Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for LDAP and AD Group sync #1395

Closed
mbuchner opened this issue Mar 27, 2017 · 25 comments · Fixed by #16299
Closed

Support for LDAP and AD Group sync #1395

mbuchner opened this issue Mar 27, 2017 · 25 comments · Fixed by #16299
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Milestone

Comments

@mbuchner
Copy link

Description

Add support for LDAP and Active Directory Groups:

see: gogs/gogs#662 (comment)

Other good example is the Jenkins LDAP plugin:
https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin

@lunny lunny added this to the 1.x.x milestone Mar 28, 2017
@lunny lunny added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Mar 28, 2017
@tboerger
Copy link
Member

I'm missing exactly this feature now. Difficult to add users to orgs or groups if they have not been signed in at any time

@stale
Copy link

stale bot commented Feb 16, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Feb 16, 2019
@lunny lunny added issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented and removed issue/stale labels Feb 28, 2019
@divansantana
Copy link

https://github.com/tws-inc/gitea-group-sync exists.

Would be nice if it was merged upstream.

@pbodnar
Copy link

pbodnar commented Feb 29, 2020

@divansantana, yes, the gitea-group-sync looks like a promising and logical approach until something better gets implemented. I. e. a cron job needs to be setup that does the following:

  1. Iterate over existing Organizations and Teams.
  2. For every Team, lookup matching Users via a LDAP query.
  3. Add / remove corresponding Users in the Team.

For steps 1 and 3, Gitea API (RESTful services) can be used. Not sure if direct access Gitea database would be safe as well. Anyway, for bigger structures the queries to LDAP could be possibly optimized...

Any more ideas?

@Elias481
Copy link

Elias481 commented Apr 8, 2020

We are also wanting this feature.
Optimally there would be a field on a team to link it to an explicit ldap group or userfilter.

Otherwise the gitea-group-sync is a quite usefull approach and would be sufficent for at least something. It should include a separate placeholder for organisation and team-name then at least.
And possibly consolidate the list of resulting queries first because I think it wil be quite common to have some same teams in different organisations.

@pgollor
Copy link

pgollor commented May 1, 2020

We are also wanting this feature.

@eummitu
Copy link

eummitu commented Jun 12, 2020

We also want this feature

@n-st
Copy link

n-st commented Jun 16, 2020

To express interest, please use the "+1" reaction feature on the first post (as several users have done already). Comments should be preferred for on-topic suggestions and discussions, to avoid unnecessary clutter and notifications for everyone subscribed to this issue.

@husnusenturk
Copy link

This feaute will be very usefull.

@EmrahKK
Copy link

EmrahKK commented Aug 18, 2020

+1

@zeripath
Copy link
Contributor

zeripath commented Nov 8, 2020

@pgollor
Copy link

pgollor commented Nov 8, 2020

I know this project but it didd't work very well for my gitea server and a native integration in gitea itself would be better.

@zeripath
Copy link
Contributor

zeripath commented Nov 8, 2020

OK - suggest a workable UI and how it could work then it could potentially be implemented.

@localleon
Copy link

It's semms like Gitea Group-Sync is currently the only project that provides this kind of functionality for the Gitea Project.

We are currently looking for maintainers, because tws-inc can't provide ressources for the project. We are discussing in tws-inc/gitea-group-sync#9

Is this still a feature that the community would like to see in the official Gitea Project?

@lachnerd
Copy link

With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ?

@pgollor
Copy link

pgollor commented Jan 18, 2021

With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ?

I think this is only for the login and not to check the rights for a organisation, or not?

@svenseeberg
Copy link
Contributor

svenseeberg commented Jan 19, 2021

How should this work in general? Some programs have a mapping field, where for example internal attributes are mapped to LDAP attributes. Mapping LDAP groups to Gitea organizations could work the same way. We would then require an input field in the LDAP settings, which for example contains a JSON with the following information: {"My_Gitea_Org": {"team": "my_Org_team", "ldap-group": "cn=MyGroup,cn=groups,dc=example,dc=org"}}. This does not sound overly complicated to implement. Alternatively, organizations would need a field in their settings where one could enter LDAP group names?

