diff options
author | Gary Moon <garymoon@users.noreply.github.com> | 2023-05-05 14:18:53 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-05 14:18:53 -0400 |
commit | b8c19e7a11525da4174b6f80f87ff3e844d03d8a (patch) | |
tree | b0cf7a236c68eae67ae7ecad6f7f548775926ffd | |
parent | 09dd4b42c7afe3f474d900b9d5856af2929a12ea (diff) | |
download | gitea-b8c19e7a11525da4174b6f80f87ff3e844d03d8a.tar.gz gitea-b8c19e7a11525da4174b6f80f87ff3e844d03d8a.zip |
Update LDAP filters to include both username and email address (#24547)
Since the login form label for user_name unconditionally displays
`Username or Email Address` for the `user_name` field, bring matching
LDAP filters to more prominence in the documentation/placeholders.
Signed-off-by: Gary Moon <gary@garymoon.net>
-rw-r--r-- | docs/content/doc/administration/command-line.en-us.md | 2 | ||||
-rw-r--r-- | docs/content/doc/usage/authentication.en-us.md | 10 | ||||
-rw-r--r-- | services/auth/source/ldap/README.md | 10 | ||||
-rw-r--r-- | templates/admin/auth/edit.tmpl | 2 | ||||
-rw-r--r-- | templates/admin/auth/source/ldap.tmpl | 2 |
5 files changed, 13 insertions, 13 deletions
diff --git a/docs/content/doc/administration/command-line.en-us.md b/docs/content/doc/administration/command-line.en-us.md index bf4578afec..37ba0c04da 100644 --- a/docs/content/doc/administration/command-line.en-us.md +++ b/docs/content/doc/administration/command-line.en-us.md @@ -225,7 +225,7 @@ Admin operations: - `--synchronize-users`: Enable user synchronization. - `--page-size value`: Search page size. - Examples: - - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail` + - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail` - `update-ldap`: Update existing LDAP (via Bind DN) authentication source - Options: - `--id value`: ID of authentication source. Required. diff --git a/docs/content/doc/usage/authentication.en-us.md b/docs/content/doc/usage/authentication.en-us.md index 2b8cdd2964..d9648200ef 100644 --- a/docs/content/doc/usage/authentication.en-us.md +++ b/docs/content/doc/usage/authentication.en-us.md @@ -100,9 +100,9 @@ Adds the following fields: - User Filter **(required)** - An LDAP filter declaring how to find the user record that is attempting to - authenticate. The `%s` matching parameter will be substituted with login + authenticate. The `%[1]s` matching parameter will be substituted with login name given on sign-in form. - - Example: `(&(objectClass=posixAccount)(uid=%s))` + - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))` - Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))` - To substitute more than once, `%[1]s` should be used instead, e.g. when matching supplied login name against multiple attributes such as user @@ -137,11 +137,11 @@ Adds the following fields: - Example: `ou=Users,dc=mydomain,dc=com` - User Filter **(required)** - - An LDAP filter declaring when a user should be allowed to log in. The `%s` + - An LDAP filter declaring when a user should be allowed to log in. The `%[1]s` matching parameter will be substituted with login name given on sign-in form. - - Example: `(&(objectClass=posixAccount)(cn=%s))` - - Example: `(&(objectClass=posixAccount)(uid=%s))` + - Example: `(&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))` + - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))` ### Verify group membership in LDAP diff --git a/services/auth/source/ldap/README.md b/services/auth/source/ldap/README.md index 59fc5cabad..568bc78275 100644 --- a/services/auth/source/ldap/README.md +++ b/services/auth/source/ldap/README.md @@ -81,9 +81,9 @@ share the following fields: * User Filter **(required)** * An LDAP filter declaring how to find the user record that is attempting to - authenticate. The '%s' matching parameter will be substituted with the + authenticate. The '%[1]s' matching parameter will be substituted with the user's username. - * Example: (&(objectClass=posixAccount)(uid=%s)) + * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s))) **LDAP using simple auth** adds the following fields: @@ -98,10 +98,10 @@ share the following fields: * Example: ou=Users,dc=mydomain,dc=com * User Filter **(required)** - * An LDAP filter declaring when a user should be allowed to log in. The `%s` + * An LDAP filter declaring when a user should be allowed to log in. The `%[1]s` matching parameter will be substituted with the user's username. - * Example: (&(objectClass=posixAccount)(cn=%s)) - * Example: (&(objectClass=posixAccount)(uid=%s)) + * Example: (&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s))) + * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s))) **Verify group membership in LDAP** uses the following fields: diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index 2c8fe724e2..b81e7b5ff3 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -70,7 +70,7 @@ {{end}} <div class="required field"> <label for="filter">{{.locale.Tr "admin.auths.filter"}}</label> - <input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))" required> + <input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" required> </div> <div class="field"> <label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label> diff --git a/templates/admin/auth/source/ldap.tmpl b/templates/admin/auth/source/ldap.tmpl index 902cfcbcce..909cf77047 100644 --- a/templates/admin/auth/source/ldap.tmpl +++ b/templates/admin/auth/source/ldap.tmpl @@ -44,7 +44,7 @@ </div> <div class="required field"> <label for="filter">{{.locale.Tr "admin.auths.filter"}}</label> - <input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))"> + <input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))"> </div> <div class="field"> <label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label> |