You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
gitea/modules/auth/ldap
Joseph Crail 39c068400e Fix spelling errors in comments. 10 years ago
..
README.md Removed trailing white spaces 10 years ago
ldap.go Fix spelling errors in comments. 10 years ago
ldap_test.go ignore broken tests 11 years ago

README.md

LDAP authentication

Goal

Authenticat user against LDAP directories

It will bind with the user's login/pasword and query attributs ("mail" for instance) in a pool of directory servers

The first OK wins.

If there's connection error, the server will be disabled and won't be checked again

Usage

In the [security] section, set

LDAP_AUTH = true

then for each LDAP source, set

[LdapSource-someuniquename] name=canonicalName host=hostname-or-ip port=3268 # or regular LDAP port

the following settings depend highly how you've configured your AD

basedn=dc=ACME,dc=COM MSADSAFORMAT=%s@ACME.COM filter=(&(objectClass=user)(sAMAccountName=%s))

Limitation

Only tested on an MS 2008R2 DC, using global catalog (TCP/3268)

This MSAD is a mess.

The way how one checks the directory (CN, DN etc...) may be highly depending local custom configuration

Todo

  • Define a timeout per server
  • Check servers marked as "Disabled" when they'll come back online
  • Find a more flexible way to define filter/MSADSAFORMAT/Attributes etc... maybe text/template ?
  • Check OpenLDAP server
  • SSL support ?