Merge pull request #44 from tvo6/ldap-auth

Add LDAP auth support
2025-10-31 07:17:57 +01:00 · 2018-11-28 09:53:23 +01:00
parent 18e1dda4c8 bbf8928831
commit cee31a8ab5
4 changed files with 41 additions and 1 deletions
--- a/roles/matrix-server/defaults/main.yml
+++ b/roles/matrix-server/defaults/main.yml
@@ -152,6 +152,18 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
 matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0/shared_secret_authenticator.py"
 matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""

+# Enable this to activate LDAP password provider
+matrix_synapse_ext_password_provider_ldap: false
+matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
+matrix_synapse_ext_password_provider_ldap_start_tls: true
+matrix_synapse_ext_password_provider_ldap_base: ""
+matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
+matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
+matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
+matrix_synapse_ext_password_provider_ldap_bind_dn: ""
+matrix_synapse_ext_password_provider_ldap_bind_password: ""
+matrix_synapse_ext_password_provider_ldap_filter: ""
+

 # The defaults below cause a postgres server to be configured (running within a container).
 # Using an external server is possible by tweaking all of the parameters below.
--- a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml
@@ -4,6 +4,8 @@

 - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml

+- include: tasks/setup/setup_synapse_ext_ldap.yml
+
 - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml

 - include: tasks/setup/setup_synapse_ext_mautrix_whatsapp.yml
--- a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml
+++ b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml
@@ -0,0 +1,11 @@
+- set_fact:
+    matrix_synapse_password_providers_enabled: true
+  when: "matrix_synapse_ext_password_provider_ldap"
+
+- set_fact:
+    matrix_synapse_additional_loggers: >
+      {{ matrix_synapse_additional_loggers }}
+      +
+      {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
+  when: "matrix_synapse_ext_password_provider_ldap"
+
--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@@ -649,6 +649,21 @@ password_providers:
    config:
      sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
 {% endif %}
+{% if matrix_synapse_ext_password_provider_ldap %}
+  - module: "ldap_auth_provider.LdapAuthProvider"
+    config:
+      enabled: true
+      uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}"
+      start_tls: "{{ matrix_synapse_ext_password_provider_ldap_start_tls }}"
+      base: "{{ matrix_synapse_ext_password_provider_ldap_base }}"
+      attributes:
+        uid: "{{ matrix_synapse_ext_password_provider_ldap_attributes_uid }}"
+        mail: "{{ matrix_synapse_ext_password_provider_ldap_attributes_mail }}"
+        name: "{{ matrix_synapse_ext_password_provider_ldap_attributes_name }}"
+      bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}"
+      bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}"
+      filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}"
+{% endif %}
 {% endif %}


@@ -779,4 +794,4 @@ enable_group_creation: false
 alias_creation_rules:
    - user_id: "*"
      alias: "*"
-      action: allow
+      action: allow