This commit is contained in:
Thomas vO 2018-11-28 11:03:47 +01:00
commit bb849bd34f
8 changed files with 38 additions and 5 deletions

View file

@ -1,3 +1,12 @@
# 2018-11-28
## LDAP auth support via matrix-synapse-ldap3
The playbook can now install and configure [LDAP auth support](https://github.com/matrix-org/matrix-synapse-ldap3) for you.
Additional details are available in [Setting up the LDAP authentication password provider module](docs/configuring-playbook-ldap-auth.md).
# 2018-11-23 # 2018-11-23
## Support for controlling public registration and room auto-join ## Support for controlling public registration and room auto-join

View file

@ -30,6 +30,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module - (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module
- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module
- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
- (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) - (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)

View file

@ -0,0 +1,20 @@
# Setting up the LDAP authentication password provider module (optional, advanced)
The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you.
See that project's documentation to learn what it does and why it might be useful to you.
If you decide that you'd like to let this playbook install it for you, you need some configuration like this:
```yaml
matrix_synapse_ext_password_provider_ldap_enabled: true
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
matrix_synapse_ext_password_provider_ldap_bind_password: ""
matrix_synapse_ext_password_provider_ldap_filter: ""
```

View file

@ -41,6 +41,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced) - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)
- [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced)
- [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)
- [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional) - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)

View file

@ -153,7 +153,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://r
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
# Enable this to activate LDAP password provider # Enable this to activate LDAP password provider
matrix_synapse_ext_password_provider_ldap: false matrix_synapse_ext_password_provider_ldap_enabled: false
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_base: "" matrix_synapse_ext_password_provider_ldap_base: ""

View file

@ -4,7 +4,7 @@
- include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml
- include: tasks/setup/setup_synapse_ext_ldap.yml - include: tasks/setup/setup_synapse_ext_ldap_auth.yml
- include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml

View file

@ -1,11 +1,11 @@
- set_fact: - set_fact:
matrix_synapse_password_providers_enabled: true matrix_synapse_password_providers_enabled: true
when: "matrix_synapse_ext_password_provider_ldap" when: "matrix_synapse_ext_password_provider_ldap_enabled"
- set_fact: - set_fact:
matrix_synapse_additional_loggers: > matrix_synapse_additional_loggers: >
{{ matrix_synapse_additional_loggers }} {{ matrix_synapse_additional_loggers }}
+ +
{{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
when: "matrix_synapse_ext_password_provider_ldap" when: "matrix_synapse_ext_password_provider_ldap_enabled"

View file

@ -649,7 +649,7 @@ password_providers:
config: config:
sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}" sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
{% endif %} {% endif %}
{% if matrix_synapse_ext_password_provider_ldap %} {% if matrix_synapse_ext_password_provider_ldap_enabled %}
- module: "ldap_auth_provider.LdapAuthProvider" - module: "ldap_auth_provider.LdapAuthProvider"
config: config:
enabled: true enabled: true