Hi all,
i’m running a GitLab CE (13.11.4, Omnibus on Debian) in a university. My students and teachers log in via LDAP using their central university AD account.
At the end of each semester i have to delete users, i.e. if they have left the university. My approach for a command line script is like this:
for all users in Gitlab
ask central AD if user still exists
if not, delete user in Gitlab
Can i do something like this in Gitlab and if so: what tools to use?
Yes, it’s possible using Gitlab API.
You will have to write your appropriate AD/LDAP query to check if the login exists and from that query, get the appropriate value being used for the login name. Then you’ll need to use that value with the delete user API command. You can use your AD/LDAP query, to then use the Gitlab API list user command:
once you’ve verified that you are checking the correct login info from AD, against the user login name in Gitlab, you can then use the delete user API command:
Users not in AD/LDAP will get blocked in GitLab.
Unless having blocked users in GitLab isn’t a problem, there is no need to delete them.
I don’t want to keep old users and their projects for two reasons:
Noticed there’s even a Powershell wrapper (PSGitLab). Since my AD query is in PS anyway this might be the tool of choice for me.