@Morriz
Copy link

Morriz commented Apr 19, 2021

Why is this still open after 4 years ;(

@lunny
Copy link
Member

lunny commented Apr 19, 2021

PRs are welcome!

@Elias481
Copy link

@lunn

PRs are welcome!

but would that have meant, after another 3 years it's still not merged because of whatever?

@jolheiser
Copy link
Member

but would that have meant, after another 3 years it's still not merged because of whatever?

This is an incredibly unhelpful comment.

None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in.

I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up.

@Elias481
Copy link

but would that have meant, after another 3 years it's still not merged because of whatever?

This is an incredibly unhelpful comment.

None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in.

I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up.

You are completely right. I did not really meant this project, on the other hand you also see it here, that kind of slowing things in regards to very helpful ERs.
But definitely, much to many enterprises just leech open source and but it, but not invest even some time the last year's. Horrible wronglyness. On the other hand we have perfect IT above, so for me personally same same is.

@svenseeberg
Copy link
Contributor

I started working on this. Feel free to provide feedback or contribute. netzbegruenung#1. No guarantees if and when this will ever be finished.

@svenseeberg
Copy link
Contributor

svenseeberg commented Jun 16, 2021

I think I got the main parts figured out. The rest should be just filling out the missing pieces, which will still take some time to accomplish. As I'm totally new to Go and the Gitea code base, I'm accepting advice unconditionally. Feel free to comment in the WiP PR.

svenseeberg added a commit to netzbegruenung/gitea that referenced this issue Jun 29, 2021
* Add setting for a JSON that maps LDAP groups
  to Org Teams.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.

Co-authored-by: Giuliano Mele <[email protected]>
Co-authored-by: Sven Seeberg <[email protected]>
svenseeberg added a commit to netzbegruenung/gitea that referenced this issue Jul 15, 2021
* Add setting for a JSON that maps LDAP groups
  to Org Teams.
* Add log trace when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.

Co-authored-by: Giuliano Mele <[email protected]>
Co-authored-by: Sven Seeberg <[email protected]>
wxiaoguang pushed a commit that referenced this issue Feb 11, 2022
* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.
@lunny lunny modified the milestones: 1.x.x, 1.17.0 Feb 11, 2022
zjjhot added a commit to zjjhot/gitea that referenced this issue Feb 12, 2022
* giteaofficial/main:
  Send mail to issue/pr assignee/reviewer also when OnMention is set (go-gitea#18707)
  Reduce CI go module downloads, add make targets (go-gitea#18708)
  Add number in queue status to monitor page (go-gitea#18712)
  Fix source code line highlighting (go-gitea#18729)
  Fix forked repositories missed tags (go-gitea#18719)
  [skip ci] Updated translations via Crowdin
  Fix release typo (go-gitea#18728)
  Display template path of current page in dev mode (go-gitea#18717)
  Separate the details links of commit-statuses in headers (go-gitea#18661)
  Add LDAP group sync to Teams, fixes go-gitea#1395 (go-gitea#16299)
  Change git.cmd to RunWithContext (go-gitea#18693)
@janosmiko
Copy link

janosmiko commented Mar 17, 2022

If anyone's interested, I forked the gitea-group-sync and added additional functionality:

https://github.com/janosmiko/gitea-ldap-sync

Now it's able to do the following:

  • sync all groups (as organizations) and subgroups (as teams) from LDAP to Gitea
  • check if the Gitea organizations and teams exist in LDAP and delete them if not
  • add Gitea users to groups, based on LDAP group membership

Chianina pushed a commit to Chianina/gitea that referenced this issue Mar 28, 2022
* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging a pull request may close this issue.