Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0. Discussed in #145 (Github Pull Request).
This commit is contained in:
parent
2b3865ceea
commit
da6edc9cba
|
@ -18,3 +18,12 @@ matrix_synapse_ext_password_provider_ldap_bind_dn: ""
|
||||||
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
matrix_synapse_ext_password_provider_ldap_bind_password: ""
|
||||||
matrix_synapse_ext_password_provider_ldap_filter: ""
|
matrix_synapse_ext_password_provider_ldap_filter: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Authenticating only using a password provider
|
||||||
|
|
||||||
|
If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_password_config_localdb_enabled: false
|
||||||
|
```
|
||||||
|
|
|
@ -13,3 +13,12 @@ matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: f
|
||||||
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
||||||
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Authenticating only using a password provider
|
||||||
|
|
||||||
|
If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_password_config_localdb_enabled: false
|
||||||
|
```
|
||||||
|
|
|
@ -10,3 +10,12 @@ If you decide that you'd like to let this playbook install it for you, you need
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Authenticating only using a password provider
|
||||||
|
|
||||||
|
If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_password_config_localdb_enabled: false
|
||||||
|
```
|
||||||
|
|
|
@ -147,6 +147,11 @@ matrix_synapse_autocreate_auto_join_rooms: true
|
||||||
# Controls password-peppering for Synapse. Not to be changed after initial setup.
|
# Controls password-peppering for Synapse. Not to be changed after initial setup.
|
||||||
matrix_synapse_password_config_pepper: ""
|
matrix_synapse_password_config_pepper: ""
|
||||||
|
|
||||||
|
# Controls if Synapse allows people to authenticate against its local database.
|
||||||
|
# It may be useful to disable this if you've configured additional password providers
|
||||||
|
# and only wish authentication to happen through them.
|
||||||
|
matrix_synapse_password_config_localdb_enabled: false
|
||||||
|
|
||||||
# Controls the number of events that Synapse caches in memory.
|
# Controls the number of events that Synapse caches in memory.
|
||||||
matrix_synapse_event_cache_size: "100K"
|
matrix_synapse_event_cache_size: "100K"
|
||||||
|
|
||||||
|
|
|
@ -1099,7 +1099,7 @@ password_config:
|
||||||
# database. This is ignored if `enabled` is false, and is only useful
|
# database. This is ignored if `enabled` is false, and is only useful
|
||||||
# if you have other password_providers.
|
# if you have other password_providers.
|
||||||
#
|
#
|
||||||
#localdb_enabled: false
|
localdb_enabled: {{ matrix_synapse_password_config_localdb_enabled|to_json }}
|
||||||
|
|
||||||
# Uncomment and change to a secret random string for extra security.
|
# Uncomment and change to a secret random string for extra security.
|
||||||
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
|
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
|
||||||
|
|
Loading…
Reference in a new issue