github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-10 22:06:34 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Organization/Team membership for new users #3462

New Issue
Closed
opened 2025-11-02 05:13:32 -06:00 by GiteaMirror · 10 comments
GiteaMirror commented 2025-11-02 05:13:32 -06:00
Owner
Copy Link

Originally created by @stertingen on GitHub (Jun 13, 2019).

  • Gitea version (or commit ref): 1.8.2
  • Git version: 2.20.1
  • Operating system: Docker on Debian
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I'm using Gitea for a pretty small organization (20-30 members, but continuously changing) with LDAP (simple auth) login. When a new user logs in for the first time, I want them to have full access to all repositories owned by a organization ('MyOrga').

Is there a way to add any user to a team (for example 'Developers' in organization 'MyOrga') on first login?

(Alternative, more general approach: Map LDAP groups to teams in organizations. This would be nice to grant extra permissions based on the LDAP group; a default team membership would be realized using a filter returning true. Already proposed: https://github.com/go-gitea/gitea/issues/2121, https://github.com/go-gitea/gitea/issues/2212)

Originally created by @stertingen on GitHub (Jun 13, 2019). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.8.2 - Git version: 2.20.1 - Operating system: Docker on Debian - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description I'm using Gitea for a pretty small organization (20-30 members, but continuously changing) with LDAP (simple auth) login. When a new user logs in for the first time, I want them to have full access to all repositories owned by a organization ('MyOrga'). Is there a way to add any user to a team (for example 'Developers' in organization 'MyOrga') on first login? (Alternative, more general approach: Map LDAP groups to teams in organizations. This would be nice to grant extra permissions based on the LDAP group; a default team membership would be realized using a filter returning true. Already proposed: https://github.com/go-gitea/gitea/issues/2121, https://github.com/go-gitea/gitea/issues/2212)
GiteaMirror added the issue/duplicate label 2025-11-02 05:13:32 -06:00
GiteaMirror commented 2025-11-02 05:13:32 -06:00
Author
Owner
Copy Link

@TwoTwenty commented on GitHub (Jun 24, 2019):

I also need this/these feature/features.

@TwoTwenty commented on GitHub (Jun 24, 2019): I also need this/these feature/features.
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Jul 8, 2019):

Yes, a perfect scenario would be for this to be a dynamic feature: gitea could get group membership externaly and there would be a group <---> team relationship on each organization, and users will be added/removed automatically when there are any changes. For unix/linux environments a general solution could be the command "id -Gn user" (there is a -z flag to force the separator to be \0 to support group names with spaces on them); this would be nice because it's just a system configuration and doesn't depend on the technology. For windows, there are other methods (like get-aduser in powershell).

The problem is to generalize this feature to something already supported by gitea (pam, ldap, etc.) and make it consistent. Ideally this could be some kind of plugin or extension linked to the organization.

@guillep2k commented on GitHub (Jul 8, 2019): Yes, a perfect scenario would be for this to be a dynamic feature: gitea could get group membership externaly and there would be a group <---> team relationship on each organization, and users will be added/removed automatically when there are any changes. For unix/linux environments a general solution could be the command "id -Gn user" (there is a -z flag to force the separator to be \0 to support group names with spaces on them); this would be nice because it's just a system configuration and doesn't depend on the technology. For windows, there are other methods (like get-aduser in powershell). The problem is to generalize this feature to something already supported by gitea (pam, ldap, etc.) and make it consistent. Ideally this could be some kind of plugin or extension linked to the organization.
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Jul 17, 2019):

Yes, a perfect scenario would be for this to be a dynamic feature: gitea could get group membership externaly and there would be a group <---> team relationship on each organization, and users will be added/removed automatically when there are any changes. For unix/linux environments a general solution could be the command "id -Gn user" (there is a -z flag to force the separator to be \0 to support group names with spaces on them); this would be nice because it's just a system configuration and doesn't depend on the technology. For windows, there are other methods (like get-aduser in powershell).

The problem is to generalize this feature to something already supported by gitea (pam, ldap, etc.) and make it consistent. Ideally this could be some kind of plugin or extension linked to the organization.

