I have gitlab configured with ldap, and I’d like to sync user account changes after being changed on the ldap end. Specifically I changed a user’s email address on the ldap server, but I can’t see the change or edit email on gitlab’s end.
How would I sync user profiles?
I’m facing the same problem.
We’ve connected GitLab to our Active Directory, then all our users logged in for the first time to GitLab, so their account were created on logon.
But, we had never entered anything in the email field of the user account in Active Directory, so GitLab created a random email user@activedirectorydomain.
When we figured that they were unable to change their email address via GitLab, I went in Active Directory and I’ve edited the email string with the proper addresses.
But GitLab never resynced the data. It looks like GitLab only resync every 1 hour user account to see if they are valid users or not, but does not sync the actual account information regarding email addresses.
I’ve had to impersonate each user and add a secondary email address in GitLab so far, and set that email for Notifications. But still, there’s a lot that secondary email can’t do.
Email can be updated manually from console
$ sudo gitlab-rails console
[sudo] password:
-------------------------------------------------------------------------------------
GitLab: 11.2.3 (06cbee3)
GitLab Shell: 8.1.1
postgresql: 9.6.8
-------------------------------------------------------------------------------------
Loading production environment (Rails 4.2.10)
irb(main):001:0> user = User.find_by_email("user.name@something.com")
=> #<User id:146 @user.name>
irb(main):003:0> user.email
=> "user.name@something.com"
irb(main):004:0> user.email = "user.name@corp.domain.com"
=> "user.name@corp.domain.com"
irb(main):005:0> user.save
=> true
you’re a legend
There is also a good python module for Gitlab: https://python-gitlab.readthedocs.io/en/stable/
It works using Gitlab web-API.
I use it to automate many administration tasks.
A quick but important note. If you want to avoid waiting for users to confirm email you can add ‘user.skip_reconfirmation!’ and it will change the email instantly. For my use case I have about 100 users who have a legacy domain name.
I had to loop through a list of the email addresses and pre-populated them in a list and iterated over that list to make the changes.
sudo gitlab-rails console
emails = ['user1@example.net', 'user2@example.net']
for email in emails
user = User.find_by_email(email)
user.email = user.email.sub! 'example.net', 'example.com'
user.skip_reconfirmation!
user.saveThank you.
Using solution from @mr-brody works for a while, but the email will be updated at next login, so my fix is to change the gitlab code a bit
file /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/auth/o_auth/user.rb
--- user.rb-origin 2022-09-30 03:57:28.708843961 +0000
+++ user.rb 2022-09-30 03:59:17.494589478 +0000
@@ -49,12 +49,13 @@
def save(provider = 'OAuth')
raise SigninDisabledForProviderError if oauth_provider_disabled?
raise SignupDisabledError unless gl_user
block_after_save = needs_blocking?
+ gl_user.email.sub! "example.net","good.com.cn"
Users::UpdateService.new(gl_user, user: gl_user).execute!
gl_user.block if block_after_save
log.info "(#{provider}) saving user #{auth_hash.email} from login with admin => #{gl_user.admin}, extern_uid => #{auth_hash.uid}"
gl_user