Current LDAP issue prioritization (meta)

Thanks @dblessing

@JobV I added the top almost 10 items related to LDAP, in order of my perceived priority. Although the first few are feature requests they are closely related and are really important. Implementing those items will remove the 'exclusive lease' which is making it really hard for the support team to debug with customers.

I'll start work on this list. Please feel free to add to the list or propose re-ordering.

@dblessing re ExclusiveLease; something I have done/seen elsewhere in the app is to have a lease-free sidekiq job that can be scheduled by a user via the UI, and a lease-obtaining 'cron job' that uses the lease-free job under the hood. See e.g. the repository check feature.

@jacobvosmaer-gitlab That may work, but would also add some complexity. The leasing has to be done for each group, in the group loop. So we would have to pass in a boolean whether to get a lease or not. I think we can accomplish the same by using states and state will be required anyway to show the current status in the members page. I'll ping you on the WIP MR so you can see the implementation and see if it will work.

@dblessing thanks, I agree states make more sense if you want to report to the user.

Milestone changed to %16

Added ~157393 label

Marked the task Allow LDAPGroupSync to accept a group name/id to sync individually ~"feature proposal" Blocks https://gitlab.com/gitlab-org/gitlab-ee/issues/400 (next item) as completed

Marked the task Change LDAP group sync 'Clear cache' to 'Sync now' ~"feature proposal" as completed

Marked the task Allow option to change permission levels of users when LDAP group sync is enabled ~"feature proposal" customer as completed

Probable LDAP features/fixes for 8.12 are below. All are in progress and in varying states of review. I reasonably expect they'll all be done in the next few days. It will be a GREAT release for LDAP users

CE: Restrict LDAP return attributes (performance) https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6187
EE: Restrict LDAP return attributes (performance) https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/712 (Final review)
EE: Active Directory range member/nested group retrieval (bug fix/performance) https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/719 (WIP)
EE: Allow membership override when using LDAP group sync https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/717 (Final review)
EE: Add Sync now to group members page https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/704 (Final review)

Looks like you've got some nice LDAP features in the works! Any chance you can slip #139 (closed) into an upcoming release? I realize it might be late in the game for 8.12, but perhaps 8.13?