2020-02-27 10:45:51 +00:00
4 changed files with 15 additions and 12 deletions
--- a/data_bags/credentials/mediawiki.json
+++ b/data_bags/credentials/mediawiki.json
@ -1,23 +1,23 @@
 {
  "id": "mediawiki",
  "db_pass": {
-    "encrypted_data": "KfJnSZ5/8WBYXik5TE1SOZTZMhMObSzZpXX17Mygwx0eGqo29sBIQwbAI0+A\nKfe1N4DuyyQpBjNDpmi+yiIjBuG4RfUj\n",
-    "iv": "zGkF0xLeyjXA1aUc\n",
-    "auth_tag": "7U/g32H1SfJHdZSECmgU1A==\n",
+    "encrypted_data": "bkvlD9N8a2EAoBDRcJ5Yhio7vQPnc5qMxH3Of/A/epieJZXBudkYrDaQZmbu\nSwYseFveqEleys4IbI+zTOaBN5LejDpH\n",
+    "iv": "OPbDsQjNBP7Yabsx\n",
+    "auth_tag": "0cl2nkL0V07cWC5SZjNXBA==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "ldap_user": {
-    "encrypted_data": "CerXTmZNO3mbzevNFn/qbtdeOWx37qFOyCuKznRw9I+nSl+hZ3dP6PUJ+iIg\nSAM2ebvwHyXC1Jz+Aah0AFjw+D+7\n",
-    "iv": "wi5xB/lUm3AQtkTZ\n",
-    "auth_tag": "WhdFRt/rlkfmBb9pb9tkvw==\n",
+    "encrypted_data": "+iKtv/pB8rU0kJYlhr/KNUM63uG5RpDUCduW9sakxwaMs7V5JetSdaUmabIk\np8EiF5FDvYLUWqq5SOblTfPELMY3C0j5XwgxDKo=\n",
+    "iv": "ynjajkZHawmcE81H\n",
+    "auth_tag": "cxcsojaQW8dFZHR50QnZjw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "ldap_password": {
-    "encrypted_data": "RZmfQbctKnPGJm97ZMMrtDFGYx8sPzlJIy3saeUXugEEL3HtE39s\n",
-    "iv": "taEQ/4xRIrQCIkR9\n",
-    "auth_tag": "2mdevdW0Oh/l/cKCyePW3Q==\n",
+    "encrypted_data": "Kb5/RiGyXEf0X4KAgprCrZU+lFaWYuu6gjSXanujWxXx5YUdQLzZ\n",
+    "iv": "U1JBexbrnmJ4HNSZ\n",
+    "auth_tag": "LDeG8mOM5iLxy/VslTakSg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
--- a/site-cookbooks/kosmos-ejabberd/metadata.rb
+++ b/site-cookbooks/kosmos-ejabberd/metadata.rb
@ -4,7 +4,7 @@ maintainer_email 'ops@kosmos.org'
 license 'MIT'
 description 'Installs/Configures kosmos-ejabberd'
 long_description 'Installs/Configures kosmos-ejabberd'
-version '0.2.0'
+version '0.2.1'
 chef_version '>= 12.14' if respond_to?(:chef_version)

 # The `issues_url` points to the location where issues for this cookbook are
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -112,6 +112,8 @@ ldap_base = "cn=users,dc=kosmos,dc=org"
 admin_users = ejabberd_credentials['admins']

 hosts.each do |host|
+  ldap_rootdn = "uid=xmpp,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"
+
  postgresql_database host[:sql_database] do
    owner 'ejabberd'
    action :create
@ -134,6 +136,7 @@ hosts.each do |host|
              host: host,
              ldap_base: ldap_base,
              ldap_server: ldap_domain,
+              ldap_rootdn: ldap_rootdn,
              ldap_encryption_type: ldap_encryption_type
    notifies :run, "execute[ejabberdctl reload_config]", :delayed
  end
--- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
@ -14,12 +14,12 @@ host_config:
  <% if @host[:ldap_enabled] -%>
    auth_method: ldap
    ldap_servers: ["<%= @ldap_server %>"]
-    ldap_rootdn: "cn=xmpp,ou=<%= @host[:name] %>,<%= @ldap_base %>"
+    ldap_rootdn: "<%= @ldap_rootdn %>"
    ldap_password: "<%= @host[:ldap_password] %>"
    ldap_encrypt: <%= @ldap_encryption_type %>
    ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
    ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
-    ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= @host[:name] %>,<%= @ldap_base %>)"
+    ldap_filter: "(objectClass=person)"
  <% end -%>

 append_host_config: