When using "Default Group Memberships" to assign LDAP users to a group with a minimal Global Permission within Stash, as users from LDAP login into Stash and are assigned to the default group, thus consuming a license (consider Stash is licensed for "N" users), instead of denying access to the "N-th +1" user, it allows the user to login and server blocks pull/push as described on https://jira.atlassian.com/browse/STASH-4643 and the message below is displayed:

You have more users than your license allows. Pushing is disabled - purchase a license today

Stash shouldn't allow a user to login and get added to the default group in such use case.