Add CLI commands to manage LDAP authentication source (#6681)

* add CLI commands to manage LDAP authentication source * delete Gogs copyright * remove unused return value of func parseLoginSource * fix comment Co-Authored-By: ngourdon <31291059+ngourdon@users.noreply.github.com> * remove config flag already present in global flags * remove config flag from ldap commands in docs * remove config flag handling
2019-06-17 20:32:20 +02:00
parent a200ca1551
commit a618df8d84
4 changed files with 1802 additions and 1 deletions
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -131,6 +131,10 @@ var (
 		Subcommands: []cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
+			cmdAuthAddLdapBindDn,
+			cmdAuthUpdateLdapBindDn,
+			cmdAuthAddLdapSimpleAuth,
+			cmdAuthUpdateLdapSimpleAuth,
 			microcmdAuthList,
 			microcmdAuthDelete,
 		},
@ -144,7 +148,7 @@ var (

 	idFlag = cli.Int64Flag{
 		Name:  "id",
-		Usage: "ID of OAuth authentication source",
+		Usage: "ID of authentication source",
 	}

 	microcmdAuthDelete = cli.Command{
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/docs/content/doc/usage/command-line.en-us.md
+++ b/docs/content/doc/usage/command-line.en-us.md
@ -123,6 +123,94 @@ Admin operations:
                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
            - Examples:
                - `gitea admin auth update-oauth --id 1 --name external-github-updated`
+        - `add-ldap`: Add new LDAP (via Bind DN) authentication source
+            - Options:
+                - `--name value`: Authentication name. Required.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name. Required.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached. Required.
+                - `--port value`: The port to use when connecting to the LDAP server. Required.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for. Required.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
+                - `--bind-password value`: The password for the Bind DN, if any.
+                - `--attributes-in-bind`: Fetch attributes in bind DN context.
+                - `--synchronize-users`: Enable user synchronization.
+                - `--page-size value`: Search page size.
+            - Examples:
+                - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail`
+        - `update-ldap`: Update existing LDAP (via Bind DN) authentication source
+            - Options:
+                - `--id value`: ID of authentication source. Required.
+                - `--name value`: Authentication name.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached.
+                - `--port value`: The port to use when connecting to the LDAP server.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
+                - `--bind-password value`: The password for the Bind DN, if any.
+                - `--attributes-in-bind`: Fetch attributes in bind DN context.
+                - `--synchronize-users`: Enable user synchronization.
+                - `--page-size value`: Search page size.
+            - Examples:
+                - `gitea admin auth update-ldap --id 1 --name "my ldap auth source"`
+                - `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
+        - `add-ldap-simple`: Add new LDAP (simple auth) authentication source
+            - Options:
+                - `--name value`: Authentication name. Required.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name. Required.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached. Required.
+                - `--port value`: The port to use when connecting to the LDAP server. Required.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--user-dn value`: The user’s DN. Required.
+            - Examples:
+                - `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail`
+        - `update-ldap-simple`: Update existing LDAP (simple auth) authentication source
+            - Options:
+                - `--id value`: ID of authentication source. Required.
+                - `--name value`: Authentication name.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached.
+                - `--port value`: The port to use when connecting to the LDAP server.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--user-dn value`: The user’s DN.
+            - Examples:
+                - `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"`
+                - `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`

 #### cert