mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
prosody: Move from IMAP to LDAP for authentication
Users in the `prosody_user` and `prosody_admin` groups will be granted access to Prosody (as regular users and administrators, respectively), making this a more flexible solution compared to IMAP.
This commit is contained in:
parent
4740570100
commit
491bed37a8
@ -13,7 +13,7 @@ RUN echo "deb https://packages.prosody.im/debian bullseye main" > /etc/apt/sourc
|
|||||||
echo "deb-src https://packages.prosody.im/debian bullseye main" >> /etc/apt/sources.list.d/prosody.list && \
|
echo "deb-src https://packages.prosody.im/debian bullseye main" >> /etc/apt/sources.list.d/prosody.list && \
|
||||||
curl -o - https://prosody.im/files/prosody-debian-packages.key | apt-key add - && \
|
curl -o - https://prosody.im/files/prosody-debian-packages.key | apt-key add - && \
|
||||||
apt-get update -y && apt-get install -y --no-install-recommends \
|
apt-get update -y && apt-get install -y --no-install-recommends \
|
||||||
lua5.2 lua-dbi-sqlite3 lua-zlib lua-sec lua-luaossl lua-bitop lua-unbound prosody=${VERSION}*
|
lua5.2 lua-dbi-sqlite3 lua-zlib lua-sec lua-luaossl lua-bitop lua-unbound lua-ldap prosody=${VERSION}*
|
||||||
|
|
||||||
RUN mkdir -p /usr/lib/prosody/community-modules && \
|
RUN mkdir -p /usr/lib/prosody/community-modules && \
|
||||||
hg clone --rev ${MODULES_VERSION} https://hg.prosody.im/prosody-modules /usr/lib/prosody/community-modules
|
hg clone --rev ${MODULES_VERSION} https://hg.prosody.im/prosody-modules /usr/lib/prosody/community-modules
|
||||||
|
@ -156,13 +156,13 @@ conversejs_options = {
|
|||||||
view_mode = "fullscreen";
|
view_mode = "fullscreen";
|
||||||
}
|
}
|
||||||
|
|
||||||
-- Configuration for IMAP authentication.
|
-- Configuration for LDAP authentication.
|
||||||
imap_auth_host = os.getenv("PROSODY_IMAP_AUTH_HOST") or "localhost"
|
ldap_server = os.getenv("PROSODY_AUTH_LDAP_HOST") or "localhost"
|
||||||
imap_auth_port = os.getenv("PROSODY_IMAP_AUTH_PORT") or 993
|
ldap_base = "ou=people,dc=ldap,dc=local"
|
||||||
auth_imap_ssl = {
|
ldap_rootdn = "uid=" .. (os.getenv("PROSODY_AUTH_LDAP_BIND_UID") or "admin") .. ",ou=people,dc=ldap,dc=local"
|
||||||
mode = "client",
|
ldap_password = os.getenv("PROSODY_AUTH_LDAP_BIND_PASSWORD") or ""
|
||||||
protocol = "tlsv1_2"
|
ldap_filter = "(&(memberof=cn=prosody_user,ou=groups,dc=ldap,dc=local)(|(uid=$user)(mail=$user@$host)))"
|
||||||
}
|
ldap_admin_filter = "(memberof=cn=prosody_admin,ou=groups,dc=ldap,dc=local)"
|
||||||
|
|
||||||
-- Configuration for TURN/STUN.
|
-- Configuration for TURN/STUN.
|
||||||
turn_external_host = os.getenv("PROSODY_TURN_HOST") or "localhost"
|
turn_external_host = os.getenv("PROSODY_TURN_HOST") or "localhost"
|
||||||
|
@ -11,8 +11,7 @@ local host_external = os.getenv("PROSODY_HOST_EXTERNAL") or "external.localhost"
|
|||||||
VirtualHost(host_base)
|
VirtualHost(host_base)
|
||||||
http_host = host_external
|
http_host = host_external
|
||||||
http_external_url = "https://" .. host_external .. "/"
|
http_external_url = "https://" .. host_external .. "/"
|
||||||
authentication = "imap"
|
authentication = "ldap"
|
||||||
auth_append_host = true
|
|
||||||
http_paths = {
|
http_paths = {
|
||||||
conversejs = "/web"
|
conversejs = "/web"
|
||||||
}
|
}
|
||||||
|
@ -3,8 +3,9 @@ PROSODY_HOST=${PROSODY_HOST}
|
|||||||
PROSODY_HOST_EXTERNAL=${PROSODY_HOST_EXTERNAL}
|
PROSODY_HOST_EXTERNAL=${PROSODY_HOST_EXTERNAL}
|
||||||
|
|
||||||
# Authentication options.
|
# Authentication options.
|
||||||
PROSODY_IMAP_AUTH_HOST=dovecot
|
PROSODY_AUTH_LDAP_HOST=lldap:3890
|
||||||
PROSODY_IMAP_AUTH_PORT=993
|
PROSODY_AUTH_LDAP_BIND_UID=${LLDAP_ADMIN_USERNAME}
|
||||||
|
PROSODY_AUTH_LDAP_BIND_PASSWORD=${LLDAP_ADMIN_PASSWORD}
|
||||||
|
|
||||||
# TURN server options.
|
# TURN server options.
|
||||||
PROSODY_TURN_HOST=${COTURN_REALM}
|
PROSODY_TURN_HOST=${COTURN_REALM}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Prosody XMPP server
|
Description=Prosody XMPP server
|
||||||
Wants=container-build@%N.service container-volume@%N.service dovecot.service grafana-dashboard@prosody.service
|
Wants=container-build@%N.service container-volume@%N.service lldap.service grafana-dashboard@prosody.service
|
||||||
After=container-build@%N.service container-volume@%N.service dovecot.service grafana-dashboard@prosody.service
|
After=container-build@%N.service container-volume@%N.service lldap.service grafana-dashboard@prosody.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
|
Loading…
Reference in New Issue
Block a user