From 786a71cee227fcf5509bd0812a1dd6fa389f173d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Mon, 4 Nov 2019 19:00:56 +0100
Subject: [PATCH] Add LDAP support to ejabberd

Users in the cn=greg,ou=users,dc=kosmos,dc=org group and the xmpp
attribute set to enabled will be able to log in using their userPassword
---
 site-cookbooks/kosmos-ejabberd/recipes/default.rb    | 12 +++++++++++-
 .../kosmos-ejabberd/templates/ejabberd.yml.erb       |  7 +++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
index 5d4e282..bae9d12 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -79,11 +79,21 @@ execute "create db schema ejabberd_5apps" do
   action :nothing
 end
 
+ldap_credentials = data_bag_item("credentials", "389")
+ldap_server = node["kosmos-dirsrv"]["nginx"]["domain"]
+ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
+ldap_base = "ou=users,dc=kosmos,dc=org"
+
 template "/opt/ejabberd/conf/ejabberd.yml" do
   source    "ejabberd.yml.erb"
   mode      0640
   sensitive true
-  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password']
+  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
+            ldap_server: ldap_server,
+            ldap_username: ldap_credentials[:username],
+            ldap_password: ldap_credentials[:password],
+            ldap_base: ldap_base,
+            ldap_encryption_type: ldap_encryption_type
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end
 
diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index 7f66eaf..b1ba82a 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -17,6 +17,13 @@ host_config:
     sql_database: "ejabberd"
     sql_username: "ejabberd"
     sql_password: "<%= @pgsql_password %>"
+    auth_method: [sql, ldap]
+    ldap_servers: ["<%= @ldap_server %>"]
+    ldap_rootdn: "<%= @ldap_username %>"
+    ldap_password: "<%= @ldap_password %>"
+    ldap_encrypt: <%= @ldap_encryption_type %>
+    ldap_base: "<%= @ldap_base %>"
+    ldap_filter: "(&(objectClass=account)(xmpp=enabled))"
   "5apps.com":
     sql_type: pgsql
     sql_server: "localhost"