Gitlab LDAP sync script tries to remove "bot" users from groups.

[TafkaMax]

The Gitlab LDAP sync script tries to currently remove "bot users" that are created when adding an access_token from non-ldap groups. Maybe even from groups that are also present in LDAP.

https://gitlab.example.com/groups/<GROUPNAME>/-/settings/access_tokens

[TafkaMax]

[notice] Deleting extra group members...
[info] Deleting user #132 "REDACTED" from group #1019 "REDACTED" [REDACTED].
[error] Gitlab failure: 403 Forbidden

[TafkaMax]

When adding an access token to a group a bot user is created there. So a check is necessary to see if user is bot.

[AdamReece-WebBox]

I've not looked yet, but I suspect the users API will be able to reveal if a user is a bot. We could then exclude bot users from deletions.

(I noticed this happening at our corporate Gitlab too, though I've only ever needed to run the tool once here so far.)

[TafkaMax]

Reformatted the Title. I first noticed it with groups that did not match a LDAP group name. But it is happening with all groups.