diff --git a/Gemfile b/Gemfile
index d84841531..068e9a1df 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,11 +25,13 @@ gem 'attr_encrypted'
 gem 'sawyer'
 gem 'dalli'
 gem 'oauth2', '~>2.0.9'
-gem 'omniauth'
+gem 'omniauth', '~>2.0'
 gem 'omniauth-oauth2'
 gem 'omniauth-github', git: "https://github.com/omniauth/omniauth-github.git" # needs >1.3.0
 gem 'omniauth-google-oauth2'
-gem 'omniauth-ldap'
+gem 'omniauth-ldap',
+  git: 'https://github.com/omniauth/omniauth-ldap.git',
+  ref: 'fb485bb4613074b224b8d6b28ad1c7f366a6b6d8'
 gem 'omniauth-gitlab'
 gem 'omniauth-atlassian-bitbucket'
 gem 'omniauth-rails_csrf_protection' # remove once https://github.com/omniauth/omniauth/pull/809 is resolved
diff --git a/Gemfile.lock b/Gemfile.lock
index 9486ea0cb..be1354a13 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,10 +1,21 @@
 GIT
   remote: https://github.com/omniauth/omniauth-github.git
-  revision: 5afe8aee3baccd84ce6f265a3e62efbb55ac14b9
+  revision: f27bb4e018150d87e9444ad13955acfc9e76f4d7
   specs:
-    omniauth-github (1.4.0)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+
+GIT
+  remote: https://github.com/omniauth/omniauth-ldap.git
+  revision: fb485bb4613074b224b8d6b28ad1c7f366a6b6d8
+  ref: fb485bb4613074b224b8d6b28ad1c7f366a6b6d8
+  specs:
+    omniauth-ldap (2.0.0)
+      net-ldap (~> 0.16)
+      omniauth (~> 2.0.0)
+      pyu-ruby-sasl (~> 0.0.3.3)
+      rubyntlm (~> 0.6.2)
 
 GIT
   remote: https://github.com/zendesk/vault-ruby.git
@@ -272,7 +283,7 @@ GEM
     autoprefixer-rails (9.4.8)
       execjs
     awesome_print (1.6.1)
-    aws-eventstream (1.1.0)
+    aws-eventstream (1.2.0)
     aws-partitions (1.329.0)
     aws-sdk-core (3.100.0)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -289,8 +300,9 @@ GEM
       aws-sdk-core (~> 3, >= 3.58.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.4)
-      aws-eventstream (~> 1.0, >= 1.0.2)
+    aws-sigv4 (1.6.1)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.1.1)
     binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
     bootsnap (1.4.5)
@@ -330,7 +342,8 @@ GEM
     erubi (1.12.0)
     erubis (2.7.0)
     execjs (2.7.0)
-    faraday (2.7.10)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-http-cache (2.5.0)
@@ -410,7 +423,7 @@ GEM
       railties (>= 4)
       request_store (~> 1.0)
     logstash-event (1.2.02)
-    loofah (2.21.3)
+    loofah (2.21.4)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.7.1)
@@ -426,7 +439,7 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2023.0218.1)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.4)
+    mini_portile2 (2.8.5)
     minitest (5.11.3)
     minitest-rails (6.1.0)
       minitest (~> 5.10)
@@ -444,7 +457,7 @@ GEM
     mysql2 (0.5.3)
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
-    net-ldap (0.16.1)
+    net-ldap (0.18.0)
     netrc (0.11.0)
     newrelic_rpm (6.7.0.359)
     nio4r (2.5.9)
@@ -465,29 +478,26 @@ GEM
     octokit (6.1.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    omniauth (1.9.2)
+    omniauth (2.0.4)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
+      rack-protection
     omniauth-atlassian-bitbucket (0.1.0)
       omniauth-oauth2
-    omniauth-gitlab (1.0.2)
-      omniauth (~> 1.0)
-      omniauth-oauth2 (~> 1.0)
-    omniauth-google-oauth2 (0.8.0)
+    omniauth-gitlab (4.1.0)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8.0)
+    omniauth-google-oauth2 (1.1.1)
       jwt (>= 2.0)
-      omniauth (>= 1.1.1)
-      omniauth-oauth2 (>= 1.6)
-    omniauth-ldap (1.0.5)
-      net-ldap (~> 0.12)
-      omniauth (~> 1.0)
-      pyu-ruby-sasl (~> 0.0.3.2)
-      rubyntlm (~> 0.3.4)
-    omniauth-oauth2 (1.7.3)
+      oauth2 (~> 2.0.6)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8.0)
+    omniauth-oauth2 (1.8.0)
       oauth2 (>= 1.4, < 3)
-      omniauth (>= 1.9, < 3)
-    omniauth-rails_csrf_protection (0.1.2)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
-      omniauth (>= 1.3.1)
+      omniauth (~> 2.0)
     pagy (3.6.0)
     parallel (1.19.2)
     parallel_tests (2.21.1)
@@ -515,10 +525,12 @@ GEM
     puma (5.6.7)
       nio4r (~> 2.0)
     pyu-ruby-sasl (0.0.3.3)
-    racc (1.7.1)
+    racc (1.7.2)
     rack (2.2.8)
     rack-mini-profiler (1.1.4)
       rack (>= 1.2.0)
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-test (2.1.0)
       rack (>= 1.3)
     rails (6.1.7.6)
@@ -588,7 +600,7 @@ GEM
     ruby2_keywords (0.0.5)
     ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
-    rubyntlm (0.3.4)
+    rubyntlm (0.6.3)
     safe_yaml (1.0.4)
     sass-rails (6.0.0)
       sassc-rails (~> 2.1, >= 2.1.1)
@@ -654,7 +666,7 @@ GEM
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.11)
+    zeitwerk (2.6.12)
     zendesk_api (2.0.1)
       faraday (> 2.0.0)
       faraday-multipart
@@ -709,12 +721,12 @@ DEPENDENCIES
   net-http-persistent
   oauth2 (~> 2.0.9)
   octokit
-  omniauth
+  omniauth (~> 2.0)
   omniauth-atlassian-bitbucket
   omniauth-github!
   omniauth-gitlab
   omniauth-google-oauth2
-  omniauth-ldap
+  omniauth-ldap!
   omniauth-oauth2
   omniauth-rails_csrf_protection
   pagy