GitLab

Created by: jsternberg

We had a user who couldn't clone because gitlab falsely labeled him as "blocked". We found when searching LDAP for his DN that he showed up with two entries. We found that when size: 1 is used, net-ldap returns nil instead of truncating the list. This is filed as ruby-ldap/ruby-net-ldap#75.

Upon closer analysis, the DN's were different. They were structured as:

CN=extra,CN=name,CN=users,OU=org,DC=pc,DC=example,DC=com
CN=name,CN=users,OU=org,DC=pc,DC=example,DC=com

Only the later of those two is what Gitlab should have been looking for. It seems Net::LDAP defaults to searching the whole tree scope instead of base. Searching only at the base scope fixes it so it only returns one entry instead of two.