LDAP: Support multiple values for admin_group

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

The config for admin_group under LDAP section now supports specifying multiple group names

Problem to solve

LDAP/AD servers may be shared between multiple instances of GitLab, and sometimes there can be a need to have additional admins on a specific instance besides the usual admin group members.

Currently this could only work if either multiple providers are specified (targeting different admin_group, etc.), or if the user is provided with a non-LDAP admin account that isn't reset every LDAP sync.

Customer ticket with some more information on a use-case: https://gitlab.zendesk.com/agent/tickets/220888 (internal link)

Proposal

Alter the behavior of LDAP config admin_group or add a new pluralized config admin_groups that accepts multiple values. Changes may be needed in EE classes Ldap::Sync::AdminUsers and Ldap::Sync::Groups