closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6853 Commits
2 Branches
178 MiB
Tree: 5e022a98e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5e022a98e6'
${ noResults }
gitea/modules/auth/ldap/README.md

101 lines
4.0 KiB
Raw Normal View History

Gogs -> Gitea (#2909) rename label
7 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Minor fixes to the LDAP module readme
9 years ago
Updated the LDAP auth module README.
9 years ago
Minor fixes to the LDAP module readme
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP auth module README.
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
Significantly enhanced LDAP support in Gogs.
9 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP module readme.
9 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP auth module README.
9 years ago
initial support for LDAP authentication/MSAD
10 years ago
Updated the LDAP auth module README.
9 years ago
Minor fixes to the LDAP module readme
9 years ago
Updated the LDAP auth module README.
9 years ago
 
  1. Gitea LDAP Authentication Module
  2. ===============================
  3. 

  4. ## About

  5. 

  6. This authentication module attempts to authorize and authenticate a user
  7. against an LDAP server. It provides two methods of authentication: LDAP via
  8. BindDN, and LDAP simple authentication.
  9. 

  10. LDAP via BindDN functions like most LDAP authentication systems. First, it
  11. queries the LDAP server using a Bind DN and searches for the user that is
  12. attempting to sign in. If the user is found, the module attempts to bind to the
  13. server using the user's supplied credentials. If this succeeds, the user has
  14. been authenticated, and his account information is retrieved and passed to the
  15. Gogs login infrastructure.
  16. 

  17. LDAP simple authentication does not utilize a Bind DN. Instead, it binds
  18. directly with the LDAP server using the user's supplied credentials. If the bind
  19. succeeds and no filter rules out the user, the user is authenticated.
  20. 

  21. LDAP via BindDN is recommended for most users. By using a Bind DN, the server
  22. can perform authorization by restricting which entries the Bind DN account can
  23. read. Further, using a Bind DN with reduced permissions can reduce security risk
  24. in the face of application bugs.
  25. 

  26. ## Usage

  27. 

  28. To use this module, add an LDAP authentication source via the Authentications
  29. section in the admin panel. Both the LDAP via BindDN and the simple auth LDAP
  30. share the following fields:
  31. 

  32. * Authorization Name **(required)**
  33.     * A name to assign to the new method of authorization.
  34. 

  35. * Host **(required)**
  36.     * The address where the LDAP server can be reached.
  37.     * Example: mydomain.com
  38. 

  39. * Port **(required)**
  40.     * The port to use when connecting to the server.
  41.     * Example: 636
  42. 

  43. * Enable TLS Encryption (optional)
  44.     * Whether to use TLS when connecting to the LDAP server.
  45. 

  46. * Admin Filter (optional)
  47.     * An LDAP filter specifying if a user should be given administrator
  48.       privileges. If a user accounts passes the filter, the user will be
  49.       privileged as an administrator.
  50.     * Example: (objectClass=adminAccount)
  51. 

  52. * First name attribute (optional)
  53.     * The attribute of the user's LDAP record containing the user's first name.
  54.       This will be used to populate their account information.
  55.     * Example: givenName
  56. 

  57. * Surname attribute (optional)
  58.     * The attribute of the user's LDAP record containing the user's surname This
  59.       will be used to populate their account information.
  60.     * Example: sn
  61. 

  62. * E-mail attribute **(required)**
  63.     * The attribute of the user's LDAP record containing the user's email
  64.       address. This will be used to populate their account information.
  65.     * Example: mail
  66. 

  67. **LDAP via BindDN** adds the following fields:
  68. 

  69. * Bind DN (optional)
  70.     * The DN to bind to the LDAP server with when searching for the user. This
  71.       may be left blank to perform an anonymous search.
  72.     * Example: cn=Search,dc=mydomain,dc=com
  73. 

  74. * Bind Password (optional)
  75.     * The password for the Bind DN specified above, if any. _Note: The password
  76.       is stored in plaintext at the server. As such, ensure that your Bind DN
  77.       has as few privileges as possible._
  78. 

  79. * User Search Base **(required)**
  80.     * The LDAP base at which user accounts will be searched for.
  81.     * Example: ou=Users,dc=mydomain,dc=com
  82. 

  83. * User Filter **(required)**
  84.     * An LDAP filter declaring how to find the user record that is attempting to
  85.       authenticate. The '%s' matching parameter will be substituted with the
  86.       user's username.
  87.     * Example: (&(objectClass=posixAccount)(uid=%s))
  88. 

  89. **LDAP using simple auth** adds the following fields:
  90. 

  91. * User DN **(required)**
  92.     * A template to use as the user's DN. The `%s` matching parameter will be
  93.       substituted with the user's username.
  94.     * Example: cn=%s,ou=Users,dc=mydomain,dc=com
  95.     * Example: uid=%s,ou=Users,dc=mydomain,dc=com
  96. 

  97. * User Filter **(required)**
  98.     * An LDAP filter declaring when a user should be allowed to log in. The `%s`
  99.       matching parameter will be substituted with the user's username.
  100.     * Example: (&(objectClass=posixAccount)(cn=%s))
  101.     * Example: (&(objectClass=posixAccount)(uid=%s))