Merge pull request #44 from tvo6/ldap-auth

Add LDAP auth support
7 лет назад · cee31a8ab5
--- a/roles/matrix-server/defaults/main.yml
+++ b/roles/matrix-server/defaults/main.yml
@@ -152,6 +152,18 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
 matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py"
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

 # Enable this to activate LDAP password provider
 matrix_synapse_ext_password_provider_ldap: false
 matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
 matrix_synapse_ext_password_provider_ldap_start_tls: true
 matrix_synapse_ext_password_provider_ldap_base: ""
 matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
 matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
 matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
 matrix_synapse_ext_password_provider_ldap_bind_dn: ""
 matrix_synapse_ext_password_provider_ldap_bind_password: ""
 matrix_synapse_ext_password_provider_ldap_filter: ""


 # The defaults below cause a postgres server to be configured (running within a container).
 # Using an external server is possible by tweaking all of the parameters below.
--- a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
@@ -4,6 +4,8 @@

 - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml

 - include: tasks/setup/setup_synapse_ext_ldap.yml

 - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml

 - include: tasks/setup/setup_synapse_ext_mautrix_whatsapp.yml
--- a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml
@@ -0,0 +1,11 @@
 - set_fact:
    matrix_synapse_password_providers_enabled: true
  when: "matrix_synapse_ext_password_provider_ldap"

 - set_fact:
    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
  when: "matrix_synapse_ext_password_provider_ldap"

--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@@ -649,6 +649,21 @@ password_providers:
    config:
      sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 {% endif %}
 {% if matrix_synapse_ext_password_provider_ldap %}
  - module: "ldap_auth_provider.LdapAuthProvider"
    config:
      enabled: true
      uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}"
      start_tls: "{{ matrix_synapse_ext_password_provider_ldap_start_tls }}"
      base: "{{ matrix_synapse_ext_password_provider_ldap_base }}"
      attributes:
        uid: "{{ matrix_synapse_ext_password_provider_ldap_attributes_uid }}"
        mail: "{{ matrix_synapse_ext_password_provider_ldap_attributes_mail }}"
        name: "{{ matrix_synapse_ext_password_provider_ldap_attributes_name }}"
      bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}"
      bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}"
      filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}"
 {% endif %}
 {% endif %}


@@ -779,4 +794,4 @@ enable_group_creation: false
 alias_creation_rules:
    - user_id: "*"
      alias: "*"
      action: allow
      action: allow