Migrating from Gitlab - Cannot get LDAP authentication to work


#1

I am trying to migrate from a Gitlab container to a Gitea container and I cannot get the LDAP authentication to work. My previous settings using Gitlab where the following:

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
    main: # 'main' is the GitLab 'provider ID' of this LDAP server
      label: 'LDAP'
      host: 'ldap.mydomain.fr'
      port: 389
      uid: 'uid'
      method: 'plain' # "tls" or "ssl" or "plain"
      bind_dn: 'uid=gitlab,ou=services,dc=mydomain,dc=fr'
      password: '****'
      active_directory: false
      allow_username_or_email_login: true
      block_auto_created_users: false
      base: 'ou=people,dc= mydomain,dc=fr'
      user_filter: '(memberof=cn=gitlab-users,ou=groups,dc= mydomain,dc=fr)'

I have added a new authentication method to Gitea of type “LDAP (via BindDN)” and filled the fields with the above information. I have set “Username attribute” to uniqueIdentifier which is the field used in my LDAP settings.

I then added a user with the correct authentication source with both “Username” and “Authentication Login Name” corresponding to the username of an existing LDAP user, and its email to the mail used for the LDAP user.

When I try to login with this username, I get a “Incorrect username or password.” and I don’t see anything relevant regarding the LDAP query in the logs of the container.

The LDAP communication was working fine with Gitlab and is working fine with other services (e.g. nextcloud) so I think the problems comes from the Gitea configuration.

Could anyone help here? I tried various combinations of value for the fields (username, etc.), but nothing worked, and I don’t know where to look for logging information regarding LDAP queries…

Thanks!


#2

I got the answer by myself, the user filter property is not the same between gitlab and next cloud. I had to change it to something like:

(&(memberof=cn=gitlab-users,ou=groups,dc=mydomain,dc=fr)(uid=%s))

For those having similar issue with this, I switch to Trace debug in /data/gitea/conf/app.ini and found lots of information by looking at /data/gitea/log/gitea.log.


#3

+1

Must not forget (uid=%s) – that’s what prevented it to work for me.

Thanks.