How to convert local gitlab user (email) to LDAP user?

I’ve recently inherited an existing gitlab install using the gitlab-ce-9.2.6-ce.0.el7.x86_64 package and I have a few users who have created local accounts over time.
We are trying to standardize everybody on LDAP (and LDAP objects exist for these users).
Accounts that were created as LDAP accounts are working correctly (so the LDAP auth method is functioning fine)
Just adding their object distinguishedName as an LDAP identity doesn’t seem to be doing the job (in fact adding an LDAP identity caused permanent lockout as described here: ), only removing the identity allowed it to be unblocked.
I’ve seen posts elsewhere about having the user adjust Account Settings > Security > Sign-in Method but this doesn’t seem to exist in 9.2.6 (or at least not the package we have?)

Looking for some guidance on how to cut these users over either individually by themselves, by myself as administrator, or en masse with a script. Really just what am I doing wrong would be helpful.

Thanks in advance


Don’t everybody shout at once :wink:
Seriously, is there a way to do this with less impact to my users than changing their emails, having them create new accounts, and manually moving repos and ownership? Surely the authentication method is stored in the DB somewhere…


See this discussion for some relevant info.

Basically use the console to inspect an ldap user and a local user to see the different propeties & values. Then you can write a script to modify the users you want.