Hi. I’m running gitlab-ce 11.11.8.
Our current configuration sets everyone with “MEMBER” or “STUDENT” in eduPersonPrimaryAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.5) as External.
In our LDAP config, we had a filter that would allow anyone in a certain ldap group to be an exception to that. So if a student got special permission to get standard access, we could add them to a group in ldap and they wouldn’t be marked External.
Is there any way to do something like that with omniauth (saml)? I’ve played with required_groups a bit in conjunction with external_groups, but I don’t see a way to say “if [user] is NOT in this group, mark them external.”
Thanks!