From 9f212adc1de03e5260ba4846c9d15a1e29e00ae7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 28 Nov 2018 11:19:19 +0200 Subject: [PATCH 1/2] Rename variable (matrix_synapse_ext_password_provider_ldap -> matrix_synapse_ext_password_provider_ldap_enabled) This makes it more consistent with other usage throughout the playbook. --- roles/matrix-server/defaults/main.yml | 2 +- roles/matrix-server/tasks/setup/setup_synapse_ext.yml | 2 +- ...p_synapse_ext_ldap.yml => setup_synapse_ext_ldap_auth.yml} | 4 ++-- roles/matrix-server/templates/synapse/homeserver.yaml.j2 | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) rename roles/matrix-server/tasks/setup/{setup_synapse_ext_ldap.yml => setup_synapse_ext_ldap_auth.yml} (66%) diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index f5cab0f3..a6b39532 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -153,7 +153,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://r matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" # Enable this to activate LDAP password provider -matrix_synapse_ext_password_provider_ldap: false +matrix_synapse_ext_password_provider_ldap_enabled: false matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" matrix_synapse_ext_password_provider_ldap_start_tls: true matrix_synapse_ext_password_provider_ldap_base: "" diff --git a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml index 058cbc24..e5b3067c 100644 --- a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml +++ b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml @@ -4,7 +4,7 @@ - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml -- include: tasks/setup/setup_synapse_ext_ldap.yml +- include: tasks/setup/setup_synapse_ext_ldap_auth.yml - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml diff --git a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml similarity index 66% rename from roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml rename to roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml index abe9d3bd..8c87e8e5 100644 --- a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml +++ b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml @@ -1,11 +1,11 @@ - set_fact: matrix_synapse_password_providers_enabled: true - when: "matrix_synapse_ext_password_provider_ldap" + when: "matrix_synapse_ext_password_provider_ldap_enabled" - set_fact: matrix_synapse_additional_loggers: > {{ matrix_synapse_additional_loggers }} + {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} - when: "matrix_synapse_ext_password_provider_ldap" + when: "matrix_synapse_ext_password_provider_ldap_enabled" diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 index 0840f5b3..a0e23ab6 100644 --- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 @@ -649,7 +649,7 @@ password_providers: config: sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" {% endif %} -{% if matrix_synapse_ext_password_provider_ldap %} +{% if matrix_synapse_ext_password_provider_ldap_enabled %} - module: "ldap_auth_provider.LdapAuthProvider" config: enabled: true From 3fec9dfa0e85c24d45f458c526a110f22225180a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 28 Nov 2018 11:21:03 +0200 Subject: [PATCH 2/2] Add LDAP auth password provider documentation and changelog description --- CHANGELOG.md | 9 +++++++++ README.md | 2 ++ docs/configuring-playbook-ldap-auth.md | 20 ++++++++++++++++++++ docs/configuring-playbook.md | 2 ++ 4 files changed, 33 insertions(+) create mode 100644 docs/configuring-playbook-ldap-auth.md diff --git a/CHANGELOG.md b/CHANGELOG.md index d961c651..9a3e1f16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2018-11-28 + +## LDAP auth support via matrix-synapse-ldap3 + +The playbook can now install and configure [LDAP auth support](https://github.com/matrix-org/matrix-synapse-ldap3) for you. + +Additional details are available in [Setting up the LDAP authentication password provider module](docs/configuring-playbook-ldap-auth.md). + + # 2018-11-23 ## Support for controlling public registration and room auto-join diff --git a/README.md b/README.md index 33edc2de..1539d678 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,8 @@ Using this playbook, you can get the following services configured on your serve - (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module +- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module + - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server - (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) diff --git a/docs/configuring-playbook-ldap-auth.md b/docs/configuring-playbook-ldap-auth.md new file mode 100644 index 00000000..5d63cf26 --- /dev/null +++ b/docs/configuring-playbook-ldap-auth.md @@ -0,0 +1,20 @@ +# Setting up the LDAP authentication password provider module (optional, advanced) + +The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you. + +See that project's documentation to learn what it does and why it might be useful to you. + +If you decide that you'd like to let this playbook install it for you, you need some configuration like this: + +```yaml +matrix_synapse_ext_password_provider_ldap_enabled: true +matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" +matrix_synapse_ext_password_provider_ldap_start_tls: true +matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com" +matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" +matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail" +matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" +matrix_synapse_ext_password_provider_ldap_bind_dn: "" +matrix_synapse_ext_password_provider_ldap_bind_password: "" +matrix_synapse_ext_password_provider_ldap_filter: "" +``` \ No newline at end of file diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 6659f662..b0dc0cb3 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -41,6 +41,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced) +- [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced) + - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)