From bbf892883120cd8f26afd3ddadedc44113be8c72 Mon Sep 17 00:00:00 2001 From: Thomas vO Date: Wed, 28 Nov 2018 09:04:09 +0100 Subject: [PATCH] fix template and vars for ldap auth, add setup --- roles/matrix-server/defaults/main.yml | 12 ++++++------ .../tasks/setup/setup_synapse_ext.yml | 2 ++ .../tasks/setup/setup_synapse_ext_ldap.yml | 11 +++++++++++ .../templates/synapse/homeserver.yaml.j2 | 14 ++++++-------- 4 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index a418f4f5..f5cab0f3 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -155,13 +155,13 @@ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" # Enable this to activate LDAP password provider matrix_synapse_ext_password_provider_ldap: false matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" -matrix_synapse_ext_password_provider_ldap_tls: true +matrix_synapse_ext_password_provider_ldap_start_tls: true matrix_synapse_ext_password_provider_ldap_base: "" -matrix_synapse_ext_password_provider_ldap_attr_uid: "uid" -matrix_synapse_ext_password_provider_ldap_attr_mail: "mail" -matrix_synapse_ext_password_provider_ldap_attr_name: "name" -matrix_synapse_ext_password_provider_ldap_binddn: "" -matrix_synapse_ext_password_provider_ldap_bindpwd: "" +matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" +matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail" +matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" +matrix_synapse_ext_password_provider_ldap_bind_dn: "" +matrix_synapse_ext_password_provider_ldap_bind_password: "" matrix_synapse_ext_password_provider_ldap_filter: "" diff --git a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml index d202d94e..058cbc24 100644 --- a/roles/matrix-server/tasks/setup/setup_synapse_ext.yml +++ b/roles/matrix-server/tasks/setup/setup_synapse_ext.yml @@ -4,6 +4,8 @@ - include: tasks/setup/setup_synapse_ext_shared_secret_auth.yml +- include: tasks/setup/setup_synapse_ext_ldap.yml + - include: tasks/setup/setup_synapse_ext_mautrix_telegram.yml - include: tasks/setup/setup_synapse_ext_mautrix_whatsapp.yml diff --git a/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml new file mode 100644 index 00000000..abe9d3bd --- /dev/null +++ b/roles/matrix-server/tasks/setup/setup_synapse_ext_ldap.yml @@ -0,0 +1,11 @@ +- set_fact: + matrix_synapse_password_providers_enabled: true + when: "matrix_synapse_ext_password_provider_ldap" + +- set_fact: + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} + when: "matrix_synapse_ext_password_provider_ldap" + diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 index d693b8c2..0840f5b3 100644 --- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2 @@ -654,17 +654,15 @@ password_providers: config: enabled: true uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}" - start_tls: {{ matrix_synapse_ext_password_provider_ldap_tls }} + start_tls: "{{ matrix_synapse_ext_password_provider_ldap_start_tls }}" base: "{{ matrix_synapse_ext_password_provider_ldap_base }}" attributes: - uid: "{{ matrix_synapse_ext_password_provider_ldap_attr_uid }}" - mail: "{{ matrix_synapse_ext_password_provider_ldap_attr_mail }}" - name: "{{ matrix_synapse_ext_password_provider_ldap_attr_name }}" - bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_binddn }}" - bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bindpwd }}" - {% if matrix_synapse_ext_password_provider_ldap_filter %} + uid: "{{ matrix_synapse_ext_password_provider_ldap_attributes_uid }}" + mail: "{{ matrix_synapse_ext_password_provider_ldap_attributes_mail }}" + name: "{{ matrix_synapse_ext_password_provider_ldap_attributes_name }}" + bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}" + bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}" filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}" - {% endif %} {% endif %} {% endif %}