add optinal ldap auth provider
This commit is contained in:
parent
8182009a14
commit
5e740b25ed
|
@ -50,6 +50,17 @@ matrix_http_bind_port: 8008
|
|||
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
|
||||
matrix_https_bind_port: 8448
|
||||
|
||||
matrix_ldap_auth_enabled: False
|
||||
matrix_ldap_auth_server: ldaps://ldap.example.com:636
|
||||
matrix_ldap_auth_use_starttls: "false"
|
||||
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
|
||||
matrix_ldap_auth_uid_attr: "uid"
|
||||
matrix_ldap_auth_mail_attr: "email"
|
||||
matrix_ldap_auth_name_attr: "cn"
|
||||
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
|
||||
# matrix_ldap_auth_bind_password: # defaults to not set
|
||||
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
|
||||
|
||||
matrix_postgres_enabled: False
|
||||
matrix_postgres_ssl_mode: disable
|
||||
matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
|
||||
|
|
|
@ -33,6 +33,13 @@
|
|||
virtualenv: "{{ matrix_base_dir }}/env"
|
||||
virtualenv_command: /usr/bin/python3 -m venv
|
||||
|
||||
- name: Install ldap3 auth provider
|
||||
pip:
|
||||
name: "matrix-synapse-ldap3"
|
||||
virtualenv: "{{ matrix_base_dir }}/env"
|
||||
virtualenv_command: /usr/bin/python3 -m venv
|
||||
when: matrix_ldap_auth_enabled
|
||||
|
||||
- name: Create signing key
|
||||
shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_base_url | urlsplit('hostname') }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\""
|
||||
args:
|
||||
|
|
|
@ -686,7 +686,28 @@ password_config:
|
|||
# #bind_password:
|
||||
# #filter: "(objectClass=posixAccount)"
|
||||
|
||||
|
||||
{% if matrix_ldap_auth_enabled %}
|
||||
password_providers:
|
||||
- module: "ldap_auth_provider.LdapAuthProvider"
|
||||
config:
|
||||
enabled: true
|
||||
uri: "{{ matrix_ldap_auth_server }}"
|
||||
start_tls: "{{ matrix_ldap_auth_use_starttls }}"
|
||||
base: "{{ matrix_ldap_auth_basedn }}"
|
||||
attributes:
|
||||
uid: "{{ matrix_ldap_auth_uid_attr }}"
|
||||
mail: "{{ matrix_ldap_auth_mail_attr }}"
|
||||
name: "{{ matrix_ldap_auth_name_attr }}"
|
||||
{% if matrix_ldap_auth_binddn is defined %}
|
||||
bind_dn: "{{ matrix_ldap_auth_binddn }}"
|
||||
{% endif %}
|
||||
{% if matrix_ldap_auth_bind_password is defined %}
|
||||
bind_password: "{{ matrix_ldap_auth_bind_password }}"
|
||||
{% endif %}
|
||||
{% if matrix_ldap_auth_filter is defined %}
|
||||
filter: "{{ matrix_ldap_auth_filter }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
# Clients requesting push notifications can either have the body of
|
||||
# the message sent in the notification poke along with other details
|
||||
|
|
|
@ -20,6 +20,7 @@ handlers:
|
|||
backupCount: 10
|
||||
filters: [context]
|
||||
encoding: utf8
|
||||
level: DEBUG
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
|
@ -34,6 +35,14 @@ loggers:
|
|||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
{% if matrix_ldap_auth_enabled %}
|
||||
ldap3:
|
||||
level: DEBUG
|
||||
|
||||
ldap_auth_provider:
|
||||
level: DEBUG
|
||||
{% endif %}
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
handlers: [file, console]
|
||||
|
|
Loading…
Reference in New Issue