Add checking for ex-users, removed from LDAP
Problem to solve
Status of Gitlab accounts remains "Active" after removal of their LDAP identities, if no attempts to sign in are performed after that removal.
Further details
Our Gitlab instance uses company's Active Directory server for authentication. Our network managers create AD accounts for new employees and remove them after they leave. Then Gitlab blocks accounts of ex-employees that are missing in AD.
The problem is: users are not blocked, the status of the Gitlab account remains "Active" after an employee leaves, because nobody tries to sign in to the Gitlab after leaving. The server itself is inaccessible from the Internet, ex-employees cannot enter the office since their pass cards are destroyed, their PCs are disassembled or formatted with a fresh OS install.
This increases amount of "dead souls".
I usually manually "Impersonate" each user and check if it was blocked.
Proposal
Add periodic automatic check or a button for manual check, if users exist in Active Directory, then block all users that were removed from AD.
What does success look like, and how can we measure that?
Reduced mess in user account statuses.