Describe the bug
LDAP authentication fails when the LDAP username contains dots (e.g., john.doe). Taiga strips dots from usernames during user creation, storing johndoe instead of john.doe. On subsequent LDAP logins, the plugin looks up john.doe, doesn't find it, and tries to create a new user, which fails due to duplicate email constraint.
To Reproduce
User with LDAP uid john.doe and email john.doe@example.com logs in for the first time
Taiga creates user with username johndoe (dot stripped)
User logs in again via LDAP
Plugin searches for username john.doe - not found
Plugin tries to create new user - fails with duplicate email error
Error Log:
taiga.users.models.User.DoesNotExist: User matching query does not exist.
During handling of the above exception, another exception occurred:
django.db.utils.IntegrityError: duplicate key value violates unique constraint "users_user_email_243f6e77_uniq"
Proposed Fix
Option A: Normalize username before lookup (strip dots to match Taiga's behavior)
python@transaction.atomic
def ldap_register(username: str, email: str, full_name: str):
user_model = get_user_model()
normalized_username = username.replace('.', '')
try:
user = user_model.objects.get(username=normalized_username)
except user_model.DoesNotExist:
user = user_model.objects.create(
email=email,
username=normalized_username,
full_name=full_name
)
return user
Option B: Lookup by email as fallback
python@transaction.atomic
def ldap_register(username: str, email: str, full_name: str):
user_model = get_user_model()
try:
user = user_model.objects.get(username=username)
except user_model.DoesNotExist:
if email:
try:
user = user_model.objects.get(email=email)
return user
except user_model.DoesNotExist:
pass
user = user_model.objects.create(
email=email,
username=username,
full_name=full_name
)
return user