Allow GitLab admins to block otherwise valid GitLab LDAP users
- GitLab version: 8.1.2-ee
- Zendesk ticket: https://gitlab.zendesk.com/agent/tickets/10916, https://gitlab.zendesk.com/agent/tickets/11702
Description of issue
If you block an LDAP user as an admin, the user will still be able to login afterwards and the account is no longer blocked. This behavior also seems to happen after the LdapSyncWorker
has run. Blocked LDAP accounts will be restored after the background task has run.
Result of replication
Just as described, both on the login and after the LdapSyncWorker
has run.
Concrete questions / Next steps
It seems that GitLab is reactivating blocked LDAP accounts on purpose (https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ldap/access.rb#L43) but I could be wrong.
@jacobvosmaer can you help me understand the code?
/cc @JobV @dblessing