To get help youâre probably going to have to provide more details or try asking on Stack Overflow unless youâre ready to buck up some cash for someoneâs time.
No problem. Hope youâre able to figure it out. Theyâre may be some Issues on GitHub you can search through to help find your answer. Try searching for âLDAPâ in the Git repo and if you do figure it out let us know how you did it here. Best of luck!
User filter:
(&(sAMAccountName=%s)(objectCategory=Person)(memberOf=CN=Gitea-group,DC=myexample,DC=com)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
I was able to get the Gitea authentication working using an old format for Guacamole (donât ask). The good news is that it works. The bad news (I think) is that it ignores groups. Maybe someone else can expand on the following.
Autnetication Type: LDAP (simple auth)
Authentication Name: *whatever*
Security Protocol: Unencrypted
Host: *IP of FreeIPA Server*
Port: 389
User Search Base: cn=users, cn=compat,dc=*example*,dc=*com*
User DN: uid=%s,cn=users,cn=compat,dc=*example*,dc=*com*
User Filter: (&(objectClass=posixAccount)(uid=%s))
Email attribute: mail
With the above, only check the âThis Authentication Source is Activatedâ
In the above, youâll want to change the following (and leave off the asterisks):
whatever
IP of FreeIPA server
example
com
Now that I have that much working, Ill be experimenting with getting the encrypted version working.
Note: in developing the above âldapsearch -xâ was valuable.
Also, to note: the documentation has you building and installing gitea.ldif in your FreeIPA server. Only do that if you plan on updating passwords from Gitea, back to FreeIPA. The LDIF is not needed if youâre not changing SSO passwords from within Gitea.
Maybe I should add a description about my setup: Iâm running Gitea and FreeIPA in separate Docker containers, running on the same host. The IP address used in the above is the external IP address for the Docker host. Both containers have ports forwarded to the host so that both services are externally reachable.
Iâll be trying to add a groups filter and an admin filter sometime in the near future.