Members of a group with LDAP access aren't given access
Zendesk tickets: https://gitlab.zendesk.com/agent/tickets/95150, https://gitlab.zendesk.com/agent/tickets/96395
Both the above tickets are for the same customer. Please see the second ticket for the profiling and GroupSync outputs.
The customer has GroupSync set up in a GitLab group named testissue. New projects in this group list these users with the correct Developer accesses, but the users each get a 404 upon viewing the project's main page (/testissue/project). Impersonating the users demonstrated the problem.
On a call, we took a single user with the problem and confirmed the user's access to the group and project by running a manual GroupSync. In the output, the last occurrence of the user's dn gave her an access level of 30, which is Developer (see the attachment in the ticket). This is correct. However, the user still gets a 404 when accessing the page. Running the GroupSync did not change this.
During the call we also profiled the URL and did not find anything interesting in the profiling output except that a 404 was reached:
I, [2018-05-17T16:06:19.512974 #17806] INFO -- : Filter chain halted as :project rendered or redirected
I, [2018-05-17T16:06:19.515567 #17806] INFO -- : Completed 404 Not Found in 265ms (Views: 3.6ms | ActiveRecord: 9.8ms | Elasticsearch: 0.0ms)Something interesting is when the permissions are changed, the user gets access. Then, when the override is reverted to the original LDAP GroupSync membership level, the access is still there. This is what leads me to believe this is a bug.
The customer is running GitLab 10.6.3-ee. This problem doesn't exist in the customer's other instances, also running the same version.