Enable dynamic disabling filters for LDAP

Problem to solve

Currently blocking / syncing a deactivated user is bound to having AD as LDAP provider and active_directory: true configured

The actual filter is therefore hardcoded to match AD

Proposal

• Enable a new value in gitlab.yml to allow for custom filters

  disable_users:
      attribute: 'VALUE'
      value: 'VALUE'

What does success look like, and how can we measure that?

• Users will be checked using a custom querry
• Users can be disabled by adding to a custom group
• Active Directory check still working

Links / references

• FreeIPA: https://www.redhat.com/archives/freeipa-users/2016-April/msg00135.html
• AD: https://community.atlassian.com/t5/Jira-questions/Ignoring-disabled-users-in-LDAP-Active-Directory/qaq-p/