### Description In my GitLab deployment I have unchecked the option for "Password authentication enabled for Git over HTTP(S)". However, I did not read the fine print that says: "When disabled, a Personal Access Token **or LDAP password** must be used to authenticate." For me this defeats the purpose of the setting. All my users sign in via LDAP, but because they use their LDAP passwords for many other purposes, I would like to limit them from using them for Git authentication; and instead force them to use access tokens and no passwords whatsoever. ### Proposal 1. Add support for disabling LDAP password auth when `prevent_ldap_sign_in` is enabled, behind a default-disabled feature flag. 2. Add instrumentation around instances `prevent_ldap_sign_in` setting when LDAP is enabled. If that number with `prevent_ldap_sign_in` enabled is low, then we can safely default-enable the feature flag and remove.