diff --git a/group_vars/prod b/group_vars/prod
index 187b24ebc46f3be19e6f3620ed1d4c3071a2ed93..5f443b90283f27b0cae5425325762351b140f089 100644
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -136,4 +136,5 @@ oauth_global:
oidc_global:
provider_url: https://uffd.warpzone.ms
- logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
+ logout_url: https://uffd.warpzone.ms/logout
+ ldap_base_dn: "dc=warpzone,dc=ms"
diff --git a/group_vars/test b/group_vars/test
index 87d7ce1ebd3e1bba417306a27298720b95c1a348..f731e281e3ab0c90f71014279aec7ec32d68ebcd 100644
--- a/group_vars/test
+++ b/group_vars/test
@@ -47,10 +47,11 @@ oauth_global:
oidc_global:
provider_url: https://uffd.test-warpzone.de
logout_url: https://uffd.test-warpzone.de/logout
+ ldap_base_dn: "dc=test-warpzone,dc=de"
# Matrix Settings
matrix:
- domain: matrix.warpzone.ms
- public_url: https://matrix.warpzone.ms
- identity_server: https://matrix.warpzone.ms
- notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.warpzone.ms"
\ No newline at end of file
+ domain: matrix.test-warpzone.de
+ public_url: https://matrix.test-warpzone.de
+ identity_server: https://matrix.test-warpzone.de
+ notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.test-warpzone.de"
diff --git a/host_vars/test-warpzone-de b/host_vars/test-warpzone-de
index fb06a73293e96523ef1765a003d5de12f347d1d1..01ca519c5bde89064df4be16274f9be90ca70bbb 100644
--- a/host_vars/test-warpzone-de
+++ b/host_vars/test-warpzone-de
@@ -58,6 +58,7 @@ administratorenteam:
- "void"
- "sandhome"
- "jabertwo"
+ - "supervirus"
# Docker konfigurationen
docker:
diff --git a/keyfiles/supervirus.pub b/keyfiles/supervirus.pub
new file mode 100644
index 0000000000000000000000000000000000000000..4e4b22f1630a316f60ea2f36f20bde6f085f9cec
--- /dev/null
+++ b/keyfiles/supervirus.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6+Ex8TM4gP+Nph5Cy5zK6z2mceI9i7vsh0ec4oTfDC htk@ridcully
\ No newline at end of file
diff --git a/testserver/docker_matrix/tasks/main.yml b/testserver/docker_matrix/tasks/main.yml
index 6a7bcd15c08928f6612eb9cbbd7b71dd5c684d3f..b7aac20eb539c5bf1a4f1db63e19df348278b3ff 100644
--- a/testserver/docker_matrix/tasks/main.yml
+++ b/testserver/docker_matrix/tasks/main.yml
@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/shared/noreply_email_pass, length: -1 }
+ - { path: /srv/matrix/uffd_api_secret, length: 32 }
+ - { path: /srv/matrix/ldap_bind_pw, length: 32 }
- { path: /srv/matrix/matrix_macaroon_secret_key, length: 32 }
- { path: /srv/matrix/matrix_registration_shared_secret, length: 32 }
- { path: /srv/matrix/matrix_form_secret, length: 32 }
@@ -30,6 +32,7 @@
group: "999"
with_items:
- "/srv/matrix/db/"
+ - "/srv/matrix/uffd-ldapd/"
- name: Konfig-Dateien erstellen
@@ -40,6 +43,7 @@
- docker-compose.yml
- synapse-data/homeserver.log.config
- synapse-data/homeserver.yaml
+ - uffd-ldapd/Dockerfile
register: configs
diff --git a/testserver/docker_matrix/templates/docker-compose.yml b/testserver/docker_matrix/templates/docker-compose.yml
index fa57f24902160d1054e901f304430cc9a21090e5..9ed7e9f4d13074d030c89157986ca8d28c35f1eb 100644
--- a/testserver/docker_matrix/templates/docker-compose.yml
+++ b/testserver/docker_matrix/templates/docker-compose.yml
@@ -23,6 +23,18 @@ services:
networks:
- default
+ ldap:
+
+ build: uffd-ldapd/
+ restart: always
+ environment:
+ SERVER_API_URL: "{{ oidc_global.provider_url }}"
+ SERVER_API_USER: "matrixldap"
+ SERVER_API_SECRET: "{{ uffd_api_secret }}"
+ SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
+ SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+ networks:
+ - default
synapse:
@@ -32,6 +44,7 @@ services:
cpuset: "0"
depends_on:
- db
+ - ldap
volumes:
- /srv/matrix/synapse-data/:/data
environment:
diff --git a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
index dfe3b835e821eacf72696adbc52d06cb4d116a70..31bb416c5676caf19b915e4c3f021ffde03d5130 100644
--- a/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
+++ b/testserver/docker_matrix/templates/synapse-data/homeserver.yaml
@@ -86,29 +86,41 @@ max_spider_size: 10M
enable_registration: false
password_config:
- enabled: false
+ enabled: true
+# OIDC Single Sign-On with uffd
oidc_providers:
- - idp_id: uffd
- idp_name: uffd
+ - idp_id: "uffd"
+ idp_name: "warpzone SSO (uffd)"
discover: true
enable_registration: true
allow_existing_users: true
+ user_profile_method: "userinfo_endpoint"
issuer: "{{ oidc_global.provider_url }}"
- client_id: "matrix" # TO BE FILLED
- client_secret: "{{ matrix_oidc_secret }}" # TO BE FILLED
+ client_id: "matrix"
+ client_secret: "{{ matrix_oidc_secret }}"
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
- subject_claim: "preferred_username"
- subject_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}"
+# Password login with uffd-ldapd
+modules:
+ - module: "ldap_auth_provider.LdapAuthProviderModule"
+ config:
+ enabled: true
+ uri: "ldap://ldap:389"
+ start_tls: false
+ base: "ou=users,{{ oidc_global.ldap_base_dn }}"
+ attributes:
+ uid: "uid"
+ mail: "mail"
+ name: "displayName"
auto_join_rooms:
- "#warpzone:{{ matrix.domain }}"
diff --git a/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile b/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c39c751ffa4e4807603d41a10ecba8da78910292
--- /dev/null
+++ b/testserver/docker_matrix/templates/uffd-ldapd/Dockerfile
@@ -0,0 +1,24 @@
+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies and configure custom repository
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends wget gnupg ca-certificates \
+ && wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg \
+ && echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
+USER 999
+EXPOSE 389/tcp
+
+# Set default command
+CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
+
+# Get all LDAP Entries
+# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
+
diff --git a/webserver/docker_vpnserver/templates/docker-compose.yml b/webserver/docker_vpnserver/templates/docker-compose.yml
index 21de9d125c829c71b59e95f5622b0c04c3993680..c27a8ec263c5b35d13247271394e00636e4a75f9 100644
--- a/webserver/docker_vpnserver/templates/docker-compose.yml
+++ b/webserver/docker_vpnserver/templates/docker-compose.yml
@@ -23,7 +23,7 @@ services:
- "WG_VPN_CIDRV6=0" # to disable IPv6
- "WG_EXTERNAL_HOST={{ domain }}"
- "WG_DNS_ENABLED=true"
- - "WG_DNS_UPSTREAM=10.0.0.1"
+ - "WG_DNS_UPSTREAM=192.168.0.201"
- "WG_LOG_LEVEL=info"
labels:
- traefik.enable=true