Add note about LDAP issues affecting MR approval rules (!216861) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Adds documentation about how LDAP connectivity issues can affect merge request approval rules.

When LDAP servers become temporarily unavailable or the bind account fails, users can be removed from approval rules during sync operations. This results in approval rules becoming empty and being marked as "Auto approved", which bypasses code review requirements and creates a security risk.

This documentation:

Explains the problem and its security implications
Provides preventive measures (ensuring LDAP reliability, monitoring sync operations)
Recommends using approval policies for critical security requirements
Warns that users won't be automatically restored when LDAP connectivity returns

References

Relates to #579169 (closed) and #6054

MR acceptance checklist

Documentation is clear and addresses the security concern
Includes preventive measures and recommendations
Cross-references approval policies for stronger enforcement
Provides guidance on recovery procedures

Edited Dec 17, 2025 by Magdalena Frankiewicz

Add note about LDAP issues affecting MR approval rules

What does this MR do and why?

References

MR acceptance checklist

Merge request reports