LDAP created users must be different.
Created by: nielsbasjes
We've setup Gitlab 4.0 with username/password validation against LDAP. What we found is that an account created because a new user logged in using LDAP creates an account that has several unwanted features.
- When a user logs in for the first time the system a new account is created (this is good) and the system sends them an email with their new (randomly generated) password (this is not good).
- The user can login using these credentials by opening the "Other signin" part of the login dialog.
- The user can change this "gitlab" password in the account settings.
- The user can change their username in the account settings.
The desired situation is that an account created because a user logged in via LDAP is marked as "an external system is the owner of the account data" and as such several features regarding such an account should be disabled (at least all of the features mentioned above).