Admin should get email whenever an account is blocked

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

As mentioned in gitlab-ce#25817 the behaviour of Gitlab is a bit surprising, it seems it will deactivate permanently accounts even when they may temporarily be locked out on the LDAP side. This seems a bad behaviour.

But this is not a request to fix that. This is a Feature Request that as a Gitlab administrator I don't want to get a phone call or email from my user telling me she/he has been locked out. I want an email at the exact millisecond that Gitlab decided to lock out my user. Then I can investigate when the lockout occurred and why.

Scenarios where such an email makes sense:

1. There are two or more gitlab admins. One admin locks another user out, without telling the other admins. No audit trail exists for this critical activity.

2. LDAP bug (or misbegotten feature) like gitlab-ce#25817 strikes. Nobody knows when it struck, and can't do RCA (root cause analysis) with IT because we don't know when it happened.

3. User has entered his password incorrectly and is locked out. Gitlab account remains blocked even after IT has re-activated her/his main LDAP login. If you send an email, then the Admin will know that further action is required. Due to current Gitlab flaw or strange design, Admin may even need to go to gitlab-rails console to fix this issue.