Add a setting to Ignore Guest Users with SAML or Email auth type on LDAP synchronization

Description

Add a setting to System Console > SAML 2.0 under the "Enable Synchronizing SAML Accounts With AD/LDAP:" setting. New setting is available when "Enable Synchronizing SAML Accounts With AD/LDAP::= True"

  • New Setting Name: "Ignore Guest Users when Synchronizing with AD/LDAP"

  • Default: False

  • Description: "When true, Mattermost will ignore Guest Users who are identified by the Guest Attribute, when synchronizing with AD/LDAP for user deactivation and removal and Guest deactivation will need to be managed manually via System Console > Users."

QA Test Steps

In order to QA this PR, you will need to have SAML and LDAP both setup. So you authenticate via SAML and Sync via LDAP.
ADFS -
1. ADFS setup in Active Directory (adfs.e2etest.dev.spinmint.com)
2. SAML needs to be setup with ADFS. (https://docs.mattermost.com/deployment/sso-saml-adfs-msws2016.html)
2a. Set "Enable Synchronizing SAML Accounts with AD/LDAP" = true
2b. Set "Ignore Guest Users when Synchronizing with AD/LDAP" = true
2c. Set "Guest Filter" = Username=guest
2b. Set "Id Attribute" = "objectGUID"
3. Mattermost must be running in SSL. (https://docs.mattermost.com/install/config-tls-mattermost.html)

LDAP -
1. AD/LDAP setup in Active Directory (adfs.e2etest.dev.spinmint.com)
2. LDAP needs to be setup in Mattermost (https://docs.mattermost.com/deployment/sso-ldap.html)
2a. Set "Enable Synchronization with AD/LDAP" = true
2b. Set "ID Attribute" = "objectGUID"
2c. Set "User Filter" = "(sn=user)"
Once both systems are setup and working independently.

Test SAML Login -

  • Ensure Guest User can login.

  • Go to LDAP, run LDAP Sync.

  • Ensure Guest User was not deactivated.

Activity

Show:
Scott Bishel
September 24, 2020, 8:47 PM

Should the setting go on the SAML Settings page, since it will only affect users who login via SAML.

If login is via LDAP, this setting doesn’t make any sense. And Email Authorized users don’t get updated via LDAP.

Katie Wiersgalla
September 24, 2020, 8:54 PM

Updated for SAML.

Mana

None

Assignee

Scott Bishel

QA Assignee

Rohitesh Gupta

Reporter

Katie Wiersgalla

Epic Link

None

Fix versions

Mattermost Team

Enterprise

Labels

None

QA Testing Areas

None

GitHub Issue

None

Components

None
Configure