We’re using GitLab CE for git for a range of engineering classes at the University of California, Santa Cruz. For various reasons, we don’t want to use IMAP for user authentication. However, we want to ensure that students sign up with a username that matches their “official” UCSC email address so we can match assignments with student rosters.
The solution I came up with was to modify signup_domain_valid? to take a pseudo-domain: require_user_email_match. If this domain is listed, the user name is only valid if it matches the user portion of the email address. It’s a short patch (fewer than 10 lines of code), but very useful for our setup.
Any chance this could be added to the codebase? It might prove useful for other universities, and it’s much simpler than integrating with IMAP. It also makes it easier for students to reset their own passwords without going through the central password system.
I’m quite sure that the available whitelisting features don’t work, since I’m already using them. A user in a whitelisted domain (e.g., ucsc.edu) can create any GitLab account they want. So, for example, someone with the email address elm@ucsc.edu could create the username darrell. This is a problem, since we need the username to match the email address so we can tie users to their campus-wide IDs.
I have code that accomplishes this goal; it’s around 10 lines long. I’ll create a feature proposal for it, but I’d be just as happy if someone would be willing to integrate the code I’ve already written. It’s very unobtrusive, and has no effect unless a specific pseudo-domain is entered into the whitelist.