matrix login from ldap and sso

group_vars/prod

@@ -136,4 +136,5 @@ oauth_global:
 
 oidc_global:
   provider_url: https://uffd.warpzone.ms
-  logout_url: https://uffd.warpzone.ms/logout
+  logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
+  ldap_base_dn: "dc=warpzone,dc=ms"

group_vars/test

@@ -47,6 +47,7 @@ oauth_global:
 oidc_global:
   provider_url: https://uffd.test-warpzone.de
   logout_url: https://uffd.test-warpzone.de/logout
+  ldap_base_dn: "dc=test-warpzone,dc=de"
 
 # Matrix Settings 
 matrix:

testserver/docker_matrix/tasks/main.yml

@@ -3,6 +3,8 @@
 - include_tasks: ../functions/get_secret.yml
   with_items:
    - { path: /srv/shared/noreply_email_pass, length: -1 }
+   - { path: /srv/matrix/uffd_api_secret, length: 32 }
+   - { path: /srv/matrix/ldap_bind_pw, length: 32 }
    - { path: /srv/matrix/matrix_macaroon_secret_key, length: 32 }
    - { path: /srv/matrix/matrix_registration_shared_secret, length: 32 }
    - { path: /srv/matrix/matrix_form_secret, length: 32 }
@@ -30,6 +32,7 @@
     group: "999"
   with_items:
     - "/srv/matrix/db/"
+    - "/srv/matrix/uffd-ldapd/"
 
 
 - name: Konfig-Dateien erstellen
@@ -40,6 +43,7 @@
     - docker-compose.yml
     - synapse-data/homeserver.log.config
     - synapse-data/homeserver.yaml
+    - uffd-ldapd/Dockerfile
   register: configs
 
 

testserver/docker_matrix/templates/docker-compose.yml

@@ -23,6 +23,18 @@ services:
     networks:
       - default
 
+  ldap:
+
+    build: uffd-ldapd/
+    restart: always
+    environment:
+       SERVER_API_URL: "{{ oidc_global.provider_url }}"
+       SERVER_API_USER: "matrixldap"
+       SERVER_API_SECRET: "{{ uffd_api_secret }}"
+       SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"    
+       SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+    networks:
+      - default
 
   synapse:
 
@@ -32,6 +44,7 @@ services:
     cpuset: "0"
     depends_on:
       - db
+      - ldap
     volumes:
       - /srv/matrix/synapse-data/:/data
     environment:

testserver/docker_matrix/templates/synapse-data/homeserver.yaml

@@ -86,8 +86,9 @@ max_spider_size: 10M
 enable_registration: false
 
 password_config:
-  enabled: false
+  enabled: true
 
+# OIDC Single Sign-On with uffd 
 oidc_providers:
   - idp_id: "uffd"
     idp_name: "warpzone SSO (uffd)"
@@ -108,6 +109,18 @@ oidc_providers:
         display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
         email_template: "{% raw %}{{ user.email }}{% endraw %}"
 
+# Password login with uffd-ldapd 
+modules:
+ - module: "ldap_auth_provider.LdapAuthProviderModule"
+   config:
+     enabled: true
+     uri: "ldap://ldap:389"
+     start_tls: false
+     base: "ou=users,{{ oidc_global.ldap_base_dn }}"
+     attributes:
+        uid: "uid"
+        mail: "mail"
+        name: "displayName"
 
 auto_join_rooms:
   - "#warpzone:{{ matrix.domain }}"

testserver/docker_matrix/templates/uffd-ldapd/Dockerfile

+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies and configure custom repository
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends wget gnupg ca-certificates \
+    && wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg  \
+    && echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+USER 999
+EXPOSE 389/tcp
+
+# Set default command
+CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
+
+# Get all LDAP Entries
+# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
+