Since you can set up multiple email addresses for users, it is possible that sentry_ldap_auth updates the wrong email address when changing the UserEmail field.
Say, you have two UserEmail objects for an user, 'personal' and 'system-wide'. When 'personal' gets updated to "system-wide", this generates an IntegrityError because (user, email) is unique in the database, preventing logon.
Instead of changing the attribute, I add it to the list of the user's email addresses. There's no reliable way to remove an old email address. I also do not add any empty email addresses.
I doubt this entire structure is even necessary because when the 'email' attribute is set correctly on AUTH_LDAP_USER_ATTR_MAP this should all happen automatically, since Sentry has added a signal on User creation to automatically create the UserEmail object.
I do delete any lingering UserEmails that are empty (this is the case if the map is not set up correctly, since django-auth-ldap will then create a User object without an email address).
@barronhagerman is it possible to get this baked into a new release, e.g. 2.6? We have ongoing issues with users inputting custom emails and failing authentication over LDAP afterwards.
Since you can set up multiple email addresses for users, it is possible that sentry_ldap_auth updates the wrong email address when changing the UserEmail field.
Say, you have two UserEmail objects for an user, 'personal' and 'system-wide'. When 'personal' gets updated to "system-wide", this generates an IntegrityError because (user, email) is unique in the database, preventing logon.
Instead of changing the attribute, I add it to the list of the user's email addresses. There's no reliable way to remove an old email address. I also do not add any empty email addresses.
I doubt this entire structure is even necessary because when the 'email' attribute is set correctly on
AUTH_LDAP_USER_ATTR_MAP
this should all happen automatically, since Sentry has added a signal on User creation to automatically create the UserEmail object.I do delete any lingering UserEmails that are empty (this is the case if the map is not set up correctly, since django-auth-ldap will then create a User object without an email address).