Map LDAP groups to Organization teams

Hello all,
I’m using Gitea 1.17.3 on Windows and have configured a “Authentification Source” to connect the Gitea to an MS Active Directory. All works fine (the user are imported from the AD) except the part “Enable LDAP Groups”.

I created an organization “Org1” and 2 Teams inside this organization: Team1 and Team2 and created the Groups “cn=MyGroup1,cn=groups,dc=example,dc=org” and “cn=MyGroup2,cn=groups,dc=example,dc=org” on Active Directory.

I enabled the functionallity “Enable Ldap Groups”.
I mapped the Ldap-group “cn=MyGroup1,cn=groups,dc=example,dc=org” to the Team1 with
“Map LDAP groups to Organization teams”: {“cn=MyGroup1,cn=groups,dc=example,dc=org”:{“Org1”:[“Team1”]}}
This works.

i want to map the Second LDAP-Group “cn=MyGroup2,cn=groups,dc=example,dc=org” to the Team2 together with the mapping for Team1.
I tried to add the second mapping to the entry of step2, like
“Map LDAP groups to Organization teams”: {“cn=MyGroup1,cn=groups,dc=example,dc=org”:{“Org1”:[“Team1”]}}{“cn=MyGroup2,cn=groups,dc=example,dc=org”:{“Org1”:[“Team2”]}}
This doesnt work.

In the log i see an Error:
…dap/source_search.go:235:mapLdapGroupsToTeams() [E] [6391dcab-2] Failed to unmarshall LDAP teams map: Unmarshal: there are bytes left after unmarshal, error found in …

I tried some different separators between the 2 mappings, enclosing with {} and some more but nothing works.

Is that not possible to map more than ONE Ldap-group to one or more teams (in one Authentication Source)?


The error you are receiving is because you have supplied an invalid JSON string. The LDAP group mapping are JSON, so you want to do something like this:

    "cn=MyGroup1,cn=groups,dc=example,dc=org": {
        "Org1": ["Team1"]
    "cn=MyGroup2,cn=groups,dc=example,dc=org": {
        "Org2": ["Team2"]

You can use something like to validate that your string is proper JSON. There’s also a ton of these websites out there, just search “JSON formatter” or “JSON validator”.