drequivalent
commented
1 year ago YES PLEASE!
Open cyberb opened 3 years ago
drequivalent
commented
1 year ago YES PLEASE!
cyberb
commented
1 year ago cyberb
commented
1 year ago So it was rejected in favour of the future OIDC (which is not available right now as I understand) For those who are desperate like me to get LDAP support right now, feel free to use my branch which I will rebase from time to time. https://github.com/cyberb/dendrite/commits/syncloud
cyberb
commented
1 year ago it has this new config section:
ldap:
enabled: true
uri: "ldap://localhost:389"
base_dn: "dc=syncloud,dc=org"
# admin bind modes uses a separate admin ldap account to perform user search
admin_bind_enabled: true
admin_bind_dn: "cn=admin,dc=syncloud,dc=org"
admin_bind_password: "syncloud"
search_base_dn: "ou=users,dc=syncloud,dc=org"
search_filter: "(&(objectclass=inetOrgPerson)(cn={username}))"
search_attribute: "cn"
# direct user bind if admin bind is disabled
user_bind_dn: "cn={username},ou=users,dc=syncloud,dc=org"
# is user an admin or not
admin_group_dn: "cn=syncloud,ou=groups,dc=syncloud,dc=org"
admin_group_filter: "(memberUid={username})"
admin_group_attribute: "memberUid"
Danieloni1
commented
1 year ago Hey @cyberb, Thanks for the contribution! I am indeed desperate like you to have LDAP support. Will it work for me out of the box right now?
cyberb
commented
1 year ago It works for me in Syncloud project, use the fork and add the config, let me know here if it does not work I will help or fix the code.
cyberb
commented
1 year ago Start with user_bind_dn mode
drequivalent
commented
1 year ago So it was rejected in favour of the future OIDC (which is not available right now as I understand)
LDAP is the established standard, you pretty much have to support it, in order to be usable in integrated environments.
Danieloni1
commented
1 year ago @cyberb
Thanks pal!
Working smoothly with user_bind_dn mode.
Will let you know if anything goes wrong as we set the whole system up 😄
alexanderadam
commented
1 year ago So it was rejected in favour of the future OIDC (which is not available right now as I understand)
As far as I understood the dendrite team doesn't want to maintain OIDC anyway or do I misunderstand this message @kegsay?
For those who are desperate like me to get LDAP support right now, feel free to use my branch which I will rebase from time to time. https://github.com/cyberb/dendrite/commits/syncloud
Is there any tagged container image available from your branch, @cyberb? Or is there a chance that the dendrite maintainers might reconsider merging OIDC and/or LDAP support?
cyberb
commented
1 year ago Well, I am from Syncloud not Matrix, all I know is in this comment: https://github.com/matrix-org/dendrite/pull/2986#issuecomment-1443117073
I am happy to reduce the change to bare minimum (remove admin bind/user search) and even happy to support from time to time the piece of code.
cyberb
commented
1 year ago Is there any tagged container image available from your branch
no, but you can try Syncloud docker container and install matrix app inside if you want. https://github.com/syncloud/platform/wiki/Docker
Zulgrib
commented
1 year ago What is the current status there? Do we have a chance to get LDAP(s) support merged?
alexanderadam
commented
1 year ago This might be relevant for the folks watching this issue:
It sounds like the Matrix server Rust implementation "Conduit" will get LDAP. Which does not seem to be true for Dendrite.
Hence you might want to watch the other issue too.
I am new to matrix and I would like to add dendrite to Syncloud store. For this I need LDAP integration (login, user creation), which I can try adding if there is no working solution is available yet.