Hi all
I have used some hours trying setting up LDAP Auth to my FreeIPA env.
I have made a BIND User called git_bind_user
I have used alot of combination, but with no luck, with every config i have used the cron tasks “Synchronize external user data”
I have testet both 389 and 636 from git host with nc -vz xx.xx.xx.xx port
And both are open
My config look like this
Host: IP of my host
Port: 389
Bind DN: uid=git_bind_user,cn=users,cn=accounts,dc=sub,dc=example,dc=com
User search base: cn=users,cn=accounts,dc=sub,dc=km-example,dc=com
User filter: (| (member={0}) (uniqueMember={0}) (memberUid={1}))
In user search and user filter i have tested all kinds of things, but with no luck.
I have succesfull connected zabbix, but need help with gitea.
If we could start with users just will sync, then maybe only users i group git_user
Hi Would still love to get some help with this issue 
Solved this morning.
Authentication Name
"Any Name you want"
Security Protocol
"LDAPS"
Host
"IPA Host Machine" - aaa.net.domain.local
Port
636 (Default for LDAPS)
Skip TLS Verify
Enabled (Disabled if you've added the CA to your host machine/container)
Bind DN
This needs to be a full DN not just the service uid, ie.e
uid=service--gitea-auth,cn=users,cn=accounts,dc=net,dc=domain,dc=local
Bind Password
User a Good one here
User Search Base
keep it simple until you have a large search list (10,000+)
i.e. "cn=users,cn=accounts,dc=net,dc=domain,dc=local"
User Filter
This one allows filter by email and by username
(&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))
Admin Filter
This one also allows filter by email and by username
(&(|(uid=%[1]s)(mail=%[1]s))(memberOf=cn=service--git-admin,cn=groups,cn=accounts,dc=net,dc=domain,dc=local))
Restricted Filter
I left this blank
Username Attribute
uid
First Name Attribute
givenName
Surname Attribute
sn
Email Attribute
mail
Pulbic SSH Key Attribute
left blank
Avatar Attribute
jpegPhoto
Enable LDAP groups
Diabled
Use Paged Search
Diabled
Fetch Attributes in Bind DN Context
Enabled
Skip local 2FA
Disabled
Allow an Empty search result to deactivate all users
Disabled
Enable User Synchronization
Enabled
This Authencation Source is Activated
Enabled