experimentelle jabber anbindung des test-jabbers

group_vars/all

@@ -5,3 +5,6 @@
 ldap_ip_ext: 10.0.20.2
 # int ist noch ungenutzt / später replikation in der Zone
 ldap_ip_int: 10.0.20.2
+
+ldap_base_dn: DC=warpzone,DC=ms
+ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms
\ No newline at end of file

webserver/docker_jabber_test/tasks/main.yaml

 ---
+# Create folders 
 - name: create folder struct for jabber_test
   file:
     path: "{{ item }}"
@@ -16,17 +17,33 @@
   with_items:
     - "/srv/jabber_test/logs"
     - "/srv/jabber_test/data"
+    - "/srv/jabber_test/saslauthd"
 
+# Get secrets 
+- include: ../functions/get_secret.yml
+  with_items:
+    - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 }
+
+# create files 
 - name: Docker Konfig-Datei erstellen
   template:
     src: "docker-compose.yml"
     dest: "/srv/jabber_test/docker-compose.yml"
 
+- name: SASL Configs anlegen
+  template:
+    src: "{{item}}"
+    dest: "/srv/jabber_test/{{item}}"
+  with_items:
+    - "saslauthd.conf"
+    - "prosody.conf"
+
 - name: Prosody Config anlegen
   template:
     src: "prosody.cfg.lua"
     dest: "/srv/jabber_test/etc/prosody.cfg.lua"
 
+# start docker 
 - name: start jabber-test docker
   docker_service:
     project_src: /srv/jabber_test/

webserver/docker_jabber_test/templates/docker-compose.yml

@@ -3,6 +3,14 @@ version: "3"
 
 services:
 
+  auth:
+
+    image: dweomer/saslauthd
+    restart: always
+    volumes:
+      - /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro
+      - /srv/jabber_test/saslauthd:/var/run/saslauthd
+
   app:
 
     image: prosody/prosody:0.10
@@ -21,3 +29,6 @@ services:
       - /etc/ssl/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt
       - /etc/ssl/key.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key
       - /etc/ssl/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt
+      # sasl2 auth mounts 
+      - /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf
+      - /srv/jabber_test/saslauthd:/var/run/saslauthd

webserver/docker_jabber_test/templates/prosody.cfg.lua

@@ -117,7 +117,10 @@ s2s_secure_auth = false
 -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
 -- for information about using the hashed backend.
 
-authentication = "internal_hashed"
+-- authentication = "internal_hashed"
+
+authentication = "cyrus" 
+cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp"
 
 -- Select the storage backend to use. By default Prosody uses flat files
 -- in its configured data directory, but it also supports more backends
@@ -148,8 +151,8 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week
 log = {
 	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
 	error = "/var/log/prosody/prosody.err";
-	info = "*console"; -- Log to the console
-	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
+	-- info = "*console"; -- Log to the console
+	"*console"; -- Log to the console, useful for debugging with daemonize=false
 	-- "*syslog"; -- Uncomment this for logging to syslog
 }
 

webserver/docker_jabber_test/templates/prosody.conf

+pwcheck_method: saslauthd
+mech_list: PLAIN
\ No newline at end of file

webserver/docker_jabber_test/templates/saslauthd.conf

+
+ldap_servers: ldap://{{ ldap_ip_ext }}
+ldap_search_base: {{ ldap_base_dn }}
+ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u))
+ldap_bind_dn: {{ ldap_readonly_bind_dn }}
+ldap_password: {{ ldap_readonly_pass }}