cqrenet/matrix-docker-ansible-deploy
3
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-03-25 22:17:25 +00:00
Code Issues Wiki Activity

feat(synapse): add ca_certs_file support for LDAP TLS

Browse Source 
Add matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file
variable to allow specifying a custom CA certificate file for LDAP TLS
verification. Useful when Synapse is running in a container that does not
trust a private/internal CA by default.

Example usage:
matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file: /etc/ssl/certs/my-ca.crt
This commit is contained in:
mikhail.sarnov
2026-03-05 12:32:10 +01:00
committed by Slavi Pantaleev
parent c9bb48ff11
commit 1ee5c1f416
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/custom/matrix-synapse/defaults/main.yml
View File

@@ -1410,6 +1410,7 @@ matrix_synapse_ext_password_provider_ldap_filter: ""
matrix_synapse_ext_password_provider_ldap_active_directory: false
matrix_synapse_ext_password_provider_ldap_default_domain: ""
matrix_synapse_ext_password_provider_ldap_tls_options_validate: true
matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file: ""
# Enable this to activate the Synapse Antispam spam-checker module.
# See: https://github.com/t2bot/synapse-simple-antispam

3
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@@ -2540,6 +2540,9 @@ password_providers:
filter: {{ matrix_synapse_ext_password_provider_ldap_filter | string|to_json }}
tls_options:
validate: {{ matrix_synapse_ext_password_provider_ldap_tls_options_validate | to_json }}
{% if matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file %}
ca_certs_file: {{ matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file | string | to_json }}
{% endif %}
{% endif %}
{% endif %}