Clarify LDAP config default values #334

New Issue

Open

opened 2022-07-05 07:53:44 +00:00 by pat-s · 6 comments

pat-s commented 2022-07-05 07:53:44 +00:00 (Migrated from gitea.com)

Copy Link

The Gitea LDAP documentation does not list port, securityProtocol and emailAttribute as required values. Though when omitting these in the helm chart definition, the deployment errors with "XX is not set".

Should the defaults be set to port=389, securityProtocol=unencrypted, emailAttribute=mail?

The [Gitea LDAP documentation](https://docs.gitea.io/en-us/authentication/#ldap-via-binddn) does not list `port`, `securityProtocol` and `emailAttribute` as required values. Though when omitting these in the helm chart definition, the deployment errors with "XX is not set". Should the defaults be set to `port=389`, `securityProtocol=unencrypted`, `emailAttribute=mail`?

justusbunsi commented 2022-07-05 09:41:03 +00:00 (Migrated from gitea.com)

Copy Link

Port and emailAttribute are defined as required in the docs. It's listed in the "shared" properties section above your link. https://docs.gitea.io/en-us/authentication/#ldap-lightweight-directory-access-protocol

Only attribute missing seems to be securityProtocol. But I don't think we should set a default value. Especially not the "unencrypted" value. It should be up to the user to decide whether sending the credentials encrypted or in plaintext. Maybe the Chart could fail during rendering if any of the specified ldap configs is missing a required field. That way applying would already fail and we can give a clear hint on what's the issue.

Port and emailAttribute are defined as required in the docs. It's listed in the "shared" properties section above your link. https://docs.gitea.io/en-us/authentication/#ldap-lightweight-directory-access-protocol Only attribute missing seems to be securityProtocol. But I don't think we should set a default value. Especially not the "unencrypted" value. It should be up to the user to decide whether sending the credentials encrypted or in plaintext. Maybe the Chart could fail during rendering if any of the specified ldap configs is missing a required field. That way applying would already fail and we can give a clear hint on what's the issue.

pat-s commented 2022-07-05 15:14:32 +00:00 (Migrated from gitea.com)

Copy Link

Not in the "via BindDN" option: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn (only looked at this section, you're right they are defined in the others, e.g. https://docs.gitea.io/en-us/authentication/#ldap-lightweight-directory-access-protocol). So it seems they should just be added to this section :)

Only attribute missing seems to be securityProtocol. But I don't think we should set a default value. Especially not the "unencrypted" value. It should be up to the user to decide whether sending the credentials encrypted or in plaintext.

Agree!

Maybe the Chart could fail during rendering if any of the specified ldap configs is missing a required field.

Jup sounds good. It already does but with a Gitea error during container startup which is not so easy to spot.

Not in the "via BindDN" option: https://docs.gitea.io/en-us/authentication/#ldap-via-binddn (only looked at this section, you're right they are defined in the others, e.g. https://docs.gitea.io/en-us/authentication/#ldap-lightweight-directory-access-protocol). So it seems they should just be added to this section :) > Only attribute missing seems to be securityProtocol. But I don't think we should set a default value. Especially not the "unencrypted" value. It should be up to the user to decide whether sending the credentials encrypted or in plaintext. Agree! > Maybe the Chart could fail during rendering if any of the specified ldap configs is missing a required field. Jup sounds good. It already does but with a Gitea error during container startup which is not so easy to spot.

justusbunsi commented 2022-07-05 15:19:42 +00:00 (Migrated from gitea.com)

Copy Link

The first section in the docs is for both ldap config types:

Both the LDAP via BindDN and the simple auth LDAP share the following fields

The second section (via BindDN) just

Adds the following fields

I agree, this could be more obvious.

The first section in the docs is for both ldap config types: > Both the LDAP via BindDN and the simple auth LDAP share the following fields The second section (via BindDN) just > Adds the following fields I agree, this could be more obvious.

pat-s commented 2022-07-06 06:09:15 +00:00 (Migrated from gitea.com)

Copy Link

The first section in the docs is for both ldap config types:

Ah, well spotted!

I agree, this could be more obvious.

Y, I think duplication would not hurt here - or highlighting the shared section more prominently - but I think I 'd favor duplication here.

> The first section in the docs is for both ldap config types: Ah, well spotted! > I agree, this could be more obvious. Y, I think duplication would not hurt here - or highlighting the shared section more prominently - but I think I 'd favor duplication here.

👍 1

szpeter80 commented 2024-01-09 13:42:24 +00:00 (Migrated from gitea.com)

Copy Link

Sorry to revive a such old issue, but as of now, i can not find the possible values of 'securityProtocol'. The only reference is 'unencrypted' in the examples but there is no canonical list of accepted values and their meaning / implication. Am i missing something ?

Sorry to revive a such old issue, but as of now, i can not find the possible values of 'securityProtocol'. The only reference is 'unencrypted' in the examples but there is no canonical list of accepted values and their meaning / implication. Am i missing something ?

pat-s commented 2024-01-10 08:26:20 +00:00 (Migrated from gitea.com)

Copy Link

Other values are StartTLS and LDAPS. Documentation at https://docs.gitea.com/next/usage/authentication#ldap-via-binddn should be updated, PRs welcome!

Other values are `StartTLS` and `LDAPS`. Documentation at https://docs.gitea.com/next/usage/authentication#ldap-via-binddn should be updated, PRs welcome!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

v10.6.0

v10.5.0

v10.4.1

v10.4.0

v10.3.0

v10.2.0

v10.1.4

v10.1.3

v10.1.2

v10.1.1

v10.1.0

v10.0.2

v10.0.1

v10.0.0

v9.6.1

v9.6.0

v9.5.1

v9.5.0

v9.4.0

v9.3.0

v9.2.1

v9.2.0

v9.1.0

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.3.0

v8.2.0

v8.1.0

v8.0.3

v8.0.2

v8.0.1

v8.0.0

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.1.1

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

kind/enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#334

No description provided.