Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP for user sync only and only OIDC for login #23416

Open
olivierlambert opened this issue Mar 10, 2023 · 3 comments
Open

LDAP for user sync only and only OIDC for login #23416

olivierlambert opened this issue Mar 10, 2023 · 3 comments
Labels
topic/authentication type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@olivierlambert
Copy link

Feature Description

I'm currently using Gitea with LDAP (for user sync) + oidc( for strong auth, 2FA enable in Keycloak). It works well, Gitea is able to consolidate the users on first login via oidc.

However, I'd like to remove the LDAP login (which is not with 2FA) to only leave oidc as a choice to login.

If I disable the LDAP auth source, people can't consolidate their account anymore on first login. Is there an elegant solution to this?

Screenshots

No response
@olivierlambert olivierlambert added type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first. labels Mar 10, 2023
@svenseeberg
Copy link
Contributor

svenseeberg commented Mar 24, 2023
edited
Loading

While it is probably not elegant and I have not yet tested it: couldn't you set the user filter to something that does not work? For example (null=%s)? Ah never mind. Users would not be able to merge the accounts then, because they need the working login.

@olivierlambert
Copy link
Author

Ah indeed! Is something like this planned for a future version? Maybe my method of LDAP to sync and OIDC isn't the "best practice"?

@svenseeberg
Copy link
Contributor

I'm not aware of such a feature.

What you can also do is update the login_source, login_type and login_name for all users in the user table. Maybe there is also another field that needs to be touched. The SQL structure is not that difficult though. But please test thoroughly ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic/authentication type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lunny @olivierlambert @svenseeberg @delvh