LDAP Sync blocked user edgecases (!2242) · Merge requests · GitLab.org / GitLab FOSS

Gabriel Mazetto requested to merge feature/ldap-sync-edgecases into master Dec 29, 2015

Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462)

Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other.

Expected behavior:

"ldap_blocked" users respond to both blocked? and ldap_blocked?
"ldap_blocked" users can't be unblocked by the Admin UI
"ldap_blocked" users can't be unblocked by the API
Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked"
Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization
When LDAP identity is removed, we should convert ldap_blocked into blocked

Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users:

There will be another MR for the EE version.

LDAP Sync blocked user edgecases

Merge request reports