leviathonbeast/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-03-31 15:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

example_configs: add initial gogs.md documentation

Browse Source 
Gogs is the origin for common git forges so we add a documentation which
may be beneficial for other use cases where lldap should be used with.
It appears to be in mantenance mode - the current example may have to be
extended in the future.

We adapt the official documentation example configuration to integrate
lldap with the more elaborated example.
The reader may also be interested in a more simple example at
[upstream](https://github.com/gogs/gogs/blob/main/conf/auth.d/ldap_simple_auth.conf.example).
This commit is contained in:
thchha
2025-10-21 00:07:46 +02:00
committed by GitHub
parent 73f071ce89
commit 660301eb5f
1 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
example_configs/gogs.md
+46
View File
@@ -0,0 +1,46 @@
# Gogs LDAP configuration
Gogs can make use of LDAP and therefore lldap.
The following configuration is adapted from the example configuration at [their repository](https://github.com/gogs/gogs/blob/main/conf/auth.d/ldap_bind_dn.conf.example).
The example is a container configuration - the file should live within `conf/auth.d/some_name.conf`:
```yaml
$ cat /srv/git/gogs/conf/auth.d/ldap_bind_dn.conf
id = 101
type = ldap_bind_dn
name = LDAP BindDN
is_activated = true
is_default = true
[config]
host = ldap.example.com
port = 6360
# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
security_protocol = 1
# You either need to install the LDAPS certificate into your trust store -
# Or skip verification altogether - for a restricted container deployment a sane default.
skip_verify = true
bind_dn = uid=<binduser>,ou=people,dc=example,dc=com
bind_password = `yourPasswordInBackticks`
user_base = dc=example,dc=com
attribute_username = uid
attribute_name = givenName
attribute_surname = sn
attribute_mail = mail
attributes_in_bind = false
# restricts on the `user_base`.
filter = (&(objectClass=person)(uid=%s))
# The initial administrator has to enable admin privileges.
# This is only possible for users who were logged in once.
# This renders the following filter obsolete; Though its response is accepted by Gogs.
admin_filter = (memberOf=cn=<yourAdminGroup>,ou=groups,dc=example,dc=com)
```
The `binduser` shall be a member of `lldap_strict_readonly`.
The group `yourAdminGroup` should be adapted to your requirement - Otherwise the entire line can be omitted.
The diamond brackets are for readability and are not required.
## Tested on Gogs
v0.14+dev via podman 4.3.1