Gitea-John71/LLDAP
2
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-06-10 05:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e96e4c4adf2e933fbee72b0fd767b6db3dc35730
LLDAP/example_configs/gogs.md

2.8 KiB
Raw Blame History

Gogs LDAP configuration

Via Simple Auth (easier)

Go to the Administration settings, then go to Authentication. There, you have to add an authentication source.

For type, select "LDAP (Simple Auth)". Name your authentication source however you'd like. It is up to you to select your security protocol, but the only two compatible options are "LDAPS" and "Unencrypted". As your host, put in the IP or FQDN (if you have DNS). As your port, it is suggested to look into your config file. It will generally be 389 (unencrypted), 3890 (unencrypted, in default docker compose), 636 (LDAPS), 6360 (LDAPS, in default docker compose). Your User DN has to be equal to uid=%s,ou=people,dc=example,dc=com, except if you changed your Base DN. In that case, modify the two last parts to match it. It is recommended to have your user filter to be (&(objectClass=person)(uid=%s)). Your username attribute should be uid. Your Given Name attribute should be givenName. Your surname attribute should be sn. Your email attribute should be mail.

You can (and should if you don't know LDAP) leave the rest empty.

Via Bind DN (more complicated)

The following configuration is adapted from the example configuration at their repository. The example is a container configuration - the file should live within conf/auth.d/some_name.conf:

$ cat /srv/git/gogs/conf/auth.d/ldap_bind_dn.conf
id           = 101
type         = ldap_bind_dn
name         = LDAP BindDN
is_activated = true
is_default   = true

[config]
host               = ldap.example.com
port               = 6360
# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
security_protocol  = 1
# You either need to install the LDAPS certificate into your trust store -
# Or skip verification altogether - for a restricted container deployment a sane default.
skip_verify        = true
bind_dn            = uid=<binduser>,ou=people,dc=example,dc=com
bind_password      = `yourPasswordInBackticks`
user_base          = dc=example,dc=com
attribute_username = uid
attribute_name     = givenName
attribute_surname  = sn
attribute_mail     = mail
attributes_in_bind = false
# restricts on the `user_base`.
filter             = (&(objectClass=person)(uid=%s))
# The initial administrator has to enable admin privileges.
# This is only possible for users who were logged in once.
# This renders the following filter obsolete; Though its response is accepted by Gogs.
admin_filter       = (memberOf=cn=<yourAdminGroup>,ou=groups,dc=example,dc=com)

The binduser shall be a member of lldap_strict_readonly. The group yourAdminGroup should be adapted to your requirement - Otherwise the entire line can be omitted. The diamond brackets are for readability and are not required.

Tested on Gogs

v0.14+dev via podman 4.3.1

Reference in New Issue View Git Blame Copy Permalink