github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-16 21:23:02 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Support for LDAP and AD Group sync #580

New Issue
Closed
opened 2025-11-02 03:28:45 -06:00 by GiteaMirror · 25 comments
GiteaMirror commented 2025-11-02 03:28:45 -06:00
Owner
Copy Link

Originally created by @mbuchner on GitHub (Mar 27, 2017).

Description

Add support for LDAP and Active Directory Groups:

see: https://github.com/gogits/gogs/issues/662#issuecomment-227384886

Other good example is the Jenkins LDAP plugin:
https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin

Originally created by @mbuchner on GitHub (Mar 27, 2017). ## Description Add support for LDAP and Active Directory Groups: see: https://github.com/gogits/gogs/issues/662#issuecomment-227384886 Other good example is the Jenkins LDAP plugin: https://wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin
GiteaMirror added the type/featureissue/confirmed labels 2025-11-02 03:28:45 -06:00
GiteaMirror commented 2025-11-02 03:28:46 -06:00
Author
Owner
Copy Link

@tboerger commented on GitHub (Mar 28, 2017):

I'm missing exactly this feature now. Difficult to add users to orgs or groups if they have not been signed in at any time

@tboerger commented on GitHub (Mar 28, 2017): I'm missing exactly this feature now. Difficult to add users to orgs or groups if they have not been signed in at any time
GiteaMirror commented 2025-11-02 03:28:46 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Feb 16, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Feb 16, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
GiteaMirror commented 2025-11-02 03:28:46 -06:00
Author
Owner
Copy Link

@divansantana commented on GitHub (Feb 11, 2020):

https://github.com/tws-inc/gitea-group-sync exists.

Would be nice if it was merged upstream.

@divansantana commented on GitHub (Feb 11, 2020): https://github.com/tws-inc/gitea-group-sync exists. Would be nice if it was merged upstream.
GiteaMirror commented 2025-11-02 03:28:47 -06:00
Author
Owner
Copy Link

@pbodnar commented on GitHub (Feb 29, 2020):

@divansantana, yes, the gitea-group-sync looks like a promising and logical approach until something better gets implemented. I. e. a cron job needs to be setup that does the following:

  1. Iterate over existing Organizations and Teams.
  2. For every Team, lookup matching Users via a LDAP query.
  3. Add / remove corresponding Users in the Team.

For steps 1 and 3, Gitea API (RESTful services) can be used. Not sure if direct access Gitea database would be safe as well. Anyway, for bigger structures the queries to LDAP could be possibly optimized...

Any more ideas?

@pbodnar commented on GitHub (Feb 29, 2020): @divansantana, yes, the *gitea-group-sync* looks like a promising and logical approach until something better gets implemented. I. e. a cron job needs to be setup that does the following: 1. Iterate over existing Organizations and Teams. 2. For every Team, lookup matching Users via a LDAP query. 3. Add / remove corresponding Users in the Team. For steps 1 and 3, Gitea API (RESTful services) can be used. Not sure if direct access Gitea database would be safe as well. Anyway, for bigger structures the queries to LDAP could be possibly optimized... Any more ideas?
GiteaMirror commented 2025-11-02 03:28:47 -06:00
Author
Owner
Copy Link

@Elias481 commented on GitHub (Apr 8, 2020):

We are also wanting this feature.
Optimally there would be a field on a team to link it to an explicit ldap group or userfilter.

Otherwise the gitea-group-sync is a quite usefull approach and would be sufficent for at least something. It should include a separate placeholder for organisation and team-name then at least.
And possibly consolidate the list of resulting queries first because I think it wil be quite common to have some same teams in different organisations.

@Elias481 commented on GitHub (Apr 8, 2020): We are also wanting this feature. Optimally there would be a field on a team to link it to an explicit ldap group or userfilter. Otherwise the gitea-group-sync is a quite usefull approach and would be sufficent for at least something. It should include a separate placeholder for organisation and team-name then at least. And possibly consolidate the list of resulting queries first because I think it wil be quite common to have some same teams in different organisations.
GiteaMirror commented 2025-11-02 03:28:47 -06:00
Author
Owner
Copy Link

@pgollor commented on GitHub (May 1, 2020):

We are also wanting this feature.

@pgollor commented on GitHub (May 1, 2020): We are also wanting this feature.
GiteaMirror commented 2025-11-02 03:28:47 -06:00
Author
Owner
Copy Link

@eummitu commented on GitHub (Jun 12, 2020):

We also want this feature

@eummitu commented on GitHub (Jun 12, 2020): We also want this feature
GiteaMirror commented 2025-11-02 03:28:47 -06:00
Author
Owner
Copy Link

@n-st commented on GitHub (Jun 16, 2020):

To express interest, please use the "+1" reaction feature on the first post (as several users have done already). Comments should be preferred for on-topic suggestions and discussions, to avoid unnecessary clutter and notifications for everyone subscribed to this issue.

