Support configuring mxisd's identity stores (two of them)

mxisd supports several identity stores. Add support to configure two of them:

* synapseSql (storing identities directly in Synapse's database)
* LDAP

This removed the need to copy `mxisd.yaml.j2` to the inventory in case one wants
to use LDAP as identity store. Note that the previous solution (copying
`mxisd.yaml.j2` was poor because of two reasons:

* The copy remains outdated in case the original is updated in future versions
  of this repo.
* The role's configuration should be in one place (configured only through role
  variables) instead of in multiple.

Configuring more identity stores through role variables can be supported in the
future.
This commit is contained in:
haslersn 2018-12-04 17:19:35 +01:00
parent ea549403d4
commit 22523c0e42
2 changed files with 87 additions and 5 deletions

View file

@ -237,6 +237,39 @@ matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
# Enabling this is discouraged. Learn more here: https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups
matrix_mxisd_matrixorg_forwarding_enabled: false
# mxisd has serveral supported identity stores.
# One of them is storing identities directly in Synapse's database.
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/synapse.md
matrix_mxisd_synapsesql_enabled: true
matrix_mxisd_synapsesql_type: postgresql
matrix_mxisd_synapsesql_connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
# LDAP is another identity store that's supported by mxisd.
# Learn more here: https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
matrix_mxisd_ldap_enabled: false
matrix_mxisd_ldap_connection_host: ldapHostnameOrIp
matrix_mxisd_ldap_connection_tls: false
matrix_mxisd_ldap_connection_port: 389
matrix_mxisd_ldap_connection_baseDn: OU=Users,DC=example,DC=org
matrix_mxisd_ldap_connection_bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org
matrix_mxisd_ldap_connection_bindPassword: TheUserPassword
# The following keys are optional:
# matrix_mxisd_ldap_filter: ""
# matrix_mxisd_ldap_attribute_uid_type: uid
# matrix_mxisd_ldap_attribute_uid_value: sAMAccountName
# matrix_mxisd_ldap_attribute_name: cn
# matrix_mxisd_ldap_attribute_threepid_email:
# - mail
# - otherMailAttribute
# matrix_mxisd_ldap_attribute_threepid_msisdn:
# - phone
# - otherPhoneAttribute
# matrix_mxisd_ldap_identity_filter: ""
# matrix_mxisd_ldap_identity_medium: ""
# matrix_mxisd_ldap_auth_filter: ""
# matrix_mxisd_ldap_directory_filter: ""
# Specifies which template files to use when configuring mxisd.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)

View file

@ -10,10 +10,59 @@ threepid.medium.email.connectors.smtp.host: matrix-mailer
threepid.medium.email.connectors.smtp.port: 587
threepid.medium.email.connectors.smtp.tls: 0
synapseSql.enabled: true
synapseSql.type: postgresql
synapseSql.connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
forward.servers: ['matrix-org']
{% endif %}
{% endif %}
synapseSql.enabled: {{ matrix_mxisd_synapsesql_enabled }}
synapseSql.type: {{ matrix_mxisd_synapsesql_type }}
synapseSql.connection: {{ matrix_mxisd_synapsesql_connection }}
ldap.enabled: {{ matrix_mxisd_ldap_enabled }}
ldap.connection.host: {{ matrix_mxisd_ldap_connection_host }}
ldap.connection.tls: {{ matrix_mxisd_ldap_connection_tls }}
ldap.connection.port: {{ matrix_mxisd_ldap_connection_port }}
ldap.connection.baseDn: {{ matrix_mxisd_ldap_connection_baseDn }}
ldap.connection.bindDn: {{ matrix_mxisd_ldap_connection_bindDn }}
ldap.connection.bindPassword: {{ matrix_mxisd_ldap_connection_bindPassword }}
{% if matrix_mxisd_ldap_filter is defined %}
ldap.filter: {{ matrix_mxisd_ldap_filter }}
{% endif %}
{% if matrix_mxisd_ldap_attribute_uid_type is defined %}
ldap.attribute.uid.type: {{ matrix_mxisd_ldap_attribute_uid_type }}
{% endif %}
{% if matrix_mxisd_ldap_attribute_uid_value is defined %}
ldap.attribute.uid.value: {{ matrix_mxisd_ldap_attribute_uid_value }}
{% endif %}
{% if matrix_mxisd_ldap_attribute_name is defined %}
ldap.attribute.name: {{ matrix_mxisd_ldap_attribute_name }}
{% endif %}
{% if matrix_mxisd_ldap_attribute_threepid_email is defined %}
ldap.attribute.threepid.email: {{ matrix_mxisd_ldap_attribute_threepid_email|to_yaml }}
{% endif %}
{% if matrix_mxisd_ldap_attribute_threepid_msisdn is defined %}
ldap.attribute.threepid.msisdn: {{ matrix_mxisd_ldap_attribute_threepid_msisdn|to_yaml }}
{% endif %}
{% if matrix_mxisd_ldap_identity_filter is defined %}
ldap.identity.filter: {{ matrix_mxisd_ldap_identity_filter }}
{% endif %}
{% if matrix_mxisd_ldap_identity_medium is defined %}
ldap.identity.medium: {{ matrix_mxisd_ldap_identity_medium }}
{% endif %}
{% if matrix_mxisd_ldap_auth_filter is defined %}
ldap.auth.filter: {{ matrix_mxisd_ldap_auth_filter }}
{% endif %}
{% if matrix_mxisd_ldap_directory_filter is defined %}
ldap.directory.filter: {{ matrix_mxisd_ldap_directory_filter }}
{% endif %}