Synchronize AD Groups to Gitea Teams

Install/Maintain/Configure
1

Hello,

I’m using Gitea 1.20.4 on RHEL 8.8.
I have configured an Authentication Source with Active Directory.

In it, I have a user filter that works : (&(memberOf=CN=G_GITEA_USER,CN=Users,DC=DOMAIN,DC=LAN)(sAMAccountName=%s)).

I have also configured synchronization between AD Groups and Gitea Teams so that if we add someone to one of the groups, he will be added to the associated team.

But the thing I can’t get to work is when we remove someone from one of the groups, he is also removed from the associated team.

Group Search Base DN : CN=Users,DC=DOMAIN,DC=LAN
Group Attribute Containing List Of Users : member
User Attribute Liste In Group : distinguishedName
Verify group membership in LDAP : I leave it empty because I don’t know how to configure it.
“Remove users from synchronized teams if the user doesn’t belong to the corresponding group” case checked (sorry if it’s not the actual name of this checkbox, I use the french version of Gitea).

Did I miss something ?

Thanks !

2

I have made some tests and I can clarify what’s OK et what’s not.

If I remove someone from an access group of a repository, after the Gitea sync, he is removed from the associated team. That’s one of the expected result.

But if I remove someone from the G_GITEA_USER group (the one used for the user filter) without removing it from the access groups before, he still appear in the associated teams. Luckily, he is disabled and can’t access Gitea.

So my new question is : Is there a way to remove a user from all the teams is in if he is removed from the G_GITEA_USER group or if he is deleted on the AD side ?

Thanks.