add optinal ldap auth provider
This commit is contained in:
parent
8182009a14
commit
5e740b25ed
|
@ -50,6 +50,17 @@ matrix_http_bind_port: 8008
|
||||||
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
|
matrix_https_bind_ips: "{{ matrix_http_bind_ips }}"
|
||||||
matrix_https_bind_port: 8448
|
matrix_https_bind_port: 8448
|
||||||
|
|
||||||
|
matrix_ldap_auth_enabled: False
|
||||||
|
matrix_ldap_auth_server: ldaps://ldap.example.com:636
|
||||||
|
matrix_ldap_auth_use_starttls: "false"
|
||||||
|
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
|
||||||
|
matrix_ldap_auth_uid_attr: "uid"
|
||||||
|
matrix_ldap_auth_mail_attr: "email"
|
||||||
|
matrix_ldap_auth_name_attr: "cn"
|
||||||
|
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
|
||||||
|
# matrix_ldap_auth_bind_password: # defaults to not set
|
||||||
|
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
|
||||||
|
|
||||||
matrix_postgres_enabled: False
|
matrix_postgres_enabled: False
|
||||||
matrix_postgres_ssl_mode: disable
|
matrix_postgres_ssl_mode: disable
|
||||||
matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
|
matrix_postgres_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
|
||||||
|
|
|
@ -33,6 +33,13 @@
|
||||||
virtualenv: "{{ matrix_base_dir }}/env"
|
virtualenv: "{{ matrix_base_dir }}/env"
|
||||||
virtualenv_command: /usr/bin/python3 -m venv
|
virtualenv_command: /usr/bin/python3 -m venv
|
||||||
|
|
||||||
|
- name: Install ldap3 auth provider
|
||||||
|
pip:
|
||||||
|
name: "matrix-synapse-ldap3"
|
||||||
|
virtualenv: "{{ matrix_base_dir }}/env"
|
||||||
|
virtualenv_command: /usr/bin/python3 -m venv
|
||||||
|
when: matrix_ldap_auth_enabled
|
||||||
|
|
||||||
- name: Create signing key
|
- name: Create signing key
|
||||||
shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_base_url | urlsplit('hostname') }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\""
|
shell: "{{ matrix_base_dir }}/env/bin/python -c \"from signedjson import key; file = open('{{ matrix_conf_dir }}/{{ matrix_base_url | urlsplit('hostname') }}.signing.key','w'); key.write_signing_keys(file, [key.generate_signing_key('first')]); file.close()\""
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -686,7 +686,28 @@ password_config:
|
||||||
# #bind_password:
|
# #bind_password:
|
||||||
# #filter: "(objectClass=posixAccount)"
|
# #filter: "(objectClass=posixAccount)"
|
||||||
|
|
||||||
|
{% if matrix_ldap_auth_enabled %}
|
||||||
|
password_providers:
|
||||||
|
- module: "ldap_auth_provider.LdapAuthProvider"
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
uri: "{{ matrix_ldap_auth_server }}"
|
||||||
|
start_tls: "{{ matrix_ldap_auth_use_starttls }}"
|
||||||
|
base: "{{ matrix_ldap_auth_basedn }}"
|
||||||
|
attributes:
|
||||||
|
uid: "{{ matrix_ldap_auth_uid_attr }}"
|
||||||
|
mail: "{{ matrix_ldap_auth_mail_attr }}"
|
||||||
|
name: "{{ matrix_ldap_auth_name_attr }}"
|
||||||
|
{% if matrix_ldap_auth_binddn is defined %}
|
||||||
|
bind_dn: "{{ matrix_ldap_auth_binddn }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ldap_auth_bind_password is defined %}
|
||||||
|
bind_password: "{{ matrix_ldap_auth_bind_password }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ldap_auth_filter is defined %}
|
||||||
|
filter: "{{ matrix_ldap_auth_filter }}"
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Clients requesting push notifications can either have the body of
|
# Clients requesting push notifications can either have the body of
|
||||||
# the message sent in the notification poke along with other details
|
# the message sent in the notification poke along with other details
|
||||||
|
|
|
@ -20,6 +20,7 @@ handlers:
|
||||||
backupCount: 10
|
backupCount: 10
|
||||||
filters: [context]
|
filters: [context]
|
||||||
encoding: utf8
|
encoding: utf8
|
||||||
|
level: DEBUG
|
||||||
console:
|
console:
|
||||||
class: logging.StreamHandler
|
class: logging.StreamHandler
|
||||||
formatter: precise
|
formatter: precise
|
||||||
|
@ -34,6 +35,14 @@ loggers:
|
||||||
# information such as access tokens.
|
# information such as access tokens.
|
||||||
level: INFO
|
level: INFO
|
||||||
|
|
||||||
|
{% if matrix_ldap_auth_enabled %}
|
||||||
|
ldap3:
|
||||||
|
level: DEBUG
|
||||||
|
|
||||||
|
ldap_auth_provider:
|
||||||
|
level: DEBUG
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
root:
|
root:
|
||||||
level: INFO
|
level: INFO
|
||||||
handlers: [file, console]
|
handlers: [file, console]
|
||||||
|
|
Loading…
Reference in New Issue
Block a user