Hi,
im currently playing arround with a ldap setup for my gitea instance.
Or more like im setting up ldap to synchronize the authantication between several services im hosting so users dont have to remember 5 different usernames/password.
I could easly get authentication working with both ldap methods but i cant get the admin filter working correctly.
I have two groups on my ldap server:
cn=gitea,ou=groups,dc=example,dc=com
cn=gitea_admin,ou=groups,dc=example,dc=com
my main user filter is the following:
(&(objectClass=posixAccount)(uid=%s)(memberOf=cn=gitea,ou=groups,dc=example,dc=com))
This works fine and only users which are a member of the gitea group can authenticate.
Tried the same for my admin filter:
(&(objectClass=posixAccount)(uid=%s)(memberOf=cn=gitea_admin,ou=groups,dc=example,dc=com))
But this fails, i can see why in my ldap server logs. The admin filter wont substitute the %s
with the correct username so this search turns up empty. I also tried only filtering by memberOf:
(memberOf=cn=gitea_admin,ou=groups,dc=example,dc=com)
But this results in every user getting admin previlges…
its seems like its just searching for this filter on the ldap server and doesnt care to which user this applies.
Any idea how to fix this or is it a bug that the substitution isnt working?
I can live without setting admin previlges using an ldap group as i always could set this using the gitea ui if i ever need it, still wondering whats the issue…