search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.1k stars 5.49k forks source link

Possibility Of Login with Both Ldap and Open ID to same account #8464

Closed kstan79 closed 3 years ago

kstan79 commented 5 years ago

Description

I wish to allow user to login via openid from web console, but clone checkout/push/etc using ldap password. The reason behind is we have internal keycloak server which bind to ldap. At this moment, gitea require to maintain internal password when I bind account to openid server. I know there is alternative way like using certificate file but that is not preferable option due to it added complexity of deployment.

Screenshots

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

strk commented 4 years ago

Sounds like a great idea, any chance you'll be able to think about how it could be implemented ? Right now OpenID accounts are considered "local" so I guess we could switch from local to LDAP to do that. See also https://github.com/go-gitea/gitea/issues/1124 as I think it's somewhat related

flortsch commented 3 years ago

For me, this actually works. In Gitea, I setup an LDAP backend (FreeIPA) and OpenID provider (Keycloak). I can login with LDAP information, and on first login with OpenID, I can link to the existing Gitea account from the LDAP backend. With this, both OpenID via browser and repo interactions on the terminal via LDAP login work.

lunny commented 3 years ago

As @flortsch said, I will close this and please feel free to reopen it.