Net::LDAP uses paged searches by default. Limit that in GitLab if possible
Net::LDAP uses paged searches by default - see comment at https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/connection.rb#L368. The problem is that some LDAP servers have limits on the number of concurrent paged searches and these searches require more resources. When paged searches are limited then user sign in may fail when the limit is reached.
I found the following related issues in Ruby Net LDAP:
There is already a
force_no_page boolean that can be passed in as a arg. It defaults to
false which is why paging is enabled by default. Note that gitlab-omniauth_ldap doesn't has this argument so we would need support there and also to add to GitLab.
The customer also specifically mentioned that it's the user sign ins which are causing the most paged search traffic to the LDAP servers so maybe we start by disabling paged searches only for single user lookups. In my mind this has the least risk as I'm concerned disabling paged searches globally would break Group Sync.