Add LDAP support to ejabberd

Users in the cn=greg,ou=users,dc=kosmos,dc=org group and the xmpp attribute set to enabled will be able to log in using their userPassword
2019-11-04 19:00:56 +01:00 · 2019-11-04 19:00:56 +01:00 · 786a71cee2
commit 786a71cee2
parent 56817c9355
2 changed files with 18 additions and 1 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -79,11 +79,21 @@ execute "create db schema ejabberd_5apps" do
  action :nothing
 end

+ldap_credentials = data_bag_item("credentials", "389")
+ldap_server = node["kosmos-dirsrv"]["nginx"]["domain"]
+ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
+ldap_base = "ou=users,dc=kosmos,dc=org"
+
 template "/opt/ejabberd/conf/ejabberd.yml" do
  source    "ejabberd.yml.erb"
  mode      0640
  sensitive true
-  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password']
+  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
+            ldap_server: ldap_server,
+            ldap_username: ldap_credentials[:username],
+            ldap_password: ldap_credentials[:password],
+            ldap_base: ldap_base,
+            ldap_encryption_type: ldap_encryption_type
  notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end

--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@ -17,6 +17,13 @@ host_config:
    sql_database: "ejabberd"
    sql_username: "ejabberd"
    sql_password: "<%= @pgsql_password %>"
+    auth_method: [sql, ldap]
+    ldap_servers: ["<%= @ldap_server %>"]
+    ldap_rootdn: "<%= @ldap_username %>"
+    ldap_password: "<%= @ldap_password %>"
+    ldap_encrypt: <%= @ldap_encryption_type %>
+    ldap_base: "<%= @ldap_base %>"
+    ldap_filter: "(&(objectClass=account)(xmpp=enabled))"
  "5apps.com":
    sql_type: pgsql
    sql_server: "localhost"