closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1028 Commits
2 Branches
178 MiB
Tree: c5dbc24ca4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c5dbc24ca4'
${ noResults }
gitea/modules/auth/ldap/README.md

42 lines
1.1 KiB
Raw Normal View History

initial support for LDAP authentication/MSAD
10 years ago
 
  1. LDAP authentication
  2. ===================
  3. 

  4. ## Goal

  5. 

  6. Authenticat user against LDAP directories
  7. 

  8. It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers
  9. 

  10. The first OK wins.
  11. 

  12. If there's connection error, the server will be disabled and won't be checked again
  13. 

  14. ## Usage

  15. 

  16. In the [security] section, set 
  17. >  LDAP_AUTH = true

  18. 

  19. then for each LDAP source, set
  20. 

  21. > [LdapSource-someuniquename]

  22. > name=canonicalName

  23. > host=hostname-or-ip

  24. > port=3268	# or regular LDAP port

  25. > # the following settings depend highly how you've configured your AD

  26. > basedn=dc=ACME,dc=COM

  27. > MSADSAFORMAT=%s@ACME.COM

  28. > filter=(&(objectClass=user)(sAMAccountName=%s))

  29. 

  30. ### Limitation

  31. 

  32. Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)
  33. 

  34. This MSAD is a mess.
  35. 

  36. The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration
  37. 

  38. ### Todo

  39. * Define a timeout per server
  40. * Check servers marked as "Disabled" when they'll come back online
  41. * Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
  42. * Check OpenLDAP server
  43. * SSL support ?