Set LDAP via configuration file

[arpan34]

Hi!

We are trying to add an LDAP authentication source. I know it can be done via Admin Panel but was wondering if it possible to do it via configuration file as well?

[techknowlogick]

Have you seen the add-ldap command line option? more info here: https://docs.gitea.io/en-us/command-line/

[arpan34]

thanks @techknowlogick, that helped!

Gitea gui/cli does not seem to have an option to pass on certs to it while adding an authentication source. Is there a plan to support those use cases where ldap strictly demands clients to present the certificates?

Found a related issue: https://github.com/go-gitea/gitea/issues/6335

[zeripath]

OK, so as far as I can see we would need to duplicate something like the below code from modules/graceful/server.go:

    config.Certificates = make([]tls.Certificate, 1)

    certPEMBlock, err := ioutil.ReadFile(certFile)
    if err != nil {
        log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err)
        return err
    }

    keyPEMBlock, err := ioutil.ReadFile(keyFile)
    if err != nil {
        log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err)
        return err
    }

    config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
    if err != nil {
        log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err)
        return err
    }

Are you suggesting that people paste in the key and the certificate directly into the GUI or would you have the key/cert pair in some standard position?

[odecif]

Hi, If possible, I would have liked to be able to point out the location of the certs, that way they can be stored in a place which I deem safe (and I would not necessarily need to have duplicate certs on the same machine).