Allow GitLab admins to block otherwise valid GitLab LDAP users

• GitLab version: 8.1.2-ee
• Zendesk ticket: https://gitlab.zendesk.com/agent/tickets/10916, https://gitlab.zendesk.com/agent/tickets/11702

Description of issue

If you block an LDAP user as an admin, the user will still be able to login afterwards and the account is no longer blocked. This behavior also seems to happen after the LdapSyncWorker has run. Blocked LDAP accounts will be restored after the background task has run.

Result of replication

Just as described, both on the login and after the LdapSyncWorker has run.

Concrete questions / Next steps

It seems that GitLab is reactivating blocked LDAP accounts on purpose (https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ldap/access.rb#L43) but I could be wrong.

@jacobvosmaer can you help me understand the code?

/cc @JobV @dblessing