summaryrefslogtreecommitdiffstats
path: root/modules/auth/ldap
Commit message (Collapse)AuthorAgeFilesLines
* Add restricted user filter to LDAP authentication (#10600)Lauris BH2020-03-051-14/+50
| | | | | | * Add restricted user filter to LDAP authentification * Fix unit test cases
* Add option to prevent LDAP from deactivating everything on empty search (#9879)zeripath2020-01-201-0/+1
| | | | | | | | | | | * Add option to prevent LDAP from deactivating everything on empty search * Update options/locale/locale_en-US.ini Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Abort syncrhonization from LDAP source if there is some error. (#7960)David Svantesson2019-08-241-5/+5
| | | Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Set user search base field optional in DLDAP edit page (#6779)ngourdon2019-04-281-0/+4
|
* Better logging (#6038) (#6095)zeripath2019-04-021-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Move to ldap.v3 to fix #5928 (#6105)zeripath2019-02-181-2/+2
| | | Signed-off-by: Andrew Thornton <art27@cantab.net>
* Request for public keys only if LDAP attribute is set (#5816)Lauris BH2019-01-241-11/+29
| | | | | | * Update go-ldap dependency * Request for public keys only if attribute is set
* ldap: Adjust log settings when a user is not found. (#5771)Harshit Bansal2019-01-191-3/+3
| | | Fixes: #3849.
* Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh ↵zeripath2018-12-271-7/+9
| | | | | | | | key deletion (#5557) * Synchronize SSH keys on login with LDAP * BUG: Fix hang on sqlite during LDAP key deletion
* LDAP via simple auth separate bind user and search base (#5055)Tony Homrich2018-12-271-11/+29
|
* LDAP Public SSH Keys synchronization (#1844)Magnus Lindvall2018-05-241-30/+33
| | | | | | | | | | | | | | | | | | | * Add LDAP Key Synchronization feature Signed-off-by: Magnus Lindvall <magnus@dnmgns.com> * Add migration: add login source id column for public_key table * Only update keys if needed * Add function to only list pubkey synchronized from ldap * Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it. * Only get keys belonging to current login source id * Set default login source id to 0 * Some minor cleanup. Add integration tests (updete dep testify)
* Add option to use paged LDAP search when synchronizing users (#3895)Lauris BH2018-05-051-1/+12
|
* Gogs -> Gitea (#2909)Sandro Santilli2017-11-141-1/+1
| | | rename label
* Correct ldap username validation. (#2880)Jochen Rill2017-11-131-1/+1
| | | | PR #342 was only partially applied. Spaces should not be at the start and end of a username but they can be inside.
* LDAP user synchronization (#1478)Lauris BH2017-05-101-28/+97
|
* Correction LDAP validation (#342)Denis Denisov2016-12-121-0/+5
| | | | | | | | | | | | * Correction LDAP username validation As https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx describe spaces should not be in start or at the end of username but they can be inside the username. So please check my solution for it. * Check for zero length passwords in LDAP module. According to https://tools.ietf.org/search/rfc4513#section-5.1.2 LDAP client should always check before bind whether a password is an empty value. There are at least one LDAP implementation which does not return error if you try to bind with DN set and empty password - AD. * Clearing the login/email spaces at the [start/end]
* golint fixed for modules/authLunny Xiao2016-11-271-2/+3
|
* Update import paths from github.com/go-gitea to code.gitea.io (#135)Sandro Santilli2016-11-101-1/+1
| | | | | | | - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
* Fix type in unused constant name (#111)Sandro Santilli2016-11-071-4/+4
| | | | | | | | | | | | | | | | | | * Write LDAP, SMTP, PAM, DLDAP back to all uppercase * Fix type in unused constant name * Other MixCased fixes * Complete MixerCasing of template constants * Re uppercase LTS and LDAPS suffixes * Uppercase JSON suffix in constant names * Proper case LoginNoType * Prefix unexported template path constants with "tpl"
* Security protocolsSandro Santilli2016-11-071-5/+5
|
* Change import reference to match gitea instead of gogs (#37)Rémy Boulanouar2016-11-031-1/+1
|
* #2709 validate username attribute fetched from LDAPUnknwon2016-07-121-7/+7
|
* Use SecurityProtocol to replace UseSSL in LDAP configUnknwon2016-07-081-25/+48
| | | | Initially proposed by #2376 and fixes #3068 as well.
