[Feature] Disable creation of new (local) admin accounts #4846

New Issue

GiteaMirror · 2025-11-02T06:04:47-06:00

GiteaMirror commented

2025-11-02 06:04:47 -06:00

Originally created by @rkrajnc on GitHub (Feb 13, 2020).

Hi,

We're setting up a Gitea instance in my organization, and we have an issue that our IT is concerned about - there seems to be no way to disable creating new (local) admin accounts.

What we would like is a way to just create a single (local) admin account, set up LDAP (AD) authentication, and only allow admins that are filtered through LDAP, and then somehow disable creation of new local accounts that would have admin privileges, or possibly disable local accounts altogether.

Is there any way to completely disable local accounts in Gitea and only allow LDAP accounts, or disable the "Create User Account" button / functionality after creating the first local admin account?

Thank you for your help.

Gitea version (or commit ref): 1.10.2
Git version: 2.24.1
Operating system: Windows Server 2019
Database (use [x]):
- PostgreSQL
- MySQL
- [x ] MSSQL
- SQLite

Originally created by @rkrajnc on GitHub (Feb 13, 2020). Hi, We're setting up a Gitea instance in my organization, and we have an issue that our IT is concerned about - there seems to be no way to disable creating new (local) admin accounts. What we would like is a way to just create a single (local) admin account, set up LDAP (AD) authentication, and only allow admins that are filtered through LDAP, and then somehow disable creation of new local accounts that would have admin privileges, or possibly disable local accounts altogether. Is there any way to completely disable local accounts in Gitea and only allow LDAP accounts, or disable the "Create User Account" button / functionality after creating the first local admin account? Thank you for your help. - Gitea version (or commit ref): 1.10.2 - Git version: 2.24.1 - Operating system: Windows Server 2019 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [x ] MSSQL - [ ] SQLite

GiteaMirror added the type/enhancement issue/stale labels 2025-11-02 06:04:47 -06:00

GiteaMirror closed this issue

2025-11-02 06:04:47 -06:00

GiteaMirror commented

2025-11-02 06:04:48 -06:00

@davidsvantesson commented on GitHub (Feb 13, 2020):

If you are a site admin you can change most things, including disabling authentication sources (like LDAP). What do you want these users to be able to do that requires them to have admin accounts? It seems you rather want to make them owner of certain organizations.

@davidsvantesson commented on GitHub (Feb 13, 2020): If you are a site admin you can change most things, including disabling authentication sources (like LDAP). What do you want these users to be able to do that requires them to have admin accounts? It seems you rather want to make them owner of certain organizations.

GiteaMirror commented

2025-11-02 06:04:48 -06:00

@lafriks commented on GitHub (Feb 13, 2020):

Currently that is not possible to do

@lafriks commented on GitHub (Feb 13, 2020): Currently that is not possible to do

GiteaMirror commented

2025-11-02 06:04:48 -06:00

@rkrajnc commented on GitHub (Feb 14, 2020):

OK, thank you.

We are currently testing a workaround with a trigger on the SQL users table, it seems it will work OK for our needs.

@davidsvantesson : organization owners are close to what we need, but then we can't create new organizations by ourselves but need to involve the IT service. It is a possibility if nothing else will work.

@rkrajnc commented on GitHub (Feb 14, 2020): OK, thank you. We are currently testing a workaround with a trigger on the SQL users table, it seems it will work OK for our needs. @davidsvantesson : organization owners are close to what we need, but then we can't create new organizations by ourselves but need to involve the IT service. It is a possibility if nothing else will work.

GiteaMirror commented

2025-11-02 06:04:49 -06:00

@davidsvantesson commented on GitHub (Feb 14, 2020):

The settings below should be relevant for you. To get what you want maybe set DEFAULT_ALLOW_CREATE_ORGANIZATION = false and DISABLE_REGULAR_ORG_CREATION = false?


; Default value for AllowCreateOrganization
; Every new user will have rights set to create organizations depending on this setting
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
; Either "public", "limited" or "private", default is "public"
; Limited is for signed user only
; Private is only for member of the organization
; Public is for everyone
DEFAULT_ORG_VISIBILITY = public
; Default value for DefaultOrgMemberVisible
; True will make the membership of the users visible when added to the organisation
DEFAULT_ORG_MEMBER_VISIBLE = false

; Disallow regular (non-admin) users from creating organizations.
DISABLE_REGULAR_ORG_CREATION = false

@davidsvantesson commented on GitHub (Feb 14, 2020): The settings below should be relevant for you. To get what you want maybe set `DEFAULT_ALLOW_CREATE_ORGANIZATION = false` and `DISABLE_REGULAR_ORG_CREATION = false`? ``` ; Default value for AllowCreateOrganization ; Every new user will have rights set to create organizations depending on this setting DEFAULT_ALLOW_CREATE_ORGANIZATION = true ; Either "public", "limited" or "private", default is "public" ; Limited is for signed user only ; Private is only for member of the organization ; Public is for everyone DEFAULT_ORG_VISIBILITY = public ; Default value for DefaultOrgMemberVisible ; True will make the membership of the users visible when added to the organisation DEFAULT_ORG_MEMBER_VISIBLE = false ; Disallow regular (non-admin) users from creating organizations. DISABLE_REGULAR_ORG_CREATION = false ```

GiteaMirror commented

2025-11-02 06:04:49 -06:00

@davidsvantesson commented on GitHub (Feb 14, 2020):

Should note that you can't use LDAP directly to set which users are allowed to create organizations, you need to use the API for that.

@davidsvantesson commented on GitHub (Feb 14, 2020): Should note that you can't use LDAP directly to set which users are allowed to create organizations, you need to use the API for that.

GiteaMirror commented

2025-11-02 06:04:49 -06:00

@rkrajnc commented on GitHub (Feb 17, 2020):

@davidsvantesson : I don't know how I managed to overlook those settings, but yes, that is (mostly) what I was looking for. I would still like to be able to somehow manage which of the users have permission to create new organizations, but this will do for the moment.

Thanks again! I think this issue can be closed now (or should I close it?)

@rkrajnc commented on GitHub (Feb 17, 2020): @davidsvantesson : I don't know how I managed to overlook those settings, but yes, that is (mostly) what I was looking for. I would still like to be able to somehow manage which of the users have permission to create new organizations, but this will do for the moment. Thanks again! I think this issue can be closed now (or should I close it?)

GiteaMirror commented

2025-11-02 06:04:49 -06:00

@stale[bot] commented on GitHub (Apr 17, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (Apr 17, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

GiteaMirror referenced this issue

2025-11-02 13:50:04 -06:00

[PR #4846] [CLOSED] Make /users/search return a UserList #17517

GiteaMirror referenced this issue

2025-11-02 13:50:35 -06:00

[PR #4847] [MERGED] Update Swagger API to match the return of /users/search #17518

Sign in to join this conversation.