Member loses all permissions to the group for 50 minutes when the LDAP group sync member permission override expires
Resolve !5003 (comment 64000266):
- Currently in master, you are able to set expiration date when you set a permission override
- At 00:10 on the expiration date,
RemoveExpiredMembersWorkerdestroys the membership
- At 01:00,
LdapGroupSyncWorkerrecreates the membership with default perms
This is not ideal since the member loses permission to the group for 50 minutes, but at least we eventually do the right thing.
We could trigger
RemoveExpiredMembersWorker removed any members with
ldap: true. Is there any danger with stepping on the hourly scheduled sync?
I've set 9.5 as the milestone since the bug has existed since before that, but note that this is not a severe bug and we have had 0 reports of this issue, so we should probably not even backport it at all unless there are specific requests: https://docs.gitlab.com/ee/policy/maintenance.html#patch-releases