From 9d6614e80f38eb4307df48f4ebe4e59dc65c4c91 Mon Sep 17 00:00:00 2001
From: Chris van Dijk <c.vandijk@cosine.nl>
Date: Wed, 29 Apr 2020 17:57:38 +0200
Subject: [PATCH] Add support for Jitsi LDAP authentication

---
 roles/matrix-jitsi/defaults/main.yml        | 22 +++++++++++++++++++++
 roles/matrix-jitsi/templates/prosody/env.j2 | 16 ++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml
index 1e5596b3..fc428b96 100644
--- a/roles/matrix-jitsi/defaults/main.yml
+++ b/roles/matrix-jitsi/defaults/main.yml
@@ -7,6 +7,28 @@ matrix_jitsi_enable_guests: false
 matrix_jitsi_enable_recording: true
 matrix_jitsi_enable_transcriptions: true
 
+# Authentication type, must be one of internal, jwt or ldap. Currently only
+# internal and ldap are supported by this playbook.
+matrix_jitsi_auth_type: internal
+
+# Configuration options for LDAP authentication. For details see upstream:
+#   https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
+# Defaults are taken from:
+#   https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf
+matrix_jitsi_ldap_url: ""
+matrix_jitsi_ldap_base: ""
+matrix_jitsi_ldap_binddn: ""
+matrix_jitsi_ldap_bindpw: ""
+matrix_jitsi_ldap_filter: "uid=%u"
+matrix_jitsi_ldap_auth_method: "bind"
+matrix_jitsi_ldap_version: "3"
+matrix_jitsi_ldap_use_tls: false
+matrix_jitsi_ldap_tls_ciphers: ""
+matrix_jitsi_ldap_tls_check_peer: false
+matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
+matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
+matrix_jitsi_ldap_start_tls: false
+
 matrix_jitsi_timezone: UTC
 
 matrix_jitsi_xmpp_domain: matrix-jitsi-web
diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2
index caa79213..e4479b73 100644
--- a/roles/matrix-jitsi/templates/prosody/env.j2
+++ b/roles/matrix-jitsi/templates/prosody/env.j2
@@ -1,8 +1,22 @@
-AUTH_TYPE=internal
+AUTH_TYPE={{ matrix_jitsi_auth_type }}
 
 ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
 
+LDAP_URL={{ matrix_jitsi_ldap_url }}
+LDAP_BASE={{ matrix_jitsi_ldap_base }}
+LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
+LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }}
+LDAP_FILTER={{ matrix_jitsi_ldap_filter }}
+LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
+LDAP_VERSION={{ matrix_jitsi_ldap_version }}
+LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
+LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }}
+LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
+LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
+LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
+LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
+
 XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
 XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
 XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}