Restrict LDAP Sync Settings
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
We have data in our LDAP which falls under various legal protections (for example, FERPA). We would like to use LDAP Sync, but we don't want any group owner to be able to create arbitrary LDAP queries that can access protected data. It would be great to:
- Only allow certain users (either admins or specified users) to manage LDAP Sync.
- Restrict certain LDAP connections to only be used by certain users or groups.
- Filter LDAP queries written by users who are not administrators.
Target audience
Security/data protection people in schools
Further details
LDAP contains an attribute called courseRegistration which is in the format COURSE-SEMESTER. This would be great to use for syncing users, but we can't allow people to arbitrarily choose a course and semester they aren't teaching because that information is protected by law, so we can't currently use Gitlab with an LDAP user that can read this attribute.
Proposal
What does success look like, and how can we measure that?
What is the type of buyer?
Schools currently get Ultimate licenses for free.