AD user can not login issue when his account has workstation restriction
Summary
Active Directory users can not login when their account has workstation restriction (aka: userWorkstations).
Steps to reproduce
Create an LDAP-AD user and restrict it's workstations (Joining the server hosting the GitLab instance to the domain and adding to the user didn't help -tried with an Ubuntu sever box-)
What is the current bug behavior?
Users get 'Could not authenticate you from Ldapmain because "Invalid Credentials"' but as soon as the userWorkstations constraint is removed login is possible.
What is the expected correct behavior?
Login even if the restrictions exists since it's applicable to workstations not to applications.
Possible fixes
Not a specialist of LDAP integration but it seems the answer from the Domain controller returns the 531 error meaning "User is not authorized to access this wokstation". The issue happened to other applications.
gitlab-ce4107673 gitlab-ce2278648