When a group have LDAP synchronization it allows users to be added through API which cannot be deleted through API or in UI
Summary
I have group with LDAP sync. I can add users to the group via api, which is not possible in UI. Users added via API which will be removed when LDAP sync is run again. But the same cannot be deleted through api. It's throwing forbidden error, though I have Admin access in Gitlab.
Is this an expected behavior or a bug? Why is that users can be added via API when it's not possible in Web UI?
Steps to reproduce
- Add LDAP sync to a group
- All users in LDAP group will be imported properly.
- We cannot add users outside LDAP group directly (expected)
- Add users through API (Will work. Might be a bug)
- Such users cannot be deleted through API or manually in Web UI, but are removed when LDAP sync is run again.
Example Project
(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)
(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)
What is the current bug behavior?
Allows users to be added through API when LDAP group is added. Users added through API cannot be deleted through API or Web UI. Removed only by running LDAP sync again.
What is the expected correct behavior?
(What you should see instead) If users can be added through API, such users should be enabled to delete via API.
Relevant logs and/or screenshots
I can add user via API:
curl --request POST --header "PRIVATE-TOKEN: xxxxxxxxxx" --data "user_id=1&access_level=30" https://gitlab.com/api/v4/groups//members
{"id":1,"name":"xxxx, xxxx","username":"xxxx","state":"active","avatar_url":null,"web_url":"https://gitlab.com/xxxx","access_level":30,"expires_at":null}
Getting Forbidden Error when trying to remove user via API:
curl --request DELETE --header "PRIVATE-TOKEN: xxxxxxx" https://gitlab.com/api/v4/groups//members/1
{"message":"403 Forbidden"}
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)