[ci skip]
Signed-off-by: Rémy Coutable <remy@rymai.me>

Convert ASCII-8BIT LDAP DNs to UTF-8 to avoid unnecessary user deletions

Issue #1159 exposed a bug where LDAP DNs would be loaded in ASCII-8BIT encoding
but compared against UTF-8-encoded values. This comparison would always
fail, causing the LDAP group sync to evict users with Unicode characters.
The problem was quietly masked because the user would be re-added later
in the group sync worker.

This commit forces the UTF-8 encoding and falls back to the original value
if that fails.

The net-ldap library has an outstanding issue
(https://github.com/ruby-ldap/ruby-net-ldap/issues/4) to load data in UTF-8
format instead of ASCII-8BIT. Per
https://tools.ietf.org/html/rfc4514#section-3, LDAP DNs should be in UTF-8.

See merge request !828

Reduce code included in `RepositorySizeError`

Closes #1141

See merge request !833

Merge branch 'ee-1159-allow-permission-check-bypass-in-approve-access-request-service-ee' into 'master'

Don't pass a current user to Member#add_user in LDAP group sync

See the individual commits for explanation of the changes.

This is part of the fix for gitlab-org/gitlab-ee#1159.

CE backport for the change in `Members::ApproveAccessRequestService` is at gitlab-org/gitlab-ce!7168.
/cc @stanhu

See merge request !830

This is because group owners have their `:admin_group_member` permission
removed when the group is LDAP synced, thus ending in an early return
at `return member unless can_update_member?(current_user, member)` in
`Member.add_user`, leading to new LDAP users not being created.

This make this change while still being able to approve access requests
during a LDAP sync, `Members::ApproveAccessRequestService` has been
changed (in CE) to accept a `:force` option that bypass permission check
(since the permission is removed for owners of LDAP-synced groups).
This option is thus set to `ldap` in `Member.add_user`.
Signed-off-by: Rémy Coutable <remy@rymai.me>

This param allows to bypass permission check. It is useful for LDAP-sync
where even owners don't have the :admin_group_member permission.

See
https://gitlab.com/gitlab-org/gitlab-ee/blob/6081c37123abae4570f78831b33c2f45f92c2765/app/policies/group_policy.rb#L38
and https://gitlab.com/gitlab-org/gitlab-ee/issues/1159Signed-off-by: Rémy Coutable <remy@rymai.me>

Issue #1159 exposed a bug where LDAP DNs would be loaded in ASCII-8BIT encoding
but compared against UTF-8-encoded values. This comparison would always
fail, causing the LDAP group sync to evict users with Unicode characters.
The problem was quietly masked because the user would be re-added later
in the group sync worker.

This commit forces the UTF-8 encoding and falls back to the original value
if that fails.

The net-ldap library has an outstanding issue
(https://github.com/ruby-ldap/ruby-net-ldap/issues/4) to load data in UTF-8
format instead of ASCII-8BIT. Per
https://tools.ietf.org/html/rfc4514#section-3, LDAP DNs should be in UTF-8.

CE upstream

See merge request !812

Proper ES version check

See merge request !827

ES documentation: Fix rake command

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/1169

See merge request !825

The gitlab:check rake task checks ES version according to requirements

See merge request !824

Improve Geo documentation for 8.13

This merge-request was initiated after feedback from costumers about our documentation.

It's a bunch of small fixes to add extra troubleshooting and improve the understanding of the required steps.

# Documentation changes/added:

- [x] Add "Host key verification" troubleshooting doc for Geo
- [x] Update rsync instructions to preserve repository user/group ownership
- [x] Communicate better the setup steps and the correct order they must happen

cc @dewetblomerus @marin

See merge request !766

Add a trigger variable to docs trigger job

From https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7089

See merge request !819

Signed-off-by: Rémy Coutable <remy@rymai.me>

We have separate methods to delete redundant CE/EE access levels. So,
either `delete_redundant_access_levels` or
`delete_redundant_ee_access_levels` needs to be called, not both (as was
the case here).

Lines were duplicated.

Fix branch protection API

- EE-specific (spec) changes related to gitlab-org/gitlab-ce!6215.
- Related to gitlab-org/gitlab-ce#21513.

See merge request !718

Hides multiple board actions if user doesnt have permissions

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23678

See merge request !816

As we now expire all caches and then call build_cache, we have to mock this in the spec as we are never creating an actual repo in the filesystem.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23678

Fix for Elasticsearch::Transport::Transport::Errors::BadRequest: [400]

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/21036

See merge request !818