mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
prosody: Move from IMAP to LDAP for authentication
Users in the `prosody_user` and `prosody_admin` groups will be granted access to Prosody (as regular users and administrators, respectively), making this a more flexible solution compared to IMAP.
This commit is contained in:
parent
4740570100
commit
491bed37a8
@ -13,7 +13,7 @@ RUN echo "deb https://packages.prosody.im/debian bullseye main" > /etc/apt/sourc
|
||||
echo "deb-src https://packages.prosody.im/debian bullseye main" >> /etc/apt/sources.list.d/prosody.list && \
|
||||
curl -o - https://prosody.im/files/prosody-debian-packages.key | apt-key add - && \
|
||||
apt-get update -y && apt-get install -y --no-install-recommends \
|
||||
lua5.2 lua-dbi-sqlite3 lua-zlib lua-sec lua-luaossl lua-bitop lua-unbound prosody=${VERSION}*
|
||||
lua5.2 lua-dbi-sqlite3 lua-zlib lua-sec lua-luaossl lua-bitop lua-unbound lua-ldap prosody=${VERSION}*
|
||||
|
||||
RUN mkdir -p /usr/lib/prosody/community-modules && \
|
||||
hg clone --rev ${MODULES_VERSION} https://hg.prosody.im/prosody-modules /usr/lib/prosody/community-modules
|
||||
|
@ -156,13 +156,13 @@ conversejs_options = {
|
||||
view_mode = "fullscreen";
|
||||
}
|
||||
|
||||
-- Configuration for IMAP authentication.
|
||||
imap_auth_host = os.getenv("PROSODY_IMAP_AUTH_HOST") or "localhost"
|
||||
imap_auth_port = os.getenv("PROSODY_IMAP_AUTH_PORT") or 993
|
||||
auth_imap_ssl = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2"
|
||||
}
|
||||
-- Configuration for LDAP authentication.
|
||||
ldap_server = os.getenv("PROSODY_AUTH_LDAP_HOST") or "localhost"
|
||||
ldap_base = "ou=people,dc=ldap,dc=local"
|
||||
ldap_rootdn = "uid=" .. (os.getenv("PROSODY_AUTH_LDAP_BIND_UID") or "admin") .. ",ou=people,dc=ldap,dc=local"
|
||||
ldap_password = os.getenv("PROSODY_AUTH_LDAP_BIND_PASSWORD") or ""
|
||||
ldap_filter = "(&(memberof=cn=prosody_user,ou=groups,dc=ldap,dc=local)(|(uid=$user)(mail=$user@$host)))"
|
||||
ldap_admin_filter = "(memberof=cn=prosody_admin,ou=groups,dc=ldap,dc=local)"
|
||||
|
||||
-- Configuration for TURN/STUN.
|
||||
turn_external_host = os.getenv("PROSODY_TURN_HOST") or "localhost"
|
||||
|
@ -11,8 +11,7 @@ local host_external = os.getenv("PROSODY_HOST_EXTERNAL") or "external.localhost"
|
||||
VirtualHost(host_base)
|
||||
http_host = host_external
|
||||
http_external_url = "https://" .. host_external .. "/"
|
||||
authentication = "imap"
|
||||
auth_append_host = true
|
||||
authentication = "ldap"
|
||||
http_paths = {
|
||||
conversejs = "/web"
|
||||
}
|
||||
|
@ -3,8 +3,9 @@ PROSODY_HOST=${PROSODY_HOST}
|
||||
PROSODY_HOST_EXTERNAL=${PROSODY_HOST_EXTERNAL}
|
||||
|
||||
# Authentication options.
|
||||
PROSODY_IMAP_AUTH_HOST=dovecot
|
||||
PROSODY_IMAP_AUTH_PORT=993
|
||||
PROSODY_AUTH_LDAP_HOST=lldap:3890
|
||||
PROSODY_AUTH_LDAP_BIND_UID=${LLDAP_ADMIN_USERNAME}
|
||||
PROSODY_AUTH_LDAP_BIND_PASSWORD=${LLDAP_ADMIN_PASSWORD}
|
||||
|
||||
# TURN server options.
|
||||
PROSODY_TURN_HOST=${COTURN_REALM}
|
||||
|
@ -1,7 +1,7 @@
|
||||
[Unit]
|
||||
Description=Prosody XMPP server
|
||||
Wants=container-build@%N.service container-volume@%N.service dovecot.service grafana-dashboard@prosody.service
|
||||
After=container-build@%N.service container-volume@%N.service dovecot.service grafana-dashboard@prosody.service
|
||||
Wants=container-build@%N.service container-volume@%N.service lldap.service grafana-dashboard@prosody.service
|
||||
After=container-build@%N.service container-volume@%N.service lldap.service grafana-dashboard@prosody.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
|
Loading…
Reference in New Issue
Block a user