Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into new-cmds

2025-11-04 09:08:56 +01:00 · 2018-11-28 11:03:47 +01:00
parent caba16ea0d 3fec9dfa0e
commit bb849bd34f
8 changed files with 38 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+# 2018-11-28
+
+## LDAP auth support via matrix-synapse-ldap3
+
+The playbook can now install and configure [LDAP auth support](https://github.com/matrix-org/matrix-synapse-ldap3) for you.
+
+Additional details are available in [Setting up the LDAP authentication password provider module](docs/configuring-playbook-ldap-auth.md).
+
+
 # 2018-11-23

 ## Support for controlling public registration and room auto-join
--- a/README.md
+++ b/README.md
@@ -30,6 +30,8 @@ Using this playbook, you can get the following services configured on your serve

 - (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module

+- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module
+
 - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server

 - (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
--- a/docs/configuring-playbook-ldap-auth.md
+++ b/docs/configuring-playbook-ldap-auth.md
@@ -0,0 +1,20 @@
+# Setting up the LDAP authentication password provider module (optional, advanced)
+
+The playbook can install and configure the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider for you.
+
+See that project's documentation to learn what it does and why it might be useful to you.
+
+If you decide that you'd like to let this playbook install it for you, you need some configuration like this:
+
+```yaml
+matrix_synapse_ext_password_provider_ldap_enabled: true
+matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
+matrix_synapse_ext_password_provider_ldap_start_tls: true
+matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
+matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
+matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
+matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
+matrix_synapse_ext_password_provider_ldap_bind_dn: ""
+matrix_synapse_ext_password_provider_ldap_bind_password: ""
+matrix_synapse_ext_password_provider_ldap_filter: ""
+```
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -41,6 +41,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins

 - [Setting up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md) (optional, advanced)

+- [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced)
+
 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced)

 - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)
--- a/roles/matrix-server/defaults/main.yml
+++ b/roles/matrix-server/defaults/main.yml
@@ -153,7 +153,7 @@ matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://r
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

 # Enable this to activate LDAP password provider
-matrix_synapse_ext_password_provider_ldap: false
+matrix_synapse_ext_password_provider_ldap_enabled: false
 matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
 matrix_synapse_ext_password_provider_ldap_start_tls: true
 matrix_synapse_ext_password_provider_ldap_base: ""
--- a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
@@ -4,7 +4,7 @@

 - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml

- include: tasks/setup/setup_synapse_ext_ldap.yml
+- include: tasks/setup/setup_synapse_ext_ldap_auth.yml

 - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml

--- a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap_auth.yml
@@ -1,11 +1,11 @@
 - set_fact:
    matrix_synapse_password_providers_enabled: true
-  when: "matrix_synapse_ext_password_provider_ldap"
+  when: "matrix_synapse_ext_password_provider_ldap_enabled"

 - set_fact:
    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
-  when: "matrix_synapse_ext_password_provider_ldap"
+  when: "matrix_synapse_ext_password_provider_ldap_enabled"

--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@@ -649,7 +649,7 @@ password_providers:
    config:
      sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 {% endif %}
-{% if matrix_synapse_ext_password_provider_ldap %}
+{% if matrix_synapse_ext_password_provider_ldap_enabled %}
  - module: "ldap_auth_provider.LdapAuthProvider"
    config:
      enabled: true