- `--synchronize-users`: Enable user synchronization.
- `--page-size value`: Search page size.
- Examples:
- - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail`
+ - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail`
- `update-ldap`: Update existing LDAP (via Bind DN) authentication source
- Options:
- `--id value`: ID of authentication source. Required.
- User Filter **(required)**
- An LDAP filter declaring how to find the user record that is attempting to
- authenticate. The `%s` matching parameter will be substituted with login
+ authenticate. The `%[1]s` matching parameter will be substituted with login
name given on sign-in form.
- - Example: `(&(objectClass=posixAccount)(uid=%s))`
+ - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
- Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`
- To substitute more than once, `%[1]s` should be used instead, e.g. when
matching supplied login name against multiple attributes such as user
- Example: `ou=Users,dc=mydomain,dc=com`
- User Filter **(required)**
- - An LDAP filter declaring when a user should be allowed to log in. The `%s`
+ - An LDAP filter declaring when a user should be allowed to log in. The `%[1]s`
matching parameter will be substituted with login name given on sign-in
form.
- - Example: `(&(objectClass=posixAccount)(cn=%s))`
- - Example: `(&(objectClass=posixAccount)(uid=%s))`
+ - Example: `(&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))`
+ - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
### Verify group membership in LDAP
* User Filter **(required)**
* An LDAP filter declaring how to find the user record that is attempting to
- authenticate. The '%s' matching parameter will be substituted with the
+ authenticate. The '%[1]s' matching parameter will be substituted with the
user's username.
- * Example: (&(objectClass=posixAccount)(uid=%s))
+ * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
**LDAP using simple auth** adds the following fields:
* Example: ou=Users,dc=mydomain,dc=com
* User Filter **(required)**
- * An LDAP filter declaring when a user should be allowed to log in. The `%s`
+ * An LDAP filter declaring when a user should be allowed to log in. The `%[1]s`
matching parameter will be substituted with the user's username.
- * Example: (&(objectClass=posixAccount)(cn=%s))
- * Example: (&(objectClass=posixAccount)(uid=%s))
+ * Example: (&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))
+ * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
**Verify group membership in LDAP** uses the following fields:
{{end}}
<div class="required field">
<label for="filter">{{.locale.Tr "admin.auths.filter"}}</label>
- <input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))" required>
+ <input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" required>
</div>
<div class="field">
<label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label>
</div>
<div class="required field">
<label for="filter">{{.locale.Tr "admin.auths.filter"}}</label>
- <input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))">
+ <input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))">
</div>
<div class="field">
<label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label>
projects / gitea.git / commitdiff