Change DN as the auth verification attribute for LDAP

Description

After the LDAP user sync accounts with a different DN will be blocked. These accounts will get unblocked when the users authenticate with GItLab and the DN will get updated. The only risk is a period of time where they seem to be blocked and admins can't tell them apart from other blocked accounts. Mostly with accounts that aren't that active.

Proposal

As proposed at https://gitlab.zendesk.com/agent/tickets/45523 we might consider using the user-id to validate a user.

Links / references

ZD: https://gitlab.zendesk.com/agent/tickets/45523

/cc @dblessing

Edited Jun 18, 2025 by 🤖 GitLab Bot 🤖