A total of 3 accounts on my Gitlab instance have now become 'soft locked'.
Some months ago my colleague reported being unable to log into Gitlab (they see a 403 error after entering credentials). All looked good from the admin screen and we eventually 'resolved' the issue by deleting the account and allowing them to create a new one, then restoring permissions.
This week 2 more accounts have become locked in a similar manner (mine and a third colleague). I've resolved the issue for the other colleague by deleting their account as before but I'm keen to understand what is happening and if there is a way to resolve it without losing the account.
The account looks in good standing on the administrator interface (it isn't locked or blocked or awaiting email confirmation.)
SSH based access to projects (push and pull) continues to work just fine.
So far I've tried disconnecting the account from it's LDAP identity and converting it into a local account (using another administrator account). This did not result in a change of behaviour so I don't believe the LDAP integration is at fault here.
I'm stumped as to how to proceed beyond this, googling has given me a lot of threads where people are getting errors at login rather than being able to log in but not being able to use the web interface.
I have created another full administrator account on the web interface and have root access to the box running gitlab so can provide output from gitlab-rails console etc. if required.
Update: I've obtained a brand new personal access token for the locked account from the gitlab-rails console and I get a 403 Forbidden when I try and invoke the API (v.s. 401 Unauthorized when I put in rubbish for the token). I think there must be something somewhere in the DB that's marked my account as locked out.
