Normal Description:
This is an issue found in Quay with LDAP Authentication, when Login Quay with LDAP user using mail, the login is successful, but Quay won't cache the LDAP response of the LDAP user, and Quay can use the correct UID to query LDAP to check if this use is super user with the filter "LDAP_SUPERUSER_FILTER", but in the coming new LDAP Query, Quay is using UID as the mail, that's not correct, pls review this issue.
Note: This is not regression issue.
Quay: 3.15.2
UID: larry.zhang002
Mail: larry002@redhat.com
gunicorn-web stdout | 2025-09-04 12:35:44,788 [249] [DEBUG] [data.users.externalldap] Found matching DNs: ['cn=larry002,ou=usateam,dc=example,dc=org'] gunicorn-web stdout | 2025-09-04 12:35:44,790 [249] [DEBUG] [data.users.externalldap] Found user for LDAP username larry002@redhat.com; validating password gunicorn-web stdout | 2025-09-04 12:35:44,790 [249] [DEBUG] [data.users.externalldap] DN cn=larry002,ou=usateam,dc=example,dc=org found: {'cn': [b'larry002'], 'sn': [b'larry002'], 'objectClass': [b'inetOrgPerson', b'organizationalPerson', b'person', b'top'], 'uid': [b'larry.zhang002'], 'mail': [b'larry002@redhat.com'], 'userPassword': [b'admin']} gunicorn-web stdout | 2025-09-04 12:36:43,543 [250] [DEBUG] [data.users.externalldap] Incoming username or email param: 'larry.zhang002' gunicorn-web stdout | 2025-09-04 12:36:43,543 [250] [DEBUG] [data.users.externalldap] Conducting user search: (&(|(uid=larry.zhang002)(mail=larry.zhang002))(postalCode=1000)) under ou=usateam,dc=example,dc=org gunicorn-web stdout | 2025-09-04 12:36:43,591 [250] [DEBUG] [data.users.externalldap] Found matching DNs: ['cn=larry002,ou=usateam,dc=example,dc=org'] gunicorn-web stdout | 2025-09-04 12:36:43,594 [250] [DEBUG] [data.users.externalldap] Found superuser for LDAP username or email larry.zhang002 gunicorn-web stdout | 2025-09-04 12:36:43,594 [250] [DEBUG] [auth.permissions] Adding superuser to user: larry_zhang002
LDAP user:
