Merge pull request 'Only allow ejabberd logins when XMPP service is enabled for user' (#550) from feature/xmpp_service_enabled into master

Reviewed-on: #550
2024-03-27 16:17:04 +00:00 · 2024-03-27 16:17:04 +00:00 · a8c4f0bd0e
commit a8c4f0bd0e
parent 263eb88b72 12b4fb37fa
2 changed files with 8 additions and 2 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -154,6 +154,11 @@ admin_users = ejabberd_credentials['admins']

 hosts.each do |host|
  ldap_rootdn = "uid=service,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"
+  if host[:name] == "kosmos.org"
+    ldap_filter = "(&(objectClass=person)(serviceEnabled=xmpp))"
+  else
+    ldap_filter = "(objectClass=person)"
+  end

  template "/opt/ejabberd/conf/#{host[:name]}.yml" do
    source    "vhost.yml.erb"
@ -167,7 +172,8 @@ hosts.each do |host|
              ldap_base: ldap_base,
              ldap_server: ldap_domain,
              ldap_rootdn: ldap_rootdn,
-              ldap_encryption_type: ldap_encryption_type
+              ldap_encryption_type: ldap_encryption_type,
+              ldap_filter: ldap_filter
    notifies :reload, "service[ejabberd]", :delayed
  end
 end
--- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
@ -16,7 +16,7 @@ host_config:
    ldap_password: "<%= @host[:ldap_password] %>"
    ldap_encrypt: <%= @ldap_encryption_type %>
    ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
-    ldap_filter: "(objectClass=person)"
+    ldap_filter: "<%= @ldap_filter %>"
  <% end -%>

 append_host_config: