Gitea: add additional attributes and group sync

Not extensively tested, but group/team sync seems to work in Forgejo.

example_configs/gitea.md

@@ -1,4 +1,4 @@
-# Configuration for Gitea
+# Configuration for Gitea (& Forgejo)
 In Gitea, go to `Site Administration > Authentication Sources` and click `Add Authentication Source`
 Select `LDAP (via BindDN)`
 
@@ -14,9 +14,30 @@ To log in they can either use their email address or user name. If you only want
 For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn
 * Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise.
 * Username Attribute: `uid`
+* First Name Attribute: `givenName`
+* Surname Attribute: `sn`
 * Email Attribute: `mail`
+* Avatar Attribute: `jpegPhoto`
 * Check `Enable User Synchronization`
 
 Replace every instance of `dc=example,dc=com` with your configured domain.
 
 After applying the above settings, users should be able to log in with either their user name or email address.
+
+## Syncronizing LDAP groups with existing teams in organisations
+
+Groups in LLDAP can be syncronized with teams in organisations. Organisations and teams must be created manually in Gitea. 
+It is possible to syncronize one LDAP group with multiple teams in a Gitea organization.
+
+Check `Enable LDAP Groups`
+
+* Group Search Base DN: `ou=groups,dc=example,dc=com`
+* Group Attribute Containing List Of Users: `member`
+* User Attribute Listed In Group: `dn`
+* Map LDAP groups to Organization teams: `{"cn=Groupname1,ou=groups,dc=example,dc=com":{"Organization1": ["Teamname"]},"cn=Groupname2,ou=groups,dc=example,dc=com": {"Organization2": ["Teamname1", "Teamname2"]}}`
+
+Check `Remove Users from syncronised teams...`
+
+The `Map LDAP groups to Organization teams` config is JSON formatted and can be extended to as many groups as needed.
+
+Replace every instance of `dc=example,dc=com` with your configured domain.