Add ability to specify "group_filter" to LDAP provider.

Problem to solve

This would be an addition to the already existing 'group_base' option and would help limit the LDAP groups visible to GitLab.

Intended users

Administrators

Further details

If there is no ability to use dedicated LDAP OU for GitLab, GitLab can access LDAP groups that are not related.

Proposal

Add new option 'group_filter' and construct the LDAP Filter during group search from only '(cn={0})' to constructed filter like it is used for 'user_filter' already.

Permissions and Security

N/A - configurable in GitLab config file (gitlab.rb)

Documentation

Update the LDAP configuration documentation with this new feature.

Testing

Verify that GitLab does not return LDAP groups in 'Groups -> LDAP Synchronization' that do not match the specified 'group_filter'

What does success look like, and how can we measure that?

GitLab does not return LDAP groups in 'Groups -> LDAP Synchronization' that do not match the specified 'group_filter'

What is the type of buyer?

Starter

Links / references