LDAP sync for admin roles: Add locking to prevent race conditions

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

Simultaneous LDAP sync operations triggered by multiple admins can lead to race conditions. This may result in sync failures, inconsistent user states, or even temporary access issues — which can introduce security risks, especially when managing admin role assignments.

Proposal

Introduce a locking mechanism for LDAP sync operations to ensure only one sync runs at a time. This would prevent overlapping executions and reduce the chance of race conditions affecting access control.

Original issue raised in https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-reviews/-/issues/254#note_2617199978