Username should be able to be an email address #4030
Comments
lunny
added
type/proposal
|
Thought: perhaps this should be a boolean option, since it could break other things. |
|
What would the users slug be in the URLs? |
|
This will also be nice for multi forrest ad users. |
|
Federation is currently being worked on (via a separate working group), and so this is something that will need to be evaluated in that context, as if emails are allowed, how would we mention across instances if an account on one instance is an email, especially if it contains a domain that doesn't match the domain of the git server. |
|
I have reverse proxy authentication set up. My Apache uses OpenID Connect, and I use it as SSO for a bunch of personal things. When I use a Google identity, the default for mod_auth_openidc is to use "sub" as the remote user, which is a long integer and domain: [email protected] I've changed it to use the "email" claim instead, which means it still contains an @-sign. Whenever I go to my profile page (for either of them) and try to change my username, it seems a new user is created. When I try to change anything else (and leaving username alone), it rejects it saying the username is invalid. It would indeed be nice to make that work. Since I want auto-registration (and handle authorization in Apache), I can't guarantee user-ID uniqueness except if it includes the domain. |
|
that should probably be handled in oauth instead by for example replacing |
|
Maybe it would work to change just the sanitizeUserDN to replace all instances of %s instead of just using sprintf for the first. Then you could use an LDAP filter like: |
|
I have a similar problem. My LDAP has Mail and userPrincipalName. I do like this:
userPrincipalName like as [email protected] After that, the user can log in by mail of the form: [email protected]
|
|
Was this functionality lost again? I was able to use LDAP emails as user-ids in version 1.7.0, but when I upgraded to version 1.12.0+dev-171-g12960b9d1 it does not seem to work any more, and with the same error:
|
|
Any news on this topic for version 1.12? |
|
@voidbip yes unfortunately the functionality had to be lost due to a security issue with it. What we need to do is allow LDAP to provide a mapping function from an email address to a username. |
|
Hello, i'm trying to use our LDAP as authentification. the user usually use email to authenticate and we can't use UID as is one letter and digit (ex: r160459) so the user can't remember that kind of information. Any news for future version of gitea ? thanks ! Edit: found a workaround, we have an LDAP attribute that we can use with "Name.GivenName" that work pretty well 👍 |
|
Years ago, I also used E-mail as username in LDAP and other systems. Then I have to admit that this is one of most bad mistakes I have made. Using E-mail as username leads to various problems. Then our team spent more time to migrate the account system from E-mail username to regular username. Even if you have different companies/organizations/domains, even if you want to use different domains for E-mails, do not use E-mail as username. You can have a unique regular username in you system and map it to different E-mails. So I would always down vote for the E-mail as username decision (of course, you can login via E-mail address which is mapped to a regular username). |
|
Closing per reasons above |
[x]):Failed to login '[email protected]' via 'ldap2.domain.local': Invalid pattern for attribute 'username' [[email protected]]: must be valid alpha or numeric or dash(-_) or dot characters
Description
Users in my ldap directory only have a full email address as their "uid" and therefore their username (for several reasons). I cannot get gitea to function in such an environment, because of the following check in login_source.go:
It would be wonderful if the check allowed for "@" characters as well.
Thank you!
...
Screenshots
The text was updated successfully, but these errors were encountered: