diff --git a/applications/gitlab.nix b/applications/gitlab.nix
index c77d634..ae54043 100644
--- a/applications/gitlab.nix
+++ b/applications/gitlab.nix
@@ -161,7 +161,7 @@
               active_directory = false;
               #base = "ou=users,${cfg.ldap.base}?sub?(|(skMemberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))";
               base = "ou=users,${cfg.ldap.base}";
-              user_filter = "(skMemberOf=cn=skynet-users,ou=groups,${cfg.ldap.base})";
+              user_filter = "(skEnabled=TRUE)";
 
               attributes = {
                 username = "uid";
diff --git a/applications/ldap/skMemberOf.ldif b/applications/ldap/skMemberOf.ldif
index 68ec244..43ed98d 100644
--- a/applications/ldap/skMemberOf.ldif
+++ b/applications/ldap/skMemberOf.ldif
@@ -36,10 +36,16 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1
     EQUALITY caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   )
+olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1
+    NAME 'skEnabled'
+    DESC 'TRUE/FALSE'
+    EQUALITY booleanMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  )
 olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1
     NAME 'skPerson'
     DESC 'skynet person'
     SUP top AUXILIARY
-    MUST ( skMail $ skCreated )
+    MUST ( skMail $ skCreated $ skEnabled )
     MAY ( skMemberOf $ skID $ skDiscord )
   )