LDAP client side certificate #3052

Closed
opened 2025-11-02 04:58:59 -06:00 by GiteaMirror · 3 comments
Owner

Originally created by @mq2035 on GitHub (Mar 15, 2019).

question / feature request

My LDAP server (openldap) requires client side certificate (olcTLSVerifyClient=demand). Is there a way to configure LDAP authentication source with a dedicated certificate (and private key) and certificate truststore (for intermediate certificates)?

Since I can't set it up, as a result I have to use unencrypted connection to my LDAP server.
This feature (when implemented) would open road to SASL External authentication (bind to common name of the client certificate)

  • Gitea version (or commit ref):1.7
  • Operating system: docker
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
Originally created by @mq2035 on GitHub (Mar 15, 2019). question / feature request My LDAP server (openldap) requires client side certificate (olcTLSVerifyClient=demand). Is there a way to configure LDAP authentication source with a dedicated certificate (and private key) and certificate truststore (for intermediate certificates)? Since I can't set it up, as a result I have to use unencrypted connection to my LDAP server. This feature (when implemented) would open road to SASL External authentication (bind to common name of the client certificate) - Gitea version (or commit ref):1.7 - Operating system: docker - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite
GiteaMirror added the type/proposalissue/stale labels 2025-11-02 04:58:59 -06:00
Author
Owner

@stale[bot] commented on GitHub (May 14, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (May 14, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
Author
Owner

@stale[bot] commented on GitHub (Jun 1, 2019):

This issue has been automatically closed because of inactivity. You can re-open it if needed.

@stale[bot] commented on GitHub (Jun 1, 2019): This issue has been automatically closed because of inactivity. You can re-open it if needed.
Author
Owner

@vishal-swarankar-sdl commented on GitHub (Nov 5, 2020):

gitea gui/cli does not seem to have an option to pass on certs to it while adding an authentication source.

is there a plan to support those use cases where ldap strictly demands clients to present the certificates?

@vishal-swarankar-sdl commented on GitHub (Nov 5, 2020): gitea gui/cli does not seem to have an option to pass on certs to it while adding an authentication source. is there a plan to support those use cases where ldap strictly demands clients to present the certificates?
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3052