Add option to restrict LDAP access to specific groups
Dev: https://dev.gitlab.org/gitlab/gitlab-ee/issues/330
- Requested informally by user.
Douwe
This is already possible when users have MemberOf attributes, but in many cases they don't.
Sometimes, users can also be filtered by tree base, but that won't work if different kinds of users are mixed under e.g. 'ou=people'.
It's not hard to implement. We have methods for checking group membership. After we get the user entry from the LDAP server, we can check if it matches, and bail out if it doesn't.
cc/ @DouweM @JobV @sytses @jacobvosmaer
Customers
Edited by Service Account - security-triage