- Move the recommendation to avoid installing ma1sd from configuring-playbook-ldap-auth.md to configuring-playbook-rest-auth.md It has been long since recommending to install ma1sd was stopped, and the warning message is placed on the documentation about installing ma1sd as well, so it does not really seem to be sensible to advertise the component by repeating the warning… The message can rather be reused on the latter, as it is expected to be implemented with a backend such as ma1sd (see: matrix_synapse_ext_password_provider_rest_auth_endpoint on the file) - Add instruction to install the component to configuring-playbook-ldap-auth.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
		
			
				
	
	
	
		
			2.9 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	Setting up the LDAP authentication password provider module (optional, advanced)
The playbook can install and configure the matrix-synapse-ldap3 LDAP Auth password provider for you.
See the project's documentation to learn what it does and why it might be useful to you.
Adjusting the playbook configuration
Add the following configuration to your inventory/host_vars/matrix.example.com/vars.yml file (adapt to your needs):
matrix_synapse_ext_password_provider_ldap_enabled: true
matrix_synapse_ext_password_provider_ldap_uri:
  - "ldap://ldap-01.example.com:389"
  - "ldap://ldap-02.example.com:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
matrix_synapse_ext_password_provider_ldap_attributes_name: "cn"
matrix_synapse_ext_password_provider_ldap_bind_dn: ""
matrix_synapse_ext_password_provider_ldap_bind_password: ""
matrix_synapse_ext_password_provider_ldap_filter: ""
Authenticating only using a password provider
If you wish for users to authenticate only against configured password providers (like this one), without consulting Synapse's local database, you can disable it by adding the following configuration to your vars.yml file:
matrix_synapse_password_config_localdb_enabled: false
Installing
After configuring the playbook, run it with playbook tags as below:
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
The shortcut commands with the just program are also available: just install-all or just setup-all
just install-all is useful for maintaining your setup quickly (2x-5x faster than just setup-all) when its components remain unchanged. If you adjust your vars.yml to remove other components, you'd need to run just setup-all, or these components will still remain installed. Note these shortcuts run the ensure-matrix-users-created tag too.
Usage
Handling user registration
If you wish for users to also be able to make new registrations against LDAP, you may also wish to set up the ldap-registration-proxy.