Allow disabling of LDAP as a login option when LDAP is enabled

Problem to solve

LDAP Login can not be disabled when LDAP is enabled.

Further details

We are using LDAP syncing to sync LDAP group membership information to Gitlab but require that users not be able to login via LDAP as this would allow them to bypass our SAML providers two-factor authentication.

(Include use cases, benefits, and/or goals)

Proposal

An additional setting for if LDAP Login is enabled. This would default to enabled if not specified.

What does success look like, and how can we measure that?

LDAP Login is not allowed when LDAP is enabled and LDAP Login setting is disabled.