436 (closed) (Closes #436 (closed)).

This PR ensures that the users can still successfully log in even if the user synchronization fails but the initial authentication with the LDAP server was successful.

The data processing of the LDAP response is made more failure tolerant. If a field which we expect to exist in the LDAP response is not available, we just skip processing that specific field but still handle the other fields. This makes it a bit harder to spot and debug potential issues with the LDAP sync.

If we want to make that more transparent, we could add further logging messages pointing out which fields were skipped.

Admin message

Ldap login without sync

Merge request reports