Filtered ldap users create "local accounts"
Created by: jonakarl
Applicable to gitlab-CE
To recreate:
Create a ldap filter that exclude some users.
Try to log on as such user on a gitlab-CE installation. The user will get created as a "local user" although they will never be able to log on the system (as they are refused due to the ldap filter).
More serious is that if you create a local user that has a email adress in the ldap catalog but are filtered out by the ldap filter, eg a student that should have acces to a staff gitlab installation. If this user by mistake try to log on in the "ldap tab" the accounts will be linked and the user can after this not log on as he/she is filtered in the ldap filter.
possible soultion:
Apply the filter earlier in the process