Commit Graph

17 Commits

Author SHA1 Message Date
Adam Strzelecki
834d92a47b LDAP: Fetch attributes in Bind DN context option
This is feature is workaround for #2628 (JumpCloud) and some other services
that allow LDAP search only under BindDN user account, but not allow any LDAP
search query in logged user DN context.

Such approach is an alternative to minimal permissions security pattern for
BindDN user.
2016-02-20 14:12:32 +01:00
Unknwon
978dc00305 APIs: admin users 2015-12-05 17:13:13 -05:00
Adam Strzelecki
573305f3d3 LDAP: Optional user name attribute specification
Consider following LDAP search query example:

    (&(objectClass=Person)(|(uid=%s)(mail=%s)))

Right now on first login attempt Gogs will use the text supplied on login form
as the newly created user name. In example query above the text matches against
both e-mail or user name. So if user puts the e-mail then the new Gogs user
name will be e-mail which may be undesired.

Using optional user name attribute setting we can explicitly say we want Gogs
user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail
to login 1st time, the new account will receive correct user name.
2015-12-02 00:20:14 +01:00
Unknwon
932dbccb67 fix import path, fix #1782 2015-10-15 21:28:12 -04:00
Unknwon
cd37fccdfb #1625 remove auto_register and makes it default 2015-09-12 20:58:51 -04:00
Unknwon
362d64df04 #1620 add allowed domains for SMTP auth 2015-09-11 13:32:33 -04:00
Unknwon
121a81a2c5 finish new edit auth UI 2015-09-11 12:03:08 -04:00
Unknwon
0617448282 finish new add auth UI 2015-09-10 17:11:41 -04:00
Sergio Benitez
2d1db4bf05 Added LDAP simple auth support. 2015-09-04 20:48:34 -07:00
Unknwon
ea454c21f7 #1542 A way to skip TLS verify for SMTP authentication 2015-08-29 15:45:58 +08:00
Girish Ramakrishnan
24d7a86a8d Set IsAdmin using LDAP
The IsAdmin flag is set based on whether the admin filter
returned any result. The admin filter is applied with the user dn
as the search root.

In the future, we should update IsAdmin as well on each login.
Alternately, we can have a periodic sync operation.
2015-08-18 23:49:12 -07:00
Sergio Benitez
7d84d4a8f0 Significantly enhanced LDAP support in Gogs. 2015-08-12 17:01:22 -07:00
Paolo Borelli
182003aa41 Add PAM authentication 2015-04-24 10:13:01 +02:00
Unknwon
211596f407 #1124 LDAP add and edit form are misleading 2015-03-24 19:04:16 -04:00
Lauris BH
00653e52ee Get username, name, surname and e-mail from LDAP server 2015-02-08 01:49:51 +02:00
Unknwon
fa241efa6d Use binding middleware 2014-10-15 11:19:20 -04:00
Unknwon
8dd07c0ddd New UI merge in progress 2014-07-26 00:24:27 -04:00