From daa82e56c79f9cafce18ae819cfc7a2026aaa5c8 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 7 Apr 2020 16:56:34 +0100 Subject: [PATCH 1/4] Add documentation to password_providers config option --- docs/password_auth_providers.md | 5 ++++- docs/sample_config.yaml | 10 ++++++++++ synapse/config/password_auth_providers.py | 10 ++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/password_auth_providers.md b/docs/password_auth_providers.md index 0db1a3804a00..96f9841b7a0c 100644 --- a/docs/password_auth_providers.md +++ b/docs/password_auth_providers.md @@ -9,7 +9,10 @@ into Synapse, and provides a number of methods by which it can integrate with the authentication system. This document serves as a reference for those looking to implement their -own password auth providers. +own password auth providers. Additionally, here is a list of known +password auth provider module implementations: + +* [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3/) ## Required methods diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index be742969cc0f..f2edbd9052d3 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1657,6 +1657,16 @@ email: #template_dir: "res/templates" +# Password providers allow homeserver administrators to integrate +# their Synapse installation with existing authentication methods +# ex. LDAP, external tokens, etc. +# +# For more information and known implementations, please see +# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md +# +# Note: instances wishing to use SAML or CAS authentication should +# use the `saml2_config` option instead. +# #password_providers: # - module: "ldap_auth_provider.LdapAuthProvider" # config: diff --git a/synapse/config/password_auth_providers.py b/synapse/config/password_auth_providers.py index 9746bbc6816b..0c89ab1b7b27 100644 --- a/synapse/config/password_auth_providers.py +++ b/synapse/config/password_auth_providers.py @@ -52,6 +52,16 @@ def read_config(self, config, **kwargs): def generate_config_section(self, **kwargs): return """\ + # Password providers allow homeserver administrators to integrate + # their Synapse installation with existing authentication methods + # ex. LDAP, external tokens, etc. + # + # For more information and known implementations, please see + # https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md + # + # Note: instances wishing to use SAML or CAS authentication should + # use the `saml2_config` option instead. + # #password_providers: # - module: "ldap_auth_provider.LdapAuthProvider" # config: From 5aabb443c7e1c59dca2112067087f8a47061070e Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 7 Apr 2020 16:59:56 +0100 Subject: [PATCH 2/4] Update text and uncomment password_providers block header --- docs/sample_config.yaml | 3 ++- synapse/config/password_auth_providers.py | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index f2edbd9052d3..8e77772f5815 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1667,7 +1667,8 @@ email: # Note: instances wishing to use SAML or CAS authentication should # use the `saml2_config` option instead. # -#password_providers: +password_providers: +# # Example config for an LDAP auth provider # - module: "ldap_auth_provider.LdapAuthProvider" # config: # enabled: true diff --git a/synapse/config/password_auth_providers.py b/synapse/config/password_auth_providers.py index 0c89ab1b7b27..2bcfa37dd844 100644 --- a/synapse/config/password_auth_providers.py +++ b/synapse/config/password_auth_providers.py @@ -35,7 +35,7 @@ def read_config(self, config, **kwargs): if ldap_config.get("enabled", False): providers.append({"module": LDAP_PROVIDER, "config": ldap_config}) - providers.extend(config.get("password_providers", [])) + providers.extend(config.get("password_providers") or []) for provider in providers: mod_name = provider["module"] @@ -62,7 +62,8 @@ def generate_config_section(self, **kwargs): # Note: instances wishing to use SAML or CAS authentication should # use the `saml2_config` option instead. # - #password_providers: + password_providers: + # # Example config for an LDAP auth provider # - module: "ldap_auth_provider.LdapAuthProvider" # config: # enabled: true From 5f9fbc67f0e068c3ff1ca7e8f81949a027f588eb Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 7 Apr 2020 17:07:38 +0100 Subject: [PATCH 3/4] Changelog --- changelog.d/7238.doc | 1 + synapse/config/password_auth_providers.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog.d/7238.doc diff --git a/changelog.d/7238.doc b/changelog.d/7238.doc new file mode 100644 index 000000000000..0e3b4be428f6 --- /dev/null +++ b/changelog.d/7238.doc @@ -0,0 +1 @@ +Add documentation to the `password_providers` config option. Add known password provider implementations to docs. \ No newline at end of file diff --git a/synapse/config/password_auth_providers.py b/synapse/config/password_auth_providers.py index 2bcfa37dd844..af7465d2a7fa 100644 --- a/synapse/config/password_auth_providers.py +++ b/synapse/config/password_auth_providers.py @@ -76,5 +76,5 @@ def generate_config_section(self, **kwargs): # name: "givenName" # #bind_dn: # #bind_password: - # #filter: "(objectClass=posixAccount)" + # #filter: "(objectClass=posixAccount)"\ """ From 998e8d5a4dcf7d11e5431d31ee8f7bf9c23725a1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 7 Apr 2020 17:30:29 +0100 Subject: [PATCH 4/4] Mention cas_config --- docs/sample_config.yaml | 3 ++- synapse/config/password_auth_providers.py | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 8e77772f5815..3417813750be 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1665,7 +1665,8 @@ email: # https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md # # Note: instances wishing to use SAML or CAS authentication should -# use the `saml2_config` option instead. +# instead use the `saml2_config` or `cas_config` options, +# respectively. # password_providers: # # Example config for an LDAP auth provider diff --git a/synapse/config/password_auth_providers.py b/synapse/config/password_auth_providers.py index af7465d2a7fa..4fda8ae987c8 100644 --- a/synapse/config/password_auth_providers.py +++ b/synapse/config/password_auth_providers.py @@ -60,7 +60,8 @@ def generate_config_section(self, **kwargs): # https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md # # Note: instances wishing to use SAML or CAS authentication should - # use the `saml2_config` option instead. + # instead use the `saml2_config` or `cas_config` options, + # respectively. # password_providers: # # Example config for an LDAP auth provider @@ -76,5 +77,5 @@ def generate_config_section(self, **kwargs): # name: "givenName" # #bind_dn: # #bind_password: - # #filter: "(objectClass=posixAccount)"\ + # #filter: "(objectClass=posixAccount)" """