MirrorHub/forgejo
0
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-04 09:19:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update LDAP filters to include both username and email address (#24547)

Browse source 
Since the login form label for user_name unconditionally displays
`Username or Email Address` for the `user_name` field, bring matching
LDAP filters to more prominence in the documentation/placeholders.

Signed-off-by: Gary Moon <gary@garymoon.net>
This commit is contained in:
Gary Moon 2023-05-05 14:18:53 -04:00 committed by GitHub
parent 09dd4b42c7
commit b8c19e7a11
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/content/doc/administration/command-line.en-us.md
View file

@ -225,7 +225,7 @@ Admin operations:
- `--synchronize-users`: Enable user synchronization. - `--synchronize-users`: Enable user synchronization.
- `--page-size value`: Search page size. - `--page-size value`: Search page size.
- Examples: - Examples:
- `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail` - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail`
- `update-ldap`: Update existing LDAP (via Bind DN) authentication source - `update-ldap`: Update existing LDAP (via Bind DN) authentication source
- Options: - Options:
- `--id value`: ID of authentication source. Required. - `--id value`: ID of authentication source. Required.

10
docs/content/doc/usage/authentication.en-us.md
View file

@ -100,9 +100,9 @@ Adds the following fields:
- User Filter **(required)** - User Filter **(required)**
- An LDAP filter declaring how to find the user record that is attempting to - An LDAP filter declaring how to find the user record that is attempting to
authenticate. The `%s` matching parameter will be substituted with login authenticate. The `%[1]s` matching parameter will be substituted with login
name given on sign-in form. name given on sign-in form.
- Example: `(&(objectClass=posixAccount)(uid=%s))` - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
- Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))` - Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`
- To substitute more than once, `%[1]s` should be used instead, e.g. when - To substitute more than once, `%[1]s` should be used instead, e.g. when
matching supplied login name against multiple attributes such as user matching supplied login name against multiple attributes such as user
@ -137,11 +137,11 @@ Adds the following fields:
- Example: `ou=Users,dc=mydomain,dc=com` - Example: `ou=Users,dc=mydomain,dc=com`
- User Filter **(required)** - User Filter **(required)**
- An LDAP filter declaring when a user should be allowed to log in. The `%s` - An LDAP filter declaring when a user should be allowed to log in. The `%[1]s`
matching parameter will be substituted with login name given on sign-in matching parameter will be substituted with login name given on sign-in
form. form.
- Example: `(&(objectClass=posixAccount)(cn=%s))` - Example: `(&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))`
- Example: `(&(objectClass=posixAccount)(uid=%s))` - Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
### Verify group membership in LDAP ### Verify group membership in LDAP

10
services/auth/source/ldap/README.md
View file

@ -81,9 +81,9 @@ share the following fields:
* User Filter **(required)** * User Filter **(required)**
* An LDAP filter declaring how to find the user record that is attempting to * An LDAP filter declaring how to find the user record that is attempting to
authenticate. The '%s' matching parameter will be substituted with the authenticate. The '%[1]s' matching parameter will be substituted with the
user's username. user's username.
* Example: (&(objectClass=posixAccount)(uid=%s)) * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
**LDAP using simple auth** adds the following fields: **LDAP using simple auth** adds the following fields:
@ -98,10 +98,10 @@ share the following fields:
* Example: ou=Users,dc=mydomain,dc=com * Example: ou=Users,dc=mydomain,dc=com
* User Filter **(required)** * User Filter **(required)**
* An LDAP filter declaring when a user should be allowed to log in. The `%s` * An LDAP filter declaring when a user should be allowed to log in. The `%[1]s`
matching parameter will be substituted with the user's username. matching parameter will be substituted with the user's username.
* Example: (&(objectClass=posixAccount)(cn=%s)) * Example: (&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))
* Example: (&(objectClass=posixAccount)(uid=%s)) * Example: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
**Verify group membership in LDAP** uses the following fields: **Verify group membership in LDAP** uses the following fields:

2
templates/admin/auth/edit.tmpl
View file

@ -70,7 +70,7 @@
{{end}} {{end}}
<div class="required field"> <div class="required field">
<label for="filter">{{.locale.Tr "admin.auths.filter"}}</label> <label for="filter">{{.locale.Tr "admin.auths.filter"}}</label>
<input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))" required> <input id="filter" name="filter" value="{{$cfg.Filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" required>
</div> </div>
<div class="field"> <div class="field">
<label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label> <label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label>

2
templates/admin/auth/source/ldap.tmpl
View file

@ -44,7 +44,7 @@
</div> </div>
<div class="required field"> <div class="required field">
<label for="filter">{{.locale.Tr "admin.auths.filter"}}</label> <label for="filter">{{.locale.Tr "admin.auths.filter"}}</label>
<input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(uid=%s))"> <input id="filter" name="filter" value="{{.filter}}" placeholder="e.g. (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))">
</div> </div>
<div class="field"> <div class="field">
<label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label> <label for="admin_filter">{{.locale.Tr "admin.auths.admin_filter"}}</label>