Open arpan34 opened 3 years ago
Have you seen the add-ldap
command line option? more info here: https://docs.gitea.io/en-us/command-line/
thanks @techknowlogick, that helped!
Gitea gui/cli does not seem to have an option to pass on certs to it while adding an authentication source. Is there a plan to support those use cases where ldap strictly demands clients to present the certificates?
Found a related issue: https://github.com/go-gitea/gitea/issues/6335
OK, so as far as I can see we would need to duplicate something like the below code from modules/graceful/server.go:
config.Certificates = make([]tls.Certificate, 1)
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err)
return err
}
keyPEMBlock, err := ioutil.ReadFile(keyFile)
if err != nil {
log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err)
return err
}
config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err)
return err
}
Are you suggesting that people paste in the key and the certificate directly into the GUI or would you have the key/cert pair in some standard position?
Hi, If possible, I would have liked to be able to point out the location of the certs, that way they can be stored in a place which I deem safe (and I would not necessarily need to have duplicate certs on the same machine).
Hi!
We are trying to add an LDAP authentication source. I know it can be done via Admin Panel but was wondering if it possible to do it via configuration file as well?