859
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
</tab>
</tab>
</tabs>
</tabs>
===Using Maria DB >= 10.4===
From here:
https://docs.gitea.com/installation/database-prep
For local database:
SET old_passwords=0;
CREATE USER 'gitea'@'%' IDENTIFIED BY 'gitea';
Create database with UTF-8 charset and collation. Make sure to use utf8mb4 charset instead of utf8 as the former supports all Unicode characters (including emojis) beyond Basic Multilingual Plane. Also, collation chosen depending on your expected content. When in doubt, use either unicode_ci or general_ci.
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
Grant all privileges on the database to database user created above.
For local database:
GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea';
FLUSH PRIVILEGES;
Quit from database console using 'exit'
Test your connection
mysql -u gitea -p giteadb
Now you can use the Database Type "Maria DB" in your setup.
===LDAP settings===
https://docs.gitea.com/features/authentication
Under SME v10 we can authenticate users against the local LDAP server.
On my server I had already set up a LDAP authentication user called 'auth' rather than using the admin account.
I also set up a group called 'it_dept' for restricting user access.
Site Administration, Authentication Sources
Add Authentication Source
==== Settings====
Authentication Name : Choose a name
Security Protocol: StartTLS
Host: Your LDAP host
Port: 389
Bind DN: uid=auth,ou=Users,dc=yourdomain,dc=com
Bind Password: "password of 'auth' user"
User Search Base: ou=Users,dc=yourdomain,dc=com
User Filter: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
First Name Attribute: givenName
Surname Attribute: sn
Email Attribute: mail
Enable LDAP Groups
Group Search Base DN: ou=Groups,dc=yourdomain,dc=com
Group Attribute Containing List Of Users :memberUID
Verify group membership in LDAP: (cn=it_dept)
Fetch Attributes in Bind DN Context: enabled
This Authentication source is Activated: enabled
Enable user synchronization: enabled (after you have checked your settings!)
This option enables a periodic task that synchronizes the Gitea users with the LDAP server. The default period is every 24 hours but that can be changed in the app.ini file. See the cron.sync_external_users section in the sample app.ini for detailed comments about that section. The User Search Base and User Filter settings described above will limit which users can use Gitea and which users will be synchronized. When initially run the task will create all LDAP users that match the given settings so take care if working with large Enterprise LDAP directories.
====Notes====
Once this is enabled a user logging in will have a gitea account created and synced.
You can also change the accounts between Local and LDAP
Identity & Access, User Accounts
Authentication Source: LDAP
Authentication Sign-In Name: Match the LDAP name
Update and test login.
[[Category:Developer]]
[[Category:Developer]]
