From f2adf01bfb45d84b442deb83909b514906f2e79b Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <6413499+elberfeld@users.noreply.github.com>
Date: Sun, 2 Mar 2025 15:26:48 +0100
Subject: [PATCH] matrix login from ldap and sso
---
group_vars/prod | 3 ++-
group_vars/test | 1 +
testserver/docker_matrix/tasks/main.yml | 4 ++++
.../templates/docker-compose.yml | 13 ++++++++++
.../templates/synapse-data/homeserver.yaml | 15 +++++++++++-
.../templates/uffd-ldapd/Dockerfile | 24 +++++++++++++++++++
6 files changed, 58 insertions(+), 2 deletions(-)
create mode 100644 testserver/docker_matrix/templates/uffd-ldapd/Dockerfile
diff --git a/group_vars/prod b/group_vars/prod
index 187b24eb..5f443b90 100644
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -136,4 +136,5 @@ oauth_global:
oidc_global:
provider_url: https://uffd.warpzone.ms
- logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
+ logout_url: https://uffd.warpzone.ms/logout
+ ldap_base_dn: "dc=warpzone,dc=ms"
diff --git a/group_vars/test b/group_vars/test
index 3ef840ec..f731e281 100644
--- a/group_vars/test
+++ b/group_vars/test
@@ -47,6 +47,7 @@ oauth_global:
oidc_global:
provider_url: https://uffd.test-warpzone.de
logout_url: https://uffd.test-warpzone.de/logout
+ ldap_base_dn: "dc=test-warpzone,dc=de"
# Matrix Settings
matrix:
diff --git a/testserver/docker_matrix/tasks/main.yml b/testserver/docker_matrix/tasks/main.yml
index 6a7bcd15..b7aac20e 100644
--- a/testserver/docker_matrix/tasks/main.yml
+++ b/testserver/docker_matrix/tasks/main.yml
@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/shared/noreply_email_pass, length: -1 }
+ - { path: /srv/matrix/uffd_api_secret, length: 32 }
+ - { path: /srv/matrix/ldap_bind_pw, length: 32 }
- { path: /srv/matrix/matrix_macaroon_secret_key, length: 32 }
- { path: /srv/matrix/matrix_registration_shared_secret, length: 32 }
- { path: /srv/matrix/matrix_form_secret, length: 32 }
@@ -30,6 +32,7 @@
group: "999"
with_items:
- "/srv/matrix/db/"
+ - "/srv/matrix/uffd-ldapd/"
- name: Konfig-Dateien erstellen
@@ -40,6 +43,7 @@
- docker-compose.yml
- synapse-data/homeserver.log.config
- synapse-data/homeserver.yaml
+ - uffd-ldapd/Dockerfile
register: configs
diff --git a/testserver/docker_matrix/templates/docker-compose.yml b/testserver/docker_matrix/templates/docker-compose.yml
index fa57f249..9ed7e9f4 100644
--- a/testserver/docker_matrix/templates/docker-compose.yml
+++ b/testserver/docker_matrix/templates/docker-compose.yml
@@ -23,6 +23,18 @@ services:
networks:
- default
+ ldap:
+
+ build: uffd-ldapd/
+ restart: always
+ environment:
+ SERVER_API_URL: "{{ oidc_global.provider_url }}"
+ SERVER_API_USER: "matrixldap"
+ SERVER_API_SECRET: "{{ uffd_api_secret }}"
+ SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
+ SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+ networks:
+ - default
synapse:
@@ -32,6 +44,7 @@ services:
cpuset: "0"
depends_on:
- db
+ - ldap
volumes:
- /srv/matrix/synapse-data/:/data
environment:
diff --git a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
index 4b56dede..31bb416c 100644
--- a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
+++ b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
@@ -86,8 +86,9 @@ max_spider_size: 10M
enable_registration: false
password_config:
- enabled: false
+ enabled: true
+# OIDC Single Sign-On with uffd
oidc_providers:
- idp_id: "uffd"
idp_name: "warpzone SSO (uffd)"
@@ -108,6 +109,18 @@ oidc_providers:
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}"
+# Password login with uffd-ldapd
+modules:
+ - module: "ldap_auth_provider.LdapAuthProviderModule"
+ config:
+ enabled: true
+ uri: "ldap://ldap:389"
+ start_tls: false
+ base: "ou=users,{{ oidc_global.ldap_base_dn }}"
+ attributes:
+ uid: "uid"
+ mail: "mail"
+ name: "displayName"
auto_join_rooms:
- "#warpzone:{{ matrix.domain }}"
diff --git a/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile b/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile
new file mode 100644
index 00000000..c39c751f
--- /dev/null
+++ b/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile
@@ -0,0 +1,24 @@
+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies and configure custom repository
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends wget gnupg ca-certificates \
+ && wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg \
+ && echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
+USER 999
+EXPOSE 389/tcp
+
+# Set default command
+CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
+
+# Get all LDAP Entries
+# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
+
--
GitLab