Use Members::DestroyService when destroying members on LDAP group sync
Problem
When users are removed from groups during LDAP synchronization, their user_group_member_roles records are not properly cleaned up. This happens because the current implementation directly destroys member records instead of using the Members::DestroyService, which handles all necessary cleanup operations.
What does this MR do and why?
This MR updates the LDAP group synchronization service to use Members::DestroyService when removing a user's access from a group. This ensures:
- All associated
user_group_member_rolesrecords are properly cleaned up (reference) - The removal process during LDAP sync follows the same pattern as other member removal flows in the system
- Any future cleanup logic added to
Members::DestroyServicewill automatically apply to LDAP sync removals
References
Update user_group_member_roles when member is d... (#557859 - closed).
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Eugie Limpin