Add LDAP group sync to Teams, fixes #1395 (#16299)

* Add setting for a JSON that maps LDAP groups to Org Teams.
* Add log when removing or adding team members.
* Sync is being run on login and periodically.
* Existing group filter settings are reused.
* Adding and removing team members.
* Sync not existing LDAP group.
* Login with broken group map JSON.

services/auth/source/ldap/source_authenticate.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strings"
 
+	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
@@ -59,10 +60,14 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 	}
 
 	if user != nil {
+		if source.GroupsEnabled && (source.GroupTeamMap != "" || source.GroupTeamMapRemoval) {
+			orgCache := make(map[string]*models.Organization)
+			teamCache := make(map[string]*models.Team)
+			source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
+		}
 		if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(user, source.authSource, sr.SSHPublicKey) {
 			return user, asymkey_model.RewriteAllPublicKeys()
 		}
-
 		return user, nil
 	}
 
@@ -98,10 +103,14 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 	if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(user, source.authSource, sr.SSHPublicKey) {
 		err = asymkey_model.RewriteAllPublicKeys()
 	}
-
 	if err == nil && len(source.AttributeAvatar) > 0 {
 		_ = user_service.UploadAvatar(user, sr.Avatar)
 	}
+	if source.GroupsEnabled && (source.GroupTeamMap != "" || source.GroupTeamMapRemoval) {
+		orgCache := make(map[string]*models.Organization)
+		teamCache := make(map[string]*models.Team)
+		source.SyncLdapGroupsToTeams(user, sr.LdapTeamAdd, sr.LdapTeamRemove, orgCache, teamCache)
+	}
 
 	return user, err
 }