From 9cf9a1ec549cf6ab280f8974b41dbd2ce11c523d Mon Sep 17 00:00:00 2001 From: Thomas vO Date: Tue, 27 Nov 2018 16:40:22 +0100 Subject: [PATCH] [auth-ldap] add template + vars for ldap auth --- roles/matrix-server/defaults/main.yml | 12 ++++++++++++ .../templates/synapse/homeserver.yaml.j2 | 19 ++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index c1701a606..a418f4f57 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -152,6 +152,18 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" +# Enable this to activate LDAP password provider +matrix_synapse_ext_password_provider_ldap: false +matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" +matrix_synapse_ext_password_provider_ldap_tls: true +matrix_synapse_ext_password_provider_ldap_base: "" +matrix_synapse_ext_password_provider_ldap_attr_uid: "uid" +matrix_synapse_ext_password_provider_ldap_attr_mail: "mail" +matrix_synapse_ext_password_provider_ldap_attr_name: "name" +matrix_synapse_ext_password_provider_ldap_binddn: "" +matrix_synapse_ext_password_provider_ldap_bindpwd: "" +matrix_synapse_ext_password_provider_ldap_filter: "" + # The defaults below cause a postgres server to be configured (running within a container). # Using an external server is possible by tweaking all of the parameters below. diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 index 67b9c9662..d693b8c2c 100644 --- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 @@ -649,6 +649,23 @@ password_providers: config: sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" {% endif %} +{% if matrix_synapse_ext_password_provider_ldap %} + - module: "ldap_auth_provider.LdapAuthProvider" + config: + enabled: true + uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}" + start_tls: {{ matrix_synapse_ext_password_provider_ldap_tls }} + base: "{{ matrix_synapse_ext_password_provider_ldap_base }}" + attributes: + uid: "{{ matrix_synapse_ext_password_provider_ldap_attr_uid }}" + mail: "{{ matrix_synapse_ext_password_provider_ldap_attr_mail }}" + name: "{{ matrix_synapse_ext_password_provider_ldap_attr_name }}" + bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_binddn }}" + bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bindpwd }}" + {% if matrix_synapse_ext_password_provider_ldap_filter %} + filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}" + {% endif %} +{% endif %} {% endif %} @@ -779,4 +796,4 @@ enable_group_creation: false alias_creation_rules: - user_id: "*" alias: "*" - action: allow \ No newline at end of file + action: allow