TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 08:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add LDAP group sync to Teams, fixes #1395 (#16299)

Browse Source 
* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.
This commit is contained in:
Sven Seeberg
2022-02-11 15:24:58 +01:00
committed by GitHub
parent 26718a785a
commit 832ce406ae
14 changed files with 423 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
templates/admin/auth/edit.tmpl
View File

@@ -108,31 +108,43 @@
<label for="attribute_avatar">{{.i18n.Tr "admin.auths.attribute_avatar"}}</label>
<input id="attribute_avatar" name="attribute_avatar" value="{{$cfg.AttributeAvatar}}" placeholder="e.g. jpegPhoto">
</div>
<!-- ldap group begin -->
<div class="inline field">
<div class="ui checkbox">
<label for="groups_enabled"><strong>{{.i18n.Tr "admin.auths.verify_group_membership"}}</strong></label>
<input id="groups_enabled" name="groups_enabled" type="checkbox" {{if $cfg.GroupsEnabled}}checked{{end}}>
<label><strong>{{.i18n.Tr "admin.auths.enable_ldap_groups"}}</strong></label>
<input type="checkbox" name="groups_enabled" class="js-ldap-group-toggle" {{if $cfg.GroupsEnabled}}checked{{end}}>
</div>
</div>
<div id="groups_enabled_change">
<div id="ldap-group-options" class="ui segment secondary" {{if not $cfg.GroupsEnabled}}hidden{{end}}>
<div class="field">
<label for="group_dn">{{.i18n.Tr "admin.auths.group_search_base"}}</label>
<input id="group_dn" name="group_dn" value="{{$cfg.GroupDN}}" placeholder="e.g. ou=group,dc=mydomain,dc=com">
<label>{{.i18n.Tr "admin.auths.group_search_base"}}</label>
<input name="group_dn" value="{{$cfg.GroupDN}}" placeholder="e.g. ou=group,dc=mydomain,dc=com">
</div>
<div class="field">
<label for="group_filter">{{.i18n.Tr "admin.auths.valid_groups_filter"}}</label>
<input id="group_filter" name="group_filter" value="{{$cfg.GroupFilter}}" placeholder="e.g. (|(cn=gitea_users)(cn=admins))">
<label>{{.i18n.Tr "admin.auths.group_attribute_list_users"}}</label>
<input name="group_member_uid" value="{{$cfg.GroupMemberUID}}" placeholder="e.g. memberUid">
</div>
<div class="field">
<label for="group_member_uid">{{.i18n.Tr "admin.auths.group_attribute_list_users"}}</label>
<input id="group_member_uid" name="group_member_uid" value="{{$cfg.GroupMemberUID}}" placeholder="e.g. memberUid">
<label>{{.i18n.Tr "admin.auths.user_attribute_in_group"}}</label>
<input name="user_uid" value="{{$cfg.UserUID}}" placeholder="e.g. uid">
</div>
<div class="field">
<label for="user_uid">{{.i18n.Tr "admin.auths.user_attribute_in_group"}}</label>
<input id="user_uid" name="user_uid" value="{{$cfg.UserUID}}" placeholder="e.g. uid">
<label>{{.i18n.Tr "admin.auths.verify_group_membership"}}</label>
<input name="group_filter" value="{{$cfg.GroupFilter}}" placeholder="e.g. (|(cn=gitea_users)(cn=admins))">
</div>
<div class="field">
<label>{{.i18n.Tr "admin.auths.map_group_to_team"}}</label>
<input name="group_team_map" value="{{$cfg.GroupTeamMap}}" placeholder='e.g. {"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}'>
</div>
<div class="ui checkbox">
<label>{{.i18n.Tr "admin.auths.map_group_to_team_removal"}}</label>
<input name="group_team_map_removal" type="checkbox" {{if $cfg.GroupTeamMapRemoval}}checked{{end}}>
</div>
<br/>
</div>
<!-- ldap group end -->
{{if .Source.IsLDAP}}
<div class="inline field">
<div class="ui checkbox">

35
templates/admin/auth/source/ldap.tmpl
View File

@@ -79,31 +79,42 @@
<label for="attribute_avatar">{{.i18n.Tr "admin.auths.attribute_avatar"}}</label>
<input id="attribute_avatar" name="attribute_avatar" value="{{.attribute_avatar}}" placeholder="e.g. jpegPhoto">
</div>
<!-- ldap group begin -->
<div class="inline field">
<div class="ui checkbox">
<label for="groups_enabled"><strong>{{.i18n.Tr "admin.auths.verify_group_membership"}}</strong></label>
<input id="groups_enabled" name="groups_enabled" type="checkbox" {{if .groups_enabled}}checked{{end}}>
<label><strong>{{.i18n.Tr "admin.auths.enable_ldap_groups"}}</strong></label>
<input type="checkbox" name="groups_enabled" class="js-ldap-group-toggle" {{if .groups_enabled}}checked{{end}}>
</div>
</div>
<div id="groups_enabled_change">
<div id="ldap-group-options" class="ui segment secondary">
<div class="field">
<label for="group_dn">{{.i18n.Tr "admin.auths.group_search_base"}}</label>
<input id="group_dn" name="group_dn" value="{{.group_dn}}" placeholder="e.g. ou=group,dc=mydomain,dc=com">
<label>{{.i18n.Tr "admin.auths.group_search_base"}}</label>
<input name="group_dn" value="{{.group_dn}}" placeholder="e.g. ou=group,dc=mydomain,dc=com">
</div>
<div class="field">
<label for="group_filter">{{.i18n.Tr "admin.auths.valid_groups_filter"}}</label>
<input id="group_filter" name="group_filter" value="{{.group_filter}}" placeholder="e.g. (|(cn=gitea_users)(cn=admins))">
<label>{{.i18n.Tr "admin.auths.group_attribute_list_users"}}</label>
<input name="group_member_uid" value="{{.group_member_uid}}" placeholder="e.g. memberUid">
</div>
<div class="field">
<label for="group_member_uid">{{.i18n.Tr "admin.auths.group_attribute_list_users"}}</label>
<input id="group_member_uid" name="group_member_uid" value="{{.group_member_uid}}" placeholder="e.g. memberUid">
<label>{{.i18n.Tr "admin.auths.user_attribute_in_group"}}</label>
<input name="user_uid" value="{{.user_uid}}" placeholder="e.g. uid">
</div>
<div class="field">
<label for="user_uid">{{.i18n.Tr "admin.auths.user_attribute_in_group"}}</label>
<input id="user_uid" name="user_uid" value="{{.user_uid}}" placeholder="e.g. uid">
<label>{{.i18n.Tr "admin.auths.verify_group_membership"}}</label>
<input name="group_filter" value="{{.group_filter}}" placeholder="e.g. (|(cn=gitea_users)(cn=admins))">
</div>
<div class="field">
<label>{{.i18n.Tr "admin.auths.map_group_to_team"}}</label>
<input name="group_team_map" value="{{.group_team_map}}" placeholder='e.g. {"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}'>
</div>
<div class="ui checkbox">
<label>{{.i18n.Tr "admin.auths.map_group_to_team_removal"}}</label>
<input name="group_team_map_removal" type="checkbox" {{if .group_team_map_removal}}checked{{end}}>
</div>
<br/>
</div>
<!-- ldap group end -->
<div class="ldap inline field {{if not (eq .type 2)}}hide{{end}}">
<div class="ui checkbox">
<label for="use_paged_search"><strong>{{.i18n.Tr "admin.auths.use_paged_search"}}</strong></label>