Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into new-cmds

CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2018-11-28
+
+## LDAP auth support via matrix-synapse-ldap3
+
+The playbook can now install and configure [LDAP auth support](https://github.com/matrix-org/matrix-synapse-ldap3) for you.
+
+Additional details are available in [Setting up the LDAP authentication password provider module](docs/configuring-playbook-ldap-auth.md).
+
+
 # 2018-11-23
 
 ## Support for controlling public registration and room auto-join

README.md

@@ -30,6 +30,8 @@ Using this playbook, you can get the following services configured on your serve
 
 - (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module
 
+- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module
+
 - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
 
 - (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)

docs/configuring-playbook-ldap-auth.md

@@ -0,0 +1,20 @@
+# Setting up the LDAP authentication password provider module (optional, advanced)
+
+The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you.
+
+See that project's documentation to learn what it does and why it might be useful to you.
+
+If you decide that you'd like to let this playbook install it for you, you need some configuration like this:
+
+```yaml
+matrix_synapse_ext_password_provider_ldap_enabled: true
+matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
+matrix_synapse_ext_password_provider_ldap_start_tls: true
+matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
+matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
+matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
+matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
+matrix_synapse_ext_password_provider_ldap_bind_dn: ""
+matrix_synapse_ext_password_provider_ldap_bind_password: ""
+matrix_synapse_ext_password_provider_ldap_filter: ""
+```

docs/configuring-playbook.md

@@ -41,6 +41,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)
 
+- [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced)
+
 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)
 
 - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)

roles/matrix-server/defaults/main.yml

@@ -153,7 +153,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://r
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
 
 # Enable this to activate LDAP password provider
-matrix_synapse_ext_password_provider_ldap: false
+matrix_synapse_ext_password_provider_ldap_enabled: false
 matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
 matrix_synapse_ext_password_provider_ldap_start_tls: true
 matrix_synapse_ext_password_provider_ldap_base: ""

roles/matrix-server/tasks/setup/setup_synapse_ext.yml

@@ -4,7 +4,7 @@
 
 - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml
 
-- include: tasks/setup/setup_synapse_ext_ldap.yml
+- include: tasks/setup/setup_synapse_ext_ldap_auth.yml
 
 - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml
 

roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml → roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml

@@ -1,11 +1,11 @@
 - set_fact:
     matrix_synapse_password_providers_enabled: true
-  when: "matrix_synapse_ext_password_provider_ldap"
+  when: "matrix_synapse_ext_password_provider_ldap_enabled"
 
 - set_fact:
     matrix_synapse_additional_loggers: >
       {{ matrix_synapse_additional_loggers }}
       +
       {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
-  when: "matrix_synapse_ext_password_provider_ldap"
+  when: "matrix_synapse_ext_password_provider_ldap_enabled"
 

roles/matrix-server/templates/synapse/homeserver.yaml.j2

@@ -649,7 +649,7 @@ password_providers:
     config:
       sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 {% endif %}
-{% if matrix_synapse_ext_password_provider_ldap %}
+{% if matrix_synapse_ext_password_provider_ldap_enabled %}
   - module: "ldap_auth_provider.LdapAuthProvider"
     config:
       enabled: true