Add LDAP authentication (#470)

* Introduce basic LDAP authentication. * Reformat LDAP code; use ldap in Git HTTP * lint --------- Co-authored-by: Santhosh Raju <santhosh.raju@gmail.com>
2025-07-09 17:38:04 +02:00 · 2025-05-09 19:32:22 +02:00
parent 72e02700ec
commit 897dc43790
10 changed files with 284 additions and 29 deletions
--- a/docs/configuration/cheat-sheet.md
+++ b/docs/configuration/cheat-sheet.md
@ -36,10 +36,15 @@ aside: false
 | gitea.secret          | OG_GITEA_SECRET                     | none                  | The secret for the Gitea OAuth application.                                                                                                                                                                                      |
 | gitea.url             | OG_GITEA_URL                        | `https://gitea.com/`  | The URL of the Gitea instance.                                                                                                                                                                                                   |
 | gitea.name            | OG_GITEA_NAME                       | `Gitea`               | The name of the Gitea instance. It is displayed in the OAuth login button.                                                                                                                                                       |
-| oidc.provider-name    | OG_OIDC_PROVIDER_NAME               | none                  | The name of the OIDC provider |
+| oidc.provider-name    | OG_OIDC_PROVIDER_NAME               | none                  | The name of the OIDC provider                                                                                                                                                                                                    |
 | oidc.client-key       | OG_OIDC_CLIENT_KEY                  | none                  | The client key for the OpenID application.                                                                                                                                                                                       |
 | oidc.secret           | OG_OIDC_SECRET                      | none                  | The secret for the OpenID application.                                                                                                                                                                                           |
 | oidc.discovery-url    | OG_OIDC_DISCOVERY_URL               | none                  | Discovery endpoint of the OpenID provider.                                                                                                                                                                                       |
+| ldap.url              | OG_LDAP_URL                         | none                  | URL of the LDAP instance; if not set, LDAP authentication is disabled                                                                                                                                                            |
+| ldap.bind-dn          | OG_LDAP_BIND_DN                     | none                  | Bind DN to authenticate against the LDAP. e.g: cn=read-only-admin,dc=example,dc=com                                                                                                                                              |
+| ldap.bind-credentials | OG_LDAP_BIND_CREDENTIALS            | none                  | The password for the Bind DN.                                                                                                                                                                                                    |
+| ldap.search-base      | OG_LDAP_SEARCH_BASE                 | none                  | The Base DN to start search from. e.g: ou=People,dc=example,dc=com                                                                                                                                                               |
+| ldap.search-filter    | OG_LDAP_SEARCH_FILTER               | none                  | The filter to search against (the format string %s will be replaced with the username). e.g: (uid=%s)                                                                                                                            |
 | custom.name           | OG_CUSTOM_NAME                      | none                  | The name of your instance, to be displayed in the tab title                                                                                                                                                                      |
 | custom.logo           | OG_CUSTOM_LOGO                      | none                  | Path to an image, relative to $opengist-home/custom.                                                                                                                                                                             |
 | custom.favicon        | OG_CUSTOM_FAVICON                   | none                  | Path to an image, relative to $opengist-home/custom.                                                                                                                                                                             |