diff --git a/group_vars/all b/group_vars/all index 597cc00a9efb94430c3d1ada69ffa7d30a24d633..6321239bcc5c5bc6d9b9aa9cc192744a848fd2a3 100644 --- a/group_vars/all +++ b/group_vars/all @@ -5,3 +5,6 @@ ldap_ip_ext: 10.0.20.2 # int ist noch ungenutzt / später replikation in der Zone ldap_ip_int: 10.0.20.2 + +ldap_base_dn: DC=warpzone,DC=ms +ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms \ No newline at end of file diff --git a/webserver/docker_jabber_test/tasks/main.yaml b/webserver/docker_jabber_test/tasks/main.yaml index 3df9d398270ecb3d02c96c7228faad2e20ef6468..9955ea4f8940c9297281f09ca1a8c819cbcec6dd 100644 --- a/webserver/docker_jabber_test/tasks/main.yaml +++ b/webserver/docker_jabber_test/tasks/main.yaml @@ -1,4 +1,5 @@ --- +# Create folders - name: create folder struct for jabber_test file: path: "{{ item }}" @@ -16,17 +17,33 @@ with_items: - "/srv/jabber_test/logs" - "/srv/jabber_test/data" + - "/srv/jabber_test/saslauthd" +# Get secrets +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } + +# create files - name: Docker Konfig-Datei erstellen template: src: "docker-compose.yml" dest: "/srv/jabber_test/docker-compose.yml" +- name: SASL Configs anlegen + template: + src: "{{item}}" + dest: "/srv/jabber_test/{{item}}" + with_items: + - "saslauthd.conf" + - "prosody.conf" + - name: Prosody Config anlegen template: src: "prosody.cfg.lua" dest: "/srv/jabber_test/etc/prosody.cfg.lua" +# start docker - name: start jabber-test docker docker_service: project_src: /srv/jabber_test/ diff --git a/webserver/docker_jabber_test/templates/docker-compose.yml b/webserver/docker_jabber_test/templates/docker-compose.yml index df37182cc56432fad75534939a9715c61fe86ac6..e31c1ed6b864c3849b30d8128e0b9e0e05508989 100644 --- a/webserver/docker_jabber_test/templates/docker-compose.yml +++ b/webserver/docker_jabber_test/templates/docker-compose.yml @@ -3,6 +3,14 @@ version: "3" services: + auth: + + image: dweomer/saslauthd + restart: always + volumes: + - /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro + - /srv/jabber_test/saslauthd:/var/run/saslauthd + app: image: prosody/prosody:0.10 @@ -21,3 +29,6 @@ services: - /etc/ssl/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt - /etc/ssl/key.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key - /etc/ssl/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt + # sasl2 auth mounts + - /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf + - /srv/jabber_test/saslauthd:/var/run/saslauthd diff --git a/webserver/docker_jabber_test/templates/prosody.cfg.lua b/webserver/docker_jabber_test/templates/prosody.cfg.lua index 3f0d11a2d741425560acbed77c9e466804d9f487..e53d8a921b2152677f85825567bd94f81b67a5a9 100644 --- a/webserver/docker_jabber_test/templates/prosody.cfg.lua +++ b/webserver/docker_jabber_test/templates/prosody.cfg.lua @@ -117,7 +117,10 @@ s2s_secure_auth = false -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed -- for information about using the hashed backend. -authentication = "internal_hashed" +-- authentication = "internal_hashed" + +authentication = "cyrus" +cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends @@ -148,8 +151,8 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; - info = "*console"; -- Log to the console - -- "*console"; -- Log to the console, useful for debugging with daemonize=false + -- info = "*console"; -- Log to the console + "*console"; -- Log to the console, useful for debugging with daemonize=false -- "*syslog"; -- Uncomment this for logging to syslog } diff --git a/webserver/docker_jabber_test/templates/prosody.conf b/webserver/docker_jabber_test/templates/prosody.conf new file mode 100644 index 0000000000000000000000000000000000000000..f2e18cef6e57ddb93121af0aef43b49af6bc1092 --- /dev/null +++ b/webserver/docker_jabber_test/templates/prosody.conf @@ -0,0 +1,2 @@ +pwcheck_method: saslauthd +mech_list: PLAIN \ No newline at end of file diff --git a/webserver/docker_jabber_test/templates/saslauthd.conf b/webserver/docker_jabber_test/templates/saslauthd.conf new file mode 100644 index 0000000000000000000000000000000000000000..875362abd679e4c47f2bd965b1d745a45719db08 --- /dev/null +++ b/webserver/docker_jabber_test/templates/saslauthd.conf @@ -0,0 +1,6 @@ + +ldap_servers: ldap://{{ ldap_ip_ext }} +ldap_search_base: {{ ldap_base_dn }} +ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u)) +ldap_bind_dn: {{ ldap_readonly_bind_dn }} +ldap_password: {{ ldap_readonly_pass }}