Skip to content

Sync ldap external groups on login

What does this MR do?

On LDAP login, the user's external flag is set by checking external groups immediately.

Are there points in the code the reviewer needs to double check?

I would prefer to have at least one integration test for this, but I didn't see a good one that doesn't seem to stub as much as I'm already doing in these unit tests.

I don't know how slow it can be to pull member DNs for a group, but if there are a lot of external_groups with a lot of members, I imagine this could cause logins to be slow. I am currently unaware of a faster way to do it though.

Why was this MR needed?

On customer installations with LDAP and external groups, new users that should be external could login and see everything until a scheduled sync worker ran.

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/2468

Edited by username-removed-1144264

Merge request reports