From ee088d5d46c76f732eef6592116ad4c844ba8203 Mon Sep 17 00:00:00 2001 From: Ahmad Haghighi Date: Tue, 25 May 2021 13:14:28 +0430 Subject: [PATCH 1/2] Synapse LDAP auth: add support for Active Directory Signed-off-by: Ahmad Haghighi --- roles/matrix-synapse/defaults/main.yml | 2 ++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d966665f..89f0320a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -497,6 +497,8 @@ matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" matrix_synapse_ext_password_provider_ldap_bind_dn: "" matrix_synapse_ext_password_provider_ldap_bind_password: "" matrix_synapse_ext_password_provider_ldap_filter: "" +matrix_synapse_ext_password_provider_ldap_is_active_directory: false +matrix_synapse_ext_password_provider_ldap_default_domain: "" # Enable this to activate the Synapse Antispam spam-checker module. # See: https://github.com/t2bot/synapse-simple-antispam diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 22f5f1ea..66730d36 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2596,6 +2596,12 @@ password_providers: uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }} start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }} + {% if matrix_synapse_ext_password_provider_ldap_is_active_directory %} + active_directory: true + {% endif %} + {% if matrix_synapse_ext_password_provider_ldap_default_domain != '' %} + default_domain: {{ matrix_synapse_ext_password_provider_ldap_default_domain|string|to_json }} + {% endif %} attributes: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }} From 209d59070e7ba6147c34242515418554028e787a Mon Sep 17 00:00:00 2001 From: Ahmad Haghighi Date: Tue, 25 May 2021 15:41:38 +0430 Subject: [PATCH 2/2] Avoiding if(s), fix #1083 Conversation: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1083#discussion_r638671860 Signed-off-by: Ahmad Haghighi --- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 89f0320a..e112df5c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -497,7 +497,7 @@ matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" matrix_synapse_ext_password_provider_ldap_bind_dn: "" matrix_synapse_ext_password_provider_ldap_bind_password: "" matrix_synapse_ext_password_provider_ldap_filter: "" -matrix_synapse_ext_password_provider_ldap_is_active_directory: false +matrix_synapse_ext_password_provider_ldap_active_directory: false matrix_synapse_ext_password_provider_ldap_default_domain: "" # Enable this to activate the Synapse Antispam spam-checker module. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 66730d36..aa07ae5b 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2596,12 +2596,8 @@ password_providers: uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }} start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }} - {% if matrix_synapse_ext_password_provider_ldap_is_active_directory %} - active_directory: true - {% endif %} - {% if matrix_synapse_ext_password_provider_ldap_default_domain != '' %} + active_directory: {{ matrix_synapse_ext_password_provider_ldap_active_directory|to_json }} default_domain: {{ matrix_synapse_ext_password_provider_ldap_default_domain|string|to_json }} - {% endif %} attributes: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }}