mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
example_configs,gitea: add additional attributes and group sync
Not extensively tested, but group/team sync seems to work in Forgejo.
This commit is contained in:
parent
3a43b7a4c2
commit
260b545a54
@ -1,4 +1,4 @@
|
|||||||
# Configuration for Gitea
|
# Configuration for Gitea (& Forgejo)
|
||||||
In Gitea, go to `Site Administration > Authentication Sources` and click `Add Authentication Source`
|
In Gitea, go to `Site Administration > Authentication Sources` and click `Add Authentication Source`
|
||||||
Select `LDAP (via BindDN)`
|
Select `LDAP (via BindDN)`
|
||||||
|
|
||||||
@ -14,9 +14,30 @@ To log in they can either use their email address or user name. If you only want
|
|||||||
For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn
|
For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn
|
||||||
* Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise.
|
* Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise.
|
||||||
* Username Attribute: `uid`
|
* Username Attribute: `uid`
|
||||||
|
* First Name Attribute: `givenName`
|
||||||
|
* Surname Attribute: `sn`
|
||||||
* Email Attribute: `mail`
|
* Email Attribute: `mail`
|
||||||
|
* Avatar Attribute: `jpegPhoto`
|
||||||
* Check `Enable User Synchronization`
|
* Check `Enable User Synchronization`
|
||||||
|
|
||||||
Replace every instance of `dc=example,dc=com` with your configured domain.
|
Replace every instance of `dc=example,dc=com` with your configured domain.
|
||||||
|
|
||||||
After applying the above settings, users should be able to log in with either their user name or email address.
|
After applying the above settings, users should be able to log in with either their user name or email address.
|
||||||
|
|
||||||
|
## Syncronizing LDAP groups with existing teams in organisations
|
||||||
|
|
||||||
|
Groups in LLDAP can be syncronized with teams in organisations. Organisations and teams must be created manually in Gitea.
|
||||||
|
It is possible to syncronize one LDAP group with multiple teams in a Gitea organization.
|
||||||
|
|
||||||
|
Check `Enable LDAP Groups`
|
||||||
|
|
||||||
|
* Group Search Base DN: `ou=groups,dc=example,dc=com`
|
||||||
|
* Group Attribute Containing List Of Users: `member`
|
||||||
|
* User Attribute Listed In Group: `dn`
|
||||||
|
* Map LDAP groups to Organization teams: `{"cn=Groupname1,ou=groups,dc=example,dc=com":{"Organization1": ["Teamname"]},"cn=Groupname2,ou=groups,dc=example,dc=com": {"Organization2": ["Teamname1", "Teamname2"]}}`
|
||||||
|
|
||||||
|
Check `Remove Users from syncronised teams...`
|
||||||
|
|
||||||
|
The `Map LDAP groups to Organization teams` config is JSON formatted and can be extended to as many groups as needed.
|
||||||
|
|
||||||
|
Replace every instance of `dc=example,dc=com` with your configured domain.
|
||||||
|
Loading…
Reference in New Issue
Block a user