* Add ServerName to tls.Config in LDAP auth (#3104)Paul Tötterman2016-06-011-0/+1
| | | | | | | | | | From https://godoc.org/crypto/tls#Config ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. This is needed for certificate validation without InsecureSkipVerify.
* LDAP: Make a bit more detailed log tracesAdam Strzelecki2016-02-201-1/+3
| | | | | This is useful especially to check whether we fetch right attributes, using right LDAP search base and in right order.
* LDAP: Fetch attributes in Bind DN context optionAdam Strzelecki2016-02-201-6/+26
| | | | | | | | | This is feature is workaround for #2628 (JumpCloud) and some other services that allow LDAP search only under BindDN user account, but not allow any LDAP search query in logged user DN context. Such approach is an alternative to minimal permissions security pattern for BindDN user.
* LDAP: Use single connection in BindDN mode authAdam Strzelecki2016-02-201-19/+11
| | | | | | | | | | According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send multiple Bind requests to change the authentication and/or security associations or to complete a multi-stage Bind process. Authentication from earlier binds is subsequently ignored." Therefore we should not use 2 connections, but single one just sending two bind requests.
* Fix #2221 LDAP username attribute must be fetchedAdam Strzelecki2016-02-071-1/+1
| | | | | This is fix-up for 573305f. Forgot to fetch AttributeUsername value from the LDAP server, so the setting was effectively not working as intended.
* Fix misspelled wordsAlex Myasoedov2015-12-061-1/+1
|
* LDAP: Optional user name attribute specificationAdam Strzelecki2015-12-021-24/+26
| | | | | | | | | | | | | | | Consider following LDAP search query example: (&(objectClass=Person)(|(uid=%s)(mail=%s))) Right now on first login attempt Gogs will use the text supplied on login form as the newly created user name. In example query above the text matches against both e-mail or user name. So if user puts the e-mail then the new Gogs user name will be e-mail which may be undesired. Using optional user name attribute setting we can explicitly say we want Gogs user name to be certain LDAP attribute eg. `uid`, so even user will use e-mail to login 1st time, the new account will receive correct user name.
* Use better LDAP lib and should fix #1139Unknwon2015-11-261-1/+2
|
* #1896 fatal when no needed update taskUnknwon2015-11-041-1/+1
|
* Sanitizing input to LDAP authentication module.Sergio Benitez2015-10-261-3/+39
|
* revert simple LDAP userDN and update exampleUnknwon2015-09-161-2/+2
|
* #1637 able to skip verify for LDAPUnknwon2015-09-141-6/+10
|
* fix simple LDAP userDNUnknwon2015-09-141-3/+2
|
* Minor fixes to the LDAP module readmeSergio Benitez2015-09-051-7/+8
|
* Updated the LDAP auth module README.Sergio Benitez2015-09-041-31/+67
|
* Added LDAP simple auth support.Sergio Benitez2015-09-041-5/+20
|
* #1554 check adminFilter length before LDAP searchUnknwon2015-09-011-12/+14
|
* Set IsAdmin using LDAPGirish Ramakrishnan2015-08-181-7/+24
| | | | | | | | | The IsAdmin flag is set based on whether the admin filter returned any result. The admin filter is applied with the user dn as the search root. In the future, we should update IsAdmin as well on each login. Alternately, we can have a periodic sync operation.
* work on #986 and fix a LDAP crashUnknwon2015-08-181-4/+4
|
* Small style fixes to the LDAP module READMESergio Benitez2015-08-161-3/+3
|
* Merge branch 'develop' of https://github.com/SergioBenitez/gogs into developUnknwon2015-08-163-114/+135
|\ | | | | | | | | # Conflicts: # modules/bindata/bindata.go
| * Updated the LDAP module readme.Sergio Benitez2015-08-121-29/+29
| |
| * Significantly enhanced LDAP support in Gogs.Sergio Benitez2015-08-123-101/+125
|/
* Get username, name, surname and e-mail from LDAP serverLauris BH2015-02-081-21/+27
|
* Fix spelling errors in comments.Joseph Crail2014-12-061-2/+2
|
* Remove ldap depUnknwon2014-09-071-6/+6
|
* Removed trailing white spacesTristan Storch2014-08-301-1/+1
| | | | | | | | | | Removed trailing whitespaces with ```sh for file in `grep -r " $" * | cut -d : -f 1 | sort | uniq | grep -v " "`; do sed -i 's/[ \t]*$//' $file; done ``` and some handwork.