Well, digging deeper in the documentation I now realize that we can use the API for such level of customization. Kudos to the Gitea team.

@guillep2k commented on GitHub (Jul 17, 2019): > > > Yes, a perfect scenario would be for this to be a dynamic feature: gitea could get group membership externaly and there would be a group <---> team relationship on each organization, and users will be added/removed automatically when there are any changes. For unix/linux environments a general solution could be the command "id -Gn user" (there is a -z flag to force the separator to be \0 to support group names with spaces on them); this would be nice because it's just a system configuration and doesn't depend on the technology. For windows, there are other methods (like get-aduser in powershell). > > The problem is to generalize this feature to something already supported by gitea (pam, ldap, etc.) and make it consistent. Ideally this could be some kind of plugin or extension linked to the organization. Well, digging deeper in the documentation I now realize that we can use the API for such level of customization. Kudos to the Gitea team.
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@maxguru commented on GitHub (Aug 4, 2019):

I would find this useful too.

@maxguru commented on GitHub (Aug 4, 2019): I would find this useful too.
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@jfint commented on GitHub (Sep 20, 2019):

I would really like for this to stay alive.

@jfint commented on GitHub (Sep 20, 2019): I would really like for this to stay alive.
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@dorbeus commented on GitHub (Sep 25, 2019):

In gitlab this function works like this.
https://youtu.be/HPMjM-14qa8

@dorbeus commented on GitHub (Sep 25, 2019): In gitlab this function works like this. https://youtu.be/HPMjM-14qa8
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@IntelligentesTierMaulApollo13 commented on GitHub (Oct 25, 2019):

Could this enhancement in gogs help here?
gogs/gogs#662

@IntelligentesTierMaulApollo13 commented on GitHub (Oct 25, 2019): Could this enhancement in gogs help here? gogs/gogs#662
GiteaMirror commented 2025-11-02 05:13:33 -06:00
Author
Owner
Copy Link

@alexattws commented on GitHub (Nov 30, 2019):

We've implemented mapping LDAP groups to teams in (all) organizations (by group/team name) and published it here, if anyone is interested,
https://github.com/tws-inc/gitea-group-sync

@alexattws commented on GitHub (Nov 30, 2019): We've implemented mapping LDAP groups to teams in (all) organizations (by group/team name) and published it here, if anyone is interested, https://github.com/tws-inc/gitea-group-sync
GiteaMirror commented 2025-11-02 05:13:34 -06:00
Author
Owner
Copy Link

@KaiMartin commented on GitHub (Dec 2, 2019):

We've implemented mapping LDAP groups to teams in (all) organizations (by group/team name) and published it here, if anyone is interested,
https://github.com/tws-inc/gitea-group-sync

We run gitea for about 200 people in a research institute. The ability to map LDAP groups to teams and organizations would reduce day-to-day administration significantly. I will try to adapt your approach to our needs. Will report on the progress - but don't hold your breadth...

@KaiMartin commented on GitHub (Dec 2, 2019): > We've implemented mapping LDAP groups to teams in (all) organizations (by group/team name) and published it here, if anyone is interested, > https://github.com/tws-inc/gitea-group-sync We run gitea for about 200 people in a research institute. The ability to map LDAP groups to teams and organizations would reduce day-to-day administration significantly. I will try to adapt your approach to our needs. Will report on the progress - but don't hold your breadth...
GiteaMirror commented 2025-11-02 05:13:34 -06:00
Author
Owner
Copy Link

@pbodnar commented on GitHub (Feb 29, 2020):

  1. Sure, the gitea-group-sync looks promising and easily adaptable approach for any company.
  2. This issue describes de-facto the same requirement as #2121 or even earlier #1395. Close it as a duplicate then?
@pbodnar commented on GitHub (Feb 29, 2020): 1. Sure, the _gitea-group-sync_ looks promising and easily adaptable approach for any company. 2. This issue describes de-facto the same requirement as #2121 or even earlier #1395. Close it as a duplicate then?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/duplicate
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3462
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?