Identify internal users by LDAP groups
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
GitLab implements the concept of external users, which have only restricted access to a GitLab instance. They need to be added explicitly to projects/groups to see any contents. It is possible to set all newly registered users automatically to "external" via a configuration option or to mark external users via named LDAP groups (external_groups setting).
However, we are missing an option to classify internal users based on named LDAP groups.
Further details
Our use case is that all newly registered users should be treated as external users, except they belong to specific LDAP groups. The same applies for users once correctly registered as external users, but then added to one of the internal LDAP groups. At least to my knowledge, this is not possible so far.
Proposal
Add a internal_groups setting analog to the external_groups setting and implement a check during registration as well as an period sync.
What does success look like, and how can we measure that?
internal_groups setting implemented and documented.