@n-st commented on GitHub (Jun 16, 2020): To express interest, please use the "+1" reaction feature on the first post (as several users have done already). Comments should be preferred for on-topic suggestions and discussions, to avoid unnecessary clutter and notifications for everyone subscribed to this issue.
GiteaMirror commented 2025-11-02 03:28:48 -06:00
Author
Owner
Copy Link

@husnusenturk commented on GitHub (Jun 22, 2020):

This feaute will be very usefull.

@husnusenturk commented on GitHub (Jun 22, 2020): This feaute will be very usefull.
GiteaMirror commented 2025-11-02 03:28:48 -06:00
Author
Owner
Copy Link

@EmrahKK commented on GitHub (Aug 18, 2020):

+1

@EmrahKK commented on GitHub (Aug 18, 2020): +1
GiteaMirror commented 2025-11-02 03:28:48 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Nov 8, 2020):

There is: https://github.com/tws-inc/gitea-group-sync

@zeripath commented on GitHub (Nov 8, 2020): There is: https://github.com/tws-inc/gitea-group-sync
GiteaMirror commented 2025-11-02 03:28:48 -06:00
Author
Owner
Copy Link

@pgollor commented on GitHub (Nov 8, 2020):

I know this project but it didd't work very well for my gitea server and a native integration in gitea itself would be better.

@pgollor commented on GitHub (Nov 8, 2020): I know this project but it didd't work very well for my gitea server and a native integration in gitea itself would be better.
GiteaMirror commented 2025-11-02 03:28:49 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Nov 8, 2020):

OK - suggest a workable UI and how it could work then it could potentially be implemented.

@zeripath commented on GitHub (Nov 8, 2020): OK - suggest a workable UI and how it could work then it could potentially be implemented.
GiteaMirror commented 2025-11-02 03:28:49 -06:00
Author
Owner
Copy Link

@localleon commented on GitHub (Dec 16, 2020):

It's semms like Gitea Group-Sync is currently the only project that provides this kind of functionality for the Gitea Project.

We are currently looking for maintainers, because tws-inc can't provide ressources for the project. We are discussing in tws-inc/gitea-group-sync#9

Is this still a feature that the community would like to see in the official Gitea Project?

@localleon commented on GitHub (Dec 16, 2020): It's semms like [Gitea Group-Sync](https://github.com/tws-inc/gitea-group-sync) is currently the only project that provides this kind of functionality for the Gitea Project. We are currently looking for maintainers, because tws-inc can't provide ressources for the project. We are discussing in [tws-inc/gitea-group-sync#9](https://github.com/tws-inc/gitea-group-sync/issues/9) Is this still a feature that the community would like to see in the official Gitea Project?
GiteaMirror commented 2025-11-02 03:28:49 -06:00
Author
Owner
Copy Link

@lachnerd commented on GitHub (Jan 14, 2021):

With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ?

@lachnerd commented on GitHub (Jan 14, 2021): With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ?
GiteaMirror commented 2025-11-02 03:28:49 -06:00
Author
Owner
Copy Link

@pgollor commented on GitHub (Jan 18, 2021):

With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ?

I think this is only for the login and not to check the rights for a organisation, or not?

@pgollor commented on GitHub (Jan 18, 2021): > > > With 1.13.0 there was a "check for LDAP group membership (#10869)" added - how does this relate to this feature request ? I think this is only for the login and not to check the rights for a organisation, or not?
GiteaMirror commented 2025-11-02 03:28:49 -06:00
Author
Owner
Copy Link

@svenseeberg commented on GitHub (Jan 19, 2021):

How should this work in general? Some programs have a mapping field, where for example internal attributes are mapped to LDAP attributes. Mapping LDAP groups to Gitea organizations could work the same way. We would then require an input field in the LDAP settings, which for example contains a JSON with the following information: {"My_Gitea_Org": {"team": "my_Org_team", "ldap-group": "cn=MyGroup,cn=groups,dc=example,dc=org"}}. This does not sound overly complicated to implement. Alternatively, organizations would need a field in their settings where one could enter LDAP group names?

