Account for Okta's LDAP Interface implementation quirks
Problem to solve
GitLab can be connected via LDAP to Okta's LDAP Interface.
However, because Okta's LDAP Interface really just translates LDAP commands to API calls, with a sufficiently large user base it's possible to hit Okta's API rate limits. At this point, all GitLab LDAP users are blocked as GitLab thinks that these users no longer exist at the LDAP endpoint.
We should consider accounting for this Okta LDAP Interface quirk, or perhaps derive a more general case from this.
This was reported (Zendesk, internal use only) by a 100-seat premium customer. It is worth noting that the custom is only using LDAP because they're not able to sync user SSH keys to GitLab with SAML. There is an open issue proposing this feature here: #16453
Intended users
Further details
Proposal
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Edited by Wei-Meng Lee