LDAP blocked accounts lumped together with blocked accounts
Problem to solve
What problem do we solve? As of 2020/November/16, there are two types of blocked account in GitLab:
- blocked: this is account blocked manually by product administrator or programmatically via GitLab API.
- ldap-blocked: this is account blocked automatically by GitLab if the account is inactive in LDAP or removed from LDAP.
For reporting purpose, GitLab UI shows then all together as blocked users. Let's say there are 12 blocked accounts and 21 ldap-blocked accounts. GitLab UI reports 33 blocked users instead of reporting 12 blocked accounts and 21 ldap-blocked accounts. And the the 21 ldap-blocked accounts are labeled "blocked", which causes frustration when troubleshooting blocked account (see "Further details" session).
Intended users
Who will use this feature?
Anyone who needs know this type of information
Further details
For troubleshooting purpose, it is confusing to lump together blocked and ldap-blocked accounts. When a user calls admin to complain that his/her account has been blocked, admin will try to unblock the account and ... no success: Why this account can't be unblocked? Because the account is a ldap-blocked account. Admin has to use GitLab API to figure out that the account was blocked automatically by GitLab because the account was inactivated/removed from LDAP.
Proposal
GitLab should not lump together blocked and ldap-blocked accounts. GitLab should labeled ldap-blocked account as "ldap-blocked" instead of "blocked". GitLab UI should report blocked accounts separated from ldap-blocked accounts.
Permissions and Security
What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?
Documentation
- See the Feature Change Documentation Workflow
- Add all known Documentation Requirements here, per
- If this feature requires changing permissions, this document must be updated accordingly
Availability & Testing
This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
- Unit test changes
- Integration test changes
- End-to-end test change
See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance:
What does success look like, and how can we measure that?
Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this.
What is the type of buyer?
Which leads to: in which enterprise tier should this feature go?
Is this a cross-stage feature?
Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt.