Mail and user configuration limitation

Hello everyone,

I’m in the process of configuring Gitea for the company I work for. I have integrated LDAP for user synchronization and applied certain limitations. Specifically, I don’t want users to be able to configure GPG keys, enable MFA, or change/add email addresses, so I’ve enabled the “EXTERNAL_USER_DISABLE_FEATURES” setting.

However, I would like the ability to configure these settings as an admin. Essentially, I want these features to be available, but only usable after going through our security group.

Another challenge I’m encountering is that when I disable the following features (deletion, manage_ssh_keys, manage_gpg_keys, manage_mfa, manage_credentials, change_username, change_full_name), I am no longer able to modify email notifications, even as an admin. This creates a dilemma: either I give users unrestricted access to these features, or I lose the ability to manage them altogether.

My questions are:

  • Is there a way to enable these features for all users but restrict access, allowing only admins to configure them?
  • Is it possible to configure standard email notifications for all users (or even per LDAP bind)?

Additionally, I use GLPI as our IT Ticket Service, which has a useful feature called “Personificate,” allowing a super-admin to “log in” as a user and view/configure the system as that user. It would be a great feature to have in Gitea as well, as it would simplify debugging and configuration.

Thank you in advance for any insights!

1 Like