Adambean
commented
3 years ago It sounds very sensible to swap the order of these tasks, though there was a different problem raised when attempting to change their email address: https://github.com/Adambean/gitlab-ce-ldap-sync/issues/21
Our Admin would sometimes need to open another account for our users in AD and transfer their email address to the new account. The old account is then deactivated or given another email.
The sync script cannot transfer this to GitLab, as it first attempts to create new users and then update existing users. The first step fails, as the email for the new account is already taken by the existing account in GitLab. An update of existing accounts before this step would solve the issue. Alternatively, the script could handle duplicate emails in a more robust fashion and skip new account creation for duplicate emails without aborting execution and failing. These could then be created upon the script's second run.