I successfully got Gitea to work with OpenLDAP authentication, but now I want to only have users that are members of a certain PosixGroup allowed to log into Gitea. In my case, the group contains an array of memberUids (it is not the main group for a user).
It looks like what I need is on https://docs.gitea.io/en-us/authentication/ under “Verify group membership in LDAP”, but I don’t see where to enter the settings such as Group Name Filter and User Attribute in Group.
Can anyone point me towards where I would go about enabling “Verify group membership in LDAP” and where I can find the fields to enter the Group Name Filter, etc.?
I was able to work around this by enabling the memberOf overlay. I made the group “cloud” as a groupOfUniqueNames and I add the users that I want to have access to Nextcloud to this group.
I modified the User Filter in Gitea to look something like this: (&(objectClass=posixAccount)(memberOf=cn=cloud,ou=groups,dc=example,dc=com)(uid=%s))
Hope this helps someone. It would still be nice to do it without the memberOf overlay.
In Addition to the memberOf attribute, which is a quite cool one:
how to set it up on OpenLDAP, first it is an overlay Attribute, if you try to use it in an existing LDAP you have to rejoin your groupmembers, but it wount break anything, because it will be delivered on request.
so far I also used the memberOf approach, but I hope to be able to use the groups in a more sophisticated way once I managed to set it up correctly - did you find an suitable option in the meantime?
The docs regarding Verify group membership in LDAP are fairly old and I couldn’t find code to support it directly. My best guess is that documentation was a typo and was supposed to be examples rather than configuration.