mirror of
				https://github.com/go-gitea/gitea
				synced 2025-09-28 03:28:13 +00:00 
			
		
		
		
	Add cli flags LDAP group configuration (#33933)
Add 7 new flags to ldap subcommands corresponding to UI options Closes CLI part of https://github.com/go-gitea/gitea/issues/20716
This commit is contained in:
		| @@ -127,6 +127,34 @@ var ( | ||||
| 		&cli.UintFlag{ | ||||
| 			Name:  "page-size", | ||||
| 			Usage: "Search page size.", | ||||
| 		}, | ||||
| 		&cli.BoolFlag{ | ||||
| 			Name:  "enable-groups", | ||||
| 			Usage: "Enable LDAP groups", | ||||
| 		}, | ||||
| 		&cli.StringFlag{ | ||||
| 			Name:  "group-search-base-dn", | ||||
| 			Usage: "The LDAP base DN at which group accounts will be searched for", | ||||
| 		}, | ||||
| 		&cli.StringFlag{ | ||||
| 			Name:  "group-member-attribute", | ||||
| 			Usage: "Group attribute containing list of users", | ||||
| 		}, | ||||
| 		&cli.StringFlag{ | ||||
| 			Name:  "group-user-attribute", | ||||
| 			Usage: "User attribute listed in group", | ||||
| 		}, | ||||
| 		&cli.StringFlag{ | ||||
| 			Name:  "group-filter", | ||||
| 			Usage: "Verify group membership in LDAP", | ||||
| 		}, | ||||
| 		&cli.StringFlag{ | ||||
| 			Name:  "group-team-map", | ||||
| 			Usage: "Map LDAP groups to Organization teams", | ||||
| 		}, | ||||
| 		&cli.BoolFlag{ | ||||
| 			Name:  "group-team-map-removal", | ||||
| 			Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group", | ||||
| 		}) | ||||
|  | ||||
| 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags, | ||||
| @@ -273,6 +301,27 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error { | ||||
| 	if c.IsSet("skip-local-2fa") { | ||||
| 		config.SkipLocalTwoFA = c.Bool("skip-local-2fa") | ||||
| 	} | ||||
| 	if c.IsSet("enable-groups") { | ||||
| 		config.GroupsEnabled = c.Bool("enable-groups") | ||||
| 	} | ||||
| 	if c.IsSet("group-search-base-dn") { | ||||
| 		config.GroupDN = c.String("group-search-base-dn") | ||||
| 	} | ||||
| 	if c.IsSet("group-member-attribute") { | ||||
| 		config.GroupMemberUID = c.String("group-member-attribute") | ||||
| 	} | ||||
| 	if c.IsSet("group-user-attribute") { | ||||
| 		config.UserUID = c.String("group-user-attribute") | ||||
| 	} | ||||
| 	if c.IsSet("group-filter") { | ||||
| 		config.GroupFilter = c.String("group-filter") | ||||
| 	} | ||||
| 	if c.IsSet("group-team-map") { | ||||
| 		config.GroupTeamMap = c.String("group-team-map") | ||||
| 	} | ||||
| 	if c.IsSet("group-team-map-removal") { | ||||
| 		config.GroupTeamMapRemoval = c.Bool("group-team-map-removal") | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -51,6 +51,13 @@ func TestAddLdapBindDn(t *testing.T) { | ||||
| 				"--attributes-in-bind", | ||||
| 				"--synchronize-users", | ||||
| 				"--page-size", "99", | ||||
| 				"--enable-groups", | ||||
| 				"--group-search-base-dn", "ou=group,dc=full-domain-bind,dc=org", | ||||
| 				"--group-member-attribute", "memberUid", | ||||
| 				"--group-user-attribute", "uid", | ||||
| 				"--group-filter", "(|(cn=gitea_users)(cn=admins))", | ||||
| 				"--group-team-map", `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`, | ||||
| 				"--group-team-map-removal", | ||||
| 			}, | ||||
| 			source: &auth.Source{ | ||||
| 				Type:          auth.LDAP, | ||||
| @@ -78,6 +85,13 @@ func TestAddLdapBindDn(t *testing.T) { | ||||
| 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", | ||||
| 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", | ||||
| 					Enabled:               true, | ||||
| 					GroupsEnabled:         true, | ||||
| 					GroupDN:               "ou=group,dc=full-domain-bind,dc=org", | ||||
| 					GroupMemberUID:        "memberUid", | ||||
| 					UserUID:               "uid", | ||||
| 					GroupFilter:           "(|(cn=gitea_users)(cn=admins))", | ||||
| 					GroupTeamMap:          `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`, | ||||
| 					GroupTeamMapRemoval:   true, | ||||
| 				}, | ||||
| 			}, | ||||
| 		}, | ||||
| @@ -510,6 +524,13 @@ func TestUpdateLdapBindDn(t *testing.T) { | ||||
| 				"--bind-password", "secret-bind-full", | ||||
| 				"--synchronize-users", | ||||
| 				"--page-size", "99", | ||||
| 				"--enable-groups", | ||||
| 				"--group-search-base-dn", "ou=group,dc=full-domain-bind,dc=org", | ||||
| 				"--group-member-attribute", "memberUid", | ||||
| 				"--group-user-attribute", "uid", | ||||
| 				"--group-filter", "(|(cn=gitea_users)(cn=admins))", | ||||
| 				"--group-team-map", `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`, | ||||
| 				"--group-team-map-removal", | ||||
| 			}, | ||||
| 			id: 23, | ||||
| 			existingAuthSource: &auth.Source{ | ||||
| @@ -545,6 +566,13 @@ func TestUpdateLdapBindDn(t *testing.T) { | ||||
| 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)", | ||||
| 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)", | ||||
| 					Enabled:               true, | ||||
| 					GroupsEnabled:         true, | ||||
| 					GroupDN:               "ou=group,dc=full-domain-bind,dc=org", | ||||
| 					GroupMemberUID:        "memberUid", | ||||
| 					UserUID:               "uid", | ||||
| 					GroupFilter:           "(|(cn=gitea_users)(cn=admins))", | ||||
| 					GroupTeamMap:          `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`, | ||||
| 					GroupTeamMapRemoval:   true, | ||||
| 				}, | ||||
| 			}, | ||||
| 		}, | ||||
|   | ||||
		Reference in New Issue
	
	Block a user