@svenseeberg commented on GitHub (Jan 19, 2021): How should this work in general? Some programs have a mapping field, where for example internal attributes are mapped to LDAP attributes. Mapping LDAP groups to Gitea organizations could work the same way. We would then require an input field in the LDAP settings, which for example contains a JSON with the following information: `{"My_Gitea_Org": {"team": "my_Org_team", "ldap-group": "cn=MyGroup,cn=groups,dc=example,dc=org"}}`. This does not sound overly complicated to implement. Alternatively, organizations would need a field in their settings where one could enter LDAP group names?
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@Morriz commented on GitHub (Apr 19, 2021):

Why is this still open after 4 years ;(

@Morriz commented on GitHub (Apr 19, 2021): Why is this still open after 4 years ;(
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Apr 19, 2021):

PRs are welcome!

@lunny commented on GitHub (Apr 19, 2021): PRs are welcome!
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@Elias481 commented on GitHub (Apr 26, 2021):

@lunn

PRs are welcome!

but would that have meant, after another 3 years it's still not merged because of whatever?

@Elias481 commented on GitHub (Apr 26, 2021): @lunn > PRs are welcome! but would that have meant, after another 3 years it's still not merged because of whatever?
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@jolheiser commented on GitHub (Apr 26, 2021):

but would that have meant, after another 3 years it's still not merged because of whatever?

This is an incredibly unhelpful comment.

None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in.

I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up.

@jolheiser commented on GitHub (Apr 26, 2021): > but would that have meant, after another 3 years it's still not merged because of whatever? This is an incredibly unhelpful comment. None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in. I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up.
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@Elias481 commented on GitHub (Apr 30, 2021):

but would that have meant, after another 3 years it's still not merged because of whatever?

This is an incredibly unhelpful comment.

None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in.

I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up.

You are completely right. I did not really meant this project, on the other hand you also see it here, that kind of slowing things in regards to very helpful ERs.
But definitely, much to many enterprises just leech open source and but it, but not invest even some time the last year's. Horrible wronglyness. On the other hand we have perfect IT above, so for me personally same same is.

@Elias481 commented on GitHub (Apr 30, 2021): > > but would that have meant, after another 3 years it's still not merged because of whatever? > > This is an incredibly unhelpful comment. > > None of us are paid to work on this project, and we try to accommodate PRs as much as we can when they come in. > > I suggest putting a bounty on the issue if you would like to incentivize someone to pick it up. You are completely right. I did not really meant this project, on the other hand you also see it here, that kind of slowing things in regards to very helpful ERs. But definitely, much to many enterprises just leech open source and but it, but not invest even some time the last year's. Horrible wronglyness. On the other hand we have perfect IT above, so for me personally same same is.
GiteaMirror commented 2025-11-02 03:28:50 -06:00
Author
Owner
Copy Link

@svenseeberg commented on GitHub (May 30, 2021):

I started working on this. Feel free to provide feedback or contribute. https://github.com/netzbegruenung/gitea/pull/1. No guarantees if and when this will ever be finished.

@svenseeberg commented on GitHub (May 30, 2021): I started working on this. Feel free to provide feedback or contribute. https://github.com/netzbegruenung/gitea/pull/1. No guarantees if and when this will ever be finished.
GiteaMirror commented 2025-11-02 03:28:51 -06:00
Author
Owner
Copy Link

@svenseeberg commented on GitHub (Jun 16, 2021):

I think I got the main parts figured out. The rest should be just filling out the missing pieces, which will still take some time to accomplish. As I'm totally new to Go and the Gitea code base, I'm accepting advice unconditionally. Feel free to comment in the WiP PR.

@svenseeberg commented on GitHub (Jun 16, 2021): I think I got the main parts figured out. The rest should be just filling out the missing pieces, which will still take some time to accomplish. As I'm totally new to Go and the Gitea code base, I'm accepting advice unconditionally. Feel free to comment in the WiP PR.
GiteaMirror commented 2025-11-02 03:28:51 -06:00
Author
Owner
Copy Link

@janosmiko commented on GitHub (Mar 17, 2022):

If anyone's interested, I forked the gitea-group-sync and added additional functionality:

https://github.com/janosmiko/gitea-ldap-sync

Now it's able to do the following:

  • sync all groups (as organizations) and subgroups (as teams) from LDAP to Gitea
  • check if the Gitea organizations and teams exist in LDAP and delete them if not
  • add Gitea users to groups, based on LDAP group membership
@janosmiko commented on GitHub (Mar 17, 2022): If anyone's interested, I forked the gitea-group-sync and added additional functionality: https://github.com/janosmiko/gitea-ldap-sync Now it's able to do the following: - sync all groups (as organizations) and subgroups (as teams) from LDAP to Gitea - check if the Gitea organizations and teams exist in LDAP and delete them if not - add Gitea users to groups, based on LDAP group membership
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed type/feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#580
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?