Block LDAP user when they are no longer found in the LDAP server (!2022) · Merge requests · GitLab.org / GitLab FOSS

Drew Blessing requested to merge dblessing/gitlab-ce:ldap_block_when_missing into master Dec 08, 2015

Currently, if a user is deleted from LDAP the Gitlab::Ldap::Access.allowed? method will return false, but the user will not be blocked. This means that the user would be able to continue using GitLab if they are already logged in, or when performing Git over SSH operations.

After this change, users will be blocked when they no longer exist in LDAP. There is still a one hour LDAP check cache time in effect, so the change is not immediate. This is noted in the documentation.

cc/ @DouweM @dzaporozhets

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Block LDAP user when they are no longer found in the LDAP server

Merge request reports