The blocked? method is used to check whether a user exists in LDAP. Prior to this change, if the LDAP server had more objects below the one pointed to by the DN, those objects would also be picked up by the search, causing the method to determine the user should be blocked.
One case where this can happen is when using Active Directory and a user have a mobile phone assigned. In this case, Exchange will add an entry called ExchangeActiveSyncDevices under the users entry. The user-visible behaviour is then that a user loses Gitlab access when he enables a mobile device.
This fix sets the search scope to BaseObject in order to ensure that only the user itself is returned.
-when logging in if users are allowed to login with just usernames in ldap we will update uid of the user if their uid is out of date
Conflicts:
spec/lib/auth_spec.rb
Change-Id: Ia171b3d5133da86edc18c0d08ecfaf6a174f2574
Sytse Sijbrandij