Support configuring mxisd's identity stores (two of them)
mxisd supports several identity stores. Add support to configure two of them: * synapseSql (storing identities directly in Synapse's database) * LDAP This removed the need to copy `mxisd.yaml.j2` to the inventory in case one wants to use LDAP as identity store. Note that the previous solution (copying `mxisd.yaml.j2` was poor because of two reasons: * The copy remains outdated in case the original is updated in future versions of this repo. * The role's configuration should be in one place (configured only through role variables) instead of in multiple. Configuring more identity stores through role variables can be supported in the future.
This commit is contained in:
parent
ea549403d4
commit
22523c0e42
|
@ -237,6 +237,39 @@ matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
|||
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
|
||||
matrix_mxisd_matrixorg_forwarding_enabled: false
|
||||
|
||||
# mxisd has serveral supported identity stores.
|
||||
# One of them is storing identities directly in Synapse's database.
|
||||
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
|
||||
matrix_mxisd_synapsesql_enabled: true
|
||||
matrix_mxisd_synapsesql_type: postgresql
|
||||
matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
|
||||
|
||||
# LDAP is another identity store that's supported by mxisd.
|
||||
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
|
||||
matrix_mxisd_ldap_enabled: false
|
||||
matrix_mxisd_ldap_connection_host: ldapHostnameOrIp
|
||||
matrix_mxisd_ldap_connection_tls: false
|
||||
matrix_mxisd_ldap_connection_port: 389
|
||||
matrix_mxisd_ldap_connection_baseDn: OU=Users,DC=example,DC=org
|
||||
matrix_mxisd_ldap_connection_bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
|
||||
matrix_mxisd_ldap_connection_bindPassword: TheUserPassword
|
||||
# The following keys are optional:
|
||||
# matrix_mxisd_ldap_filter: ""
|
||||
# matrix_mxisd_ldap_attribute_uid_type: uid
|
||||
# matrix_mxisd_ldap_attribute_uid_value: sAMAccountName
|
||||
# matrix_mxisd_ldap_attribute_name: cn
|
||||
# matrix_mxisd_ldap_attribute_threepid_email:
|
||||
# - mail
|
||||
# - otherMailAttribute
|
||||
# matrix_mxisd_ldap_attribute_threepid_msisdn:
|
||||
# - phone
|
||||
# - otherPhoneAttribute
|
||||
# matrix_mxisd_ldap_identity_filter: ""
|
||||
# matrix_mxisd_ldap_identity_medium: ""
|
||||
# matrix_mxisd_ldap_auth_filter: ""
|
||||
# matrix_mxisd_ldap_directory_filter: ""
|
||||
|
||||
|
||||
# Specifies which template files to use when configuring mxisd.
|
||||
# If you'd like to have your own different configuration, feel free to copy and paste
|
||||
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
|
||||
|
|
|
@ -10,10 +10,59 @@ threepid.medium.email.connectors.smtp.host: matrix-mailer
|
|||
threepid.medium.email.connectors.smtp.port: 587
|
||||
threepid.medium.email.connectors.smtp.tls: 0
|
||||
|
||||
synapseSql.enabled: true
|
||||
synapseSql.type: postgresql
|
||||
synapseSql.connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
|
||||
|
||||
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
|
||||
forward.servers: ['matrix-org']
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
synapseSql.enabled: {{ matrix_mxisd_synapsesql_enabled }}
|
||||
synapseSql.type: {{ matrix_mxisd_synapsesql_type }}
|
||||
synapseSql.connection: {{ matrix_mxisd_synapsesql_connection }}
|
||||
|
||||
ldap.enabled: {{ matrix_mxisd_ldap_enabled }}
|
||||
ldap.connection.host: {{ matrix_mxisd_ldap_connection_host }}
|
||||
ldap.connection.tls: {{ matrix_mxisd_ldap_connection_tls }}
|
||||
ldap.connection.port: {{ matrix_mxisd_ldap_connection_port }}
|
||||
ldap.connection.baseDn: {{ matrix_mxisd_ldap_connection_baseDn }}
|
||||
ldap.connection.bindDn: {{ matrix_mxisd_ldap_connection_bindDn }}
|
||||
ldap.connection.bindPassword: {{ matrix_mxisd_ldap_connection_bindPassword }}
|
||||
|
||||
{% if matrix_mxisd_ldap_filter is defined %}
|
||||
ldap.filter: {{ matrix_mxisd_ldap_filter }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_attribute_uid_type is defined %}
|
||||
ldap.attribute.uid.type: {{ matrix_mxisd_ldap_attribute_uid_type }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_attribute_uid_value is defined %}
|
||||
ldap.attribute.uid.value: {{ matrix_mxisd_ldap_attribute_uid_value }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_attribute_name is defined %}
|
||||
ldap.attribute.name: {{ matrix_mxisd_ldap_attribute_name }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_attribute_threepid_email is defined %}
|
||||
ldap.attribute.threepid.email: {{ matrix_mxisd_ldap_attribute_threepid_email|to_yaml }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_attribute_threepid_msisdn is defined %}
|
||||
ldap.attribute.threepid.msisdn: {{ matrix_mxisd_ldap_attribute_threepid_msisdn|to_yaml }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_identity_filter is defined %}
|
||||
ldap.identity.filter: {{ matrix_mxisd_ldap_identity_filter }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_identity_medium is defined %}
|
||||
ldap.identity.medium: {{ matrix_mxisd_ldap_identity_medium }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_auth_filter is defined %}
|
||||
ldap.auth.filter: {{ matrix_mxisd_ldap_auth_filter }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_mxisd_ldap_directory_filter is defined %}
|
||||
ldap.directory.filter: {{ matrix_mxisd_ldap_directory_filter }}
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in a new issue