Help with FreeIPA LDAP Config

Hi all

I have used some hours trying setting up LDAP Auth to my FreeIPA env.
I have made a BIND User called git_bind_user
I have used alot of combination, but with no luck, with every config i have used the cron tasks “Synchronize external user data”

I have testet both 389 and 636 from git host with nc -vz xx.xx.xx.xx port
And both are open

My config look like this

Host: IP of my host
Port: 389
Bind DN: uid=git_bind_user,cn=users,cn=accounts,dc=sub,dc=example,dc=com
User search base: cn=users,cn=accounts,dc=sub,dc=km-example,dc=com
User filter: (| (member={0}) (uniqueMember={0}) (memberUid={1}))

In user search and user filter i have tested all kinds of things, but with no luck.
I have succesfull connected zabbix, but need help with gitea.

If we could start with users just will sync, then maybe only users i group git_user

Hi Would still love to get some help with this issue :smiley:

Solved this morning.

Authentication Name
    "Any Name you want"

Security Protocol
    "LDAPS"

Host
    "IPA Host Machine" - aaa.net.domain.local

Port
    636 (Default for LDAPS)

Skip TLS Verify
    Enabled (Disabled if you've added the CA to your host machine/container)

Bind DN
   This needs to be a full DN not just the service uid, ie.e
    uid=service--gitea-auth,cn=users,cn=accounts,dc=net,dc=domain,dc=local

Bind Password
    User a Good one here

User Search Base
    keep it simple until you have a large search list (10,000+)
    i.e. "cn=users,cn=accounts,dc=net,dc=domain,dc=local"

User Filter
    This one allows filter by email and by username
    (&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))

Admin Filter
    This one also allows filter by email and by username
    (&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git-admin,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))

Restricted Filter
    I left this blank

Username Attribute
    uid

First Name Attribute
    givenName

Surname Attribute
    sn

Email Attribute
    mail

Pulbic SSH Key Attribute
    left blank

Avatar Attribute
    jpegPhoto

Enable LDAP groups
    Diabled

Use Paged Search
    Diabled

Fetch Attributes in Bind DN Context
    Enabled

Skip local 2FA
    Disabled

Allow an Empty search result to deactivate all users
    Disabled

Enable User Synchronization
    Enabled

This Authencation Source is Activated
    Enabled