Add option to automatically link omniauth and LDAP identities
Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
Showing with 219 additions and 16 deletions