-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for LDAP and AD Group sync #1395
Comments
I'm missing exactly this feature now. Difficult to add users to orgs or groups if they have not been signed in at any time |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions. |
https://github.com/tws-inc/gitea-group-sync exists. Would be nice if it was merged upstream. |
@divansantana, yes, the gitea-group-sync looks like a promising and logical approach until something better gets implemented. I. e. a cron job needs to be setup that does the following:
For steps 1 and 3, Gitea API (RESTful services) can be used. Not sure if direct access Gitea database would be safe as well. Anyway, for bigger structures the queries to LDAP could be possibly optimized... Any more ideas? |
We are also wanting this feature. Otherwise the gitea-group-sync is a quite usefull approach and would be sufficent for at least something. It should include a separate placeholder for organisation and team-name then at least. |
We are also wanting this feature. |
We also want this feature |
To express interest, please use the "+1" reaction feature on the first post (as several users have done already). Comments should be preferred for on-topic suggestions and discussions, to avoid unnecessary clutter and notifications for everyone subscribed to this issue. |
This feaute will be very usefull. |
+1 |
I know this project but it didd't work very well for my gitea server and a native integration in gitea itself would be better. |
OK - suggest a workable UI and how it could work then it could potentially be implemented. |
It's semms like Gitea Group-Sync is currently the only project that provides this kind of functionality for the Gitea Project. We are currently looking for maintainers, because tws-inc can't provide ressources for the project. We are discussing in tws-inc/gitea-group-sync#9 Is this still a feature that the community would like to see in the official Gitea Project? |
With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ? |
I think this is only for the login and not to check the rights for a organisation, or not? |
How should this work in general? Some programs have a mapping field, where for example internal attributes are mapped to LDAP attributes. Mapping LDAP groups to Gitea organizations could work the same way. We would then require an input field in the LDAP settings, which for example contains a JSON with the following information: |
Why is this still open after 4 years ;( |
PRs are welcome! |
but would that have meant, after another 3 years it's still not merged because of whatever? |
This is an incredibly unhelpful comment. None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in. I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up. |
You are completely right. I did not really meant this project, on the other hand you also see it here, that kind of slowing things in regards to very helpful ERs. |
I started working on this. Feel free to provide feedback or contribute. netzbegruenung#1. No guarantees if and when this will ever be finished. |
I think I got the main parts figured out. The rest should be just filling out the missing pieces, which will still take some time to accomplish. As I'm totally new to Go and the Gitea code base, I'm accepting advice unconditionally. Feel free to comment in the WiP PR. |
* Add setting for a JSON that maps LDAP groups to Org Teams. * Sync is being run on login and periodically. * Existing group filter settings are reused. Co-authored-by: Giuliano Mele <[email protected]> Co-authored-by: Sven Seeberg <[email protected]>
* Add setting for a JSON that maps LDAP groups to Org Teams. * Add log trace when removing or adding team members. * Sync is being run on login and periodically. * Existing group filter settings are reused. Co-authored-by: Giuliano Mele <[email protected]> Co-authored-by: Sven Seeberg <[email protected]>
* Add setting for a JSON that maps LDAP groups to Org Teams. * Add log when removing or adding team members. * Sync is being run on login and periodically. * Existing group filter settings are reused. * Adding and removing team members. * Sync not existing LDAP group. * Login with broken group map JSON.
* giteaofficial/main: Send mail to issue/pr assignee/reviewer also when OnMention is set (go-gitea#18707) Reduce CI go module downloads, add make targets (go-gitea#18708) Add number in queue status to monitor page (go-gitea#18712) Fix source code line highlighting (go-gitea#18729) Fix forked repositories missed tags (go-gitea#18719) [skip ci] Updated translations via Crowdin Fix release typo (go-gitea#18728) Display template path of current page in dev mode (go-gitea#18717) Separate the details links of commit-statuses in headers (go-gitea#18661) Add LDAP group sync to Teams, fixes go-gitea#1395 (go-gitea#16299) Change git.cmd to RunWithContext (go-gitea#18693)
If anyone's interested, I forked the gitea-group-sync and added additional functionality: https://github.com/janosmiko/gitea-ldap-sync Now it's able to do the following:
|
* Add setting for a JSON that maps LDAP groups to Org Teams. * Add log when removing or adding team members. * Sync is being run on login and periodically. * Existing group filter settings are reused. * Adding and removing team members. * Sync not existing LDAP group. * Login with broken group map JSON.
Description
Add support for LDAP and Active Directory Groups:
see: gogs/gogs#662 (comment)
Other good example is the Jenkins LDAP plugin:
https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin
The text was updated successfully, but these errors were encountered: