Merge pull request #44 from tvo6/ldap-auth

Add LDAP auth support

roles/matrix-server/defaults/main.yml

@@ -152,6 +152,18 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
 matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py"
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
 
+# Enable this to activate LDAP password provider
+matrix_synapse_ext_password_provider_ldap: false
+matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
+matrix_synapse_ext_password_provider_ldap_start_tls: true
+matrix_synapse_ext_password_provider_ldap_base: ""
+matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
+matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
+matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
+matrix_synapse_ext_password_provider_ldap_bind_dn: ""
+matrix_synapse_ext_password_provider_ldap_bind_password: ""
+matrix_synapse_ext_password_provider_ldap_filter: ""
+
 
 # The defaults below cause a postgres server to be configured (running within a container).
 # Using an external server is possible by tweaking all of the parameters below.

roles/matrix-server/tasks/setup/setup_synapse_ext.yml

@@ -4,6 +4,8 @@
 
 - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml
 
+- include: tasks/setup/setup_synapse_ext_ldap.yml
+
 - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml
 
 - include: tasks/setup/setup_synapse_ext_mautrix_whatsapp.yml

roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml

@@ -0,0 +1,11 @@
+- set_fact:
+    matrix_synapse_password_providers_enabled: true
+  when: "matrix_synapse_ext_password_provider_ldap"
+
+- set_fact:
+    matrix_synapse_additional_loggers: >
+      {{ matrix_synapse_additional_loggers }}
+      +
+      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
+  when: "matrix_synapse_ext_password_provider_ldap"
+

roles/matrix-server/templates/synapse/homeserver.yaml.j2

@@ -649,6 +649,21 @@ password_providers:
     config:
       sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 {% endif %}
+{% if matrix_synapse_ext_password_provider_ldap %}
+  - module: "ldap_auth_provider.LdapAuthProvider"
+    config:
+      enabled: true
+      uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}"
+      start_tls: "{{ matrix_synapse_ext_password_provider_ldap_start_tls }}"
+      base: "{{ matrix_synapse_ext_password_provider_ldap_base }}"
+      attributes:
+        uid: "{{ matrix_synapse_ext_password_provider_ldap_attributes_uid }}"
+        mail: "{{ matrix_synapse_ext_password_provider_ldap_attributes_mail }}"
+        name: "{{ matrix_synapse_ext_password_provider_ldap_attributes_name }}"
+      bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}"
+      bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}"
+      filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}"
+{% endif %}
 {% endif %}
 
 
@@ -779,4 +794,4 @@ enable_group_creation: false
 alias_creation_rules:
     - user_id: "*"
       alias: "*"
-      action: allow
+      action: allow