From fc7ec97051178d72772abf2f4135baf030fdba69 Mon Sep 17 00:00:00 2001 From: publicdesert Date: Wed, 15 Jun 2022 22:48:56 +0200 Subject: [PATCH] Apply suggested changes --- example_configs/gitea.md | 6 ++++-- example_configs/seafile.md | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/example_configs/gitea.md b/example_configs/gitea.md index 422d21a..b2c8a54 100644 --- a/example_configs/gitea.md +++ b/example_configs/gitea.md @@ -7,10 +7,12 @@ Select `LDAP (via BindDN)` * Bind DN: `uid=admin,ou=people,dc=example,dc=com` * Bind Password: Your bind user's password * User Search Base: `ou=people,dc=example,dc=com` -* User Filter: In this example only members of the group `git_user` can log in. To log in they can either use their email address or user name:
+* User Filter: If you want all users to be able to log in, use
+`(&(objectClass=person)(|(uid=%[1]s)(mail=%[1]s)))`.
+To log in they can either use their email address or user name. If you only want members a specific group to be able to log in, in this case the group `git_user`, use
`(&(memberof=cn=git_user,ou=groups,dc=example,dc=com)(|(uid=%[1]s)(mail=%[1]s)))`
For more info on the user filter, see: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn -* Admin Filter: Use similar string as above or leave it empty if you don't want LDAP users to be admins. +* Admin Filter: Use `(memberof=cn=lldap_admin,ou=groups,dc=example,dc=com)` if you want lldap admins to become Gitea admins. Leave empty otherwise. * Username Attribute: `uid` * Email Attribute: `mail` * Check `Enable User Synchronization` diff --git a/example_configs/seafile.md b/example_configs/seafile.md index 2ae4030..b2db43e 100644 --- a/example_configs/seafile.md +++ b/example_configs/seafile.md @@ -7,12 +7,11 @@ Add the following to your `seafile/conf/ccnet.conf` file: HOST = ldap://192.168.1.100:3890 BASE = ou=people,dc=example,dc=com USER_DN = uid=admin,ou=people,dc=example,dc=com -PASSWORD = YOURPASSWORDHERE +PASSWORD = CHANGE_ME LOGIN_ATTR = mail ``` * Replace `192.168.1.100:3890` with your lldap server's ip/hostname and port. * Replace every instance of `dc=example,dc=com` with your configured domain. -* Replace `YOURPASSWORDHERE` with your bind user's password. __IMPORTANT__: Seafile requires the LOGIN_ATTR to be in an email-like format. You cannot use the uid as LOGIN_ATTR!