Help with FreeIPA LDAP Config

Install/Maintain/Configure

Finderup October 25, 2023, 11:27am 1

Hi all

I have used some hours trying setting up LDAP Auth to my FreeIPA env.
I have made a BIND User called git_bind_user
I have used alot of combination, but with no luck, with every config i have used the cron tasks “Synchronize external user data”

I have testet both 389 and 636 from git host with nc -vz xx.xx.xx.xx port
And both are open

My config look like this

Host: IP of my host
Port: 389
Bind DN: uid=git_bind_user,cn=users,cn=accounts,dc=sub,dc=example,dc=com
User search base: cn=users,cn=accounts,dc=sub,dc=km-example,dc=com
User filter: (| (member={0}) (uniqueMember={0}) (memberUid={1}))

In user search and user filter i have tested all kinds of things, but with no luck.
I have succesfull connected zabbix, but need help with gitea.

If we could start with users just will sync, then maybe only users i group git_user

Finderup November 3, 2023, 10:36am 2

Hi Would still love to get some help with this issue

oranclay June 5, 2025, 6:27pm 3

Solved this morning.

Authentication Name
    "Any Name you want"

Security Protocol
    "LDAPS"

Host
    "IPA Host Machine" - aaa.net.domain.local

Port
    636 (Default for LDAPS)

Skip TLS Verify
    Enabled (Disabled if you've added the CA to your host machine/container)

Bind DN
   This needs to be a full DN not just the service uid, ie.e
    uid=service--gitea-auth,cn=users,cn=accounts,dc=net,dc=domain,dc=local

Bind Password
    User a Good one here

User Search Base
    keep it simple until you have a large search list (10,000+)
    i.e. "cn=users,cn=accounts,dc=net,dc=domain,dc=local"

User Filter
    This one allows filter by email and by username
    (&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))

Admin Filter
    This one also allows filter by email and by username
    (&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git-admin,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))

Restricted Filter
    I left this blank

Username Attribute
    uid

First Name Attribute
    givenName

Surname Attribute
    sn

Email Attribute
    mail

Pulbic SSH Key Attribute
    left blank

Avatar Attribute
    jpegPhoto

Enable LDAP groups
    Diabled

Use Paged Search
    Diabled

Fetch Attributes in Bind DN Context
    Enabled

Skip local 2FA
    Disabled

Allow an Empty search result to deactivate all users
    Disabled

Enable User Synchronization
    Enabled

This Authencation Source is Activated
    Enabled

Related topics

Topic		Replies	Views	Activity
Ldap configuration not working Install/Maintain/Configure	2	2726	May 27, 2020
Gitea LDAP not working Install/Maintain/Configure	1	3196	January 4, 2024
LDAP: Issues with admin filter Install/Maintain/Configure	6	3919	April 27, 2021
Redundant LDAP set-up General	0	775	April 24, 2023
Moving from LDAP (simple) to LDAP Bind Install/Maintain/Configure	7	5468	June 28, 2019