Line 131: |
Line 131: |
| </tab> | | </tab> |
| </tabs> | | </tabs> |
| + | |
| + | ===Using Maria DB >= 10.4=== |
| + | |
| + | From here: |
| + | |
| + | https://docs.gitea.com/installation/database-prep |
| + | |
| + | For local database: |
| + | |
| + | SET old_passwords=0; |
| + | CREATE USER 'gitea'@'%' IDENTIFIED BY 'gitea'; |
| + | |
| + | Create database with UTF-8 charset and collation. Make sure to use utf8mb4 charset instead of utf8 as the former supports all Unicode characters (including emojis) beyond Basic Multilingual Plane. Also, collation chosen depending on your expected content. When in doubt, use either unicode_ci or general_ci. |
| + | |
| + | CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci'; |
| + | |
| + | Grant all privileges on the database to database user created above. |
| + | |
| + | For local database: |
| + | |
| + | GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'; |
| + | FLUSH PRIVILEGES; |
| + | |
| + | Quit from database console using 'exit' |
| + | |
| + | Test your connection |
| + | |
| + | mysql -u gitea -p giteadb |
| + | |
| + | Now you can use the Database Type "Maria DB" in your setup. |
| + | |
| + | ===LDAP settings=== |
| + | |
| + | https://docs.gitea.com/features/authentication |
| + | |
| + | Under SME v10 we can authenticate users against the local LDAP server. |
| + | |
| + | On my server I had already set up a LDAP authentication user called 'auth' rather than using the admin account. |
| + | I also set up a group called 'it_dept' for restricting user access. |
| + | |
| + | Site Administration, Authentication Sources |
| + | |
| + | Add Authentication Source |
| + | |
| + | ==== Settings==== |
| + | Authentication Name : Choose a name |
| + | Security Protocol: StartTLS |
| + | Host: Your LDAP host |
| + | Port: 389 |
| + | Bind DN: uid=auth,ou=Users,dc=yourdomain,dc=com |
| + | Bind Password: "password of 'auth' user" |
| + | User Search Base: ou=Users,dc=yourdomain,dc=com |
| + | User Filter: (&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s))) |
| + | |
| + | First Name Attribute: givenName |
| + | Surname Attribute: sn |
| + | Email Attribute: mail |
| + | |
| + | Enable LDAP Groups |
| + | |
| + | Group Search Base DN: ou=Groups,dc=yourdomain,dc=com |
| + | Group Attribute Containing List Of Users :memberUID |
| + | Verify group membership in LDAP: (cn=it_dept) |
| + | |
| + | Fetch Attributes in Bind DN Context: enabled |
| + | This Authentication source is Activated: enabled |
| + | |
| + | Enable user synchronization: enabled (after you have checked your settings!) |
| + | |
| + | This option enables a periodic task that synchronizes the Gitea users with the LDAP server. The default period is every 24 hours but that can be changed in the app.ini file. See the cron.sync_external_users section in the sample app.ini for detailed comments about that section. The User Search Base and User Filter settings described above will limit which users can use Gitea and which users will be synchronized. When initially run the task will create all LDAP users that match the given settings so take care if working with large Enterprise LDAP directories. |
| + | |
| + | ====Notes==== |
| + | |
| + | Once this is enabled a user logging in will have a gitea account created and synced. |
| + | |
| + | You can also change the accounts between Local and LDAP |
| + | |
| + | Identity & Access, User Accounts |
| + | |
| + | Authentication Source: LDAP |
| + | Authentication Sign-In Name: Match the LDAP name |
| + | |
| + | Update and test login. |
| + | |
| | | |
| [[Category:Developer]] | | [[Category:Developer]] |