cqrenet/mxids
3
0
Fork 0
Code Pull Requests 10 Actions Releases Activity

Overall improvement

Browse Source 
- Configuration file is documented
- Give more flexibility to the LDAP lookup
- Various suggestions in errors to help new users
This commit is contained in:
Maxime Dor
2017-02-12 00:00:16 +01:00
parent 40be6e72a1
commit 6cab7c3b96
4 changed files with 84 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
application.example.yaml
View File

@@ -1,15 +1,46 @@
server:
# Indicate on which port the Identity Server will listen. This is an unencrypted port.
# HTTPS can be configured using Tomcat configuration properties.
port: 8090
# Realm under which this Identity Server is authoritative, e.g. domain name in e-mails.
# This is used in some recursive lookups to avoid endless loops and avoid bothering other Identity Servers.
name: 'example.org'
key:
# Where the Identity Server signing key will be stored.
#
# /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
# /!\ CHANGE THIS TO A MORE PERMANENT LOCATION! /!\
# /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
path: '/var/tmp/mxis-signing.key'
ldap:
host: 'localhost'
port: 389
bindDn: 'CN=Matrix Identity Server,CN=Users,DC=example,DC=org'
bindPassword: 'password'
baseDn: 'CN=Users,DC=example,DC=org'
query: '(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))'
attribute: 'pager'
bindDn: 'CN=Identity Server,CN=Users,DC=example,DC=org'
bindPassword: 'password'
# How should we resolve the Matrix ID in case of a match using the attribute.
#
# The following type are supported:
# - uid : the attribute only contains the UID part of the Matrix ID. e.g. 'john.doe' in @john.doe:example.org
# - mxid : the attribute contains the full Matrix ID - e.g. '@john.doe:example.org'
type: 'uid'
# The attribute containing the binding itself. This value will be used differently depending on the type.
#
# Typical values:
# - For type 'uid':
# - Samba/AD: sAMAccountName
# - LDAP: If someone knows the most appropriate value, please open an issue
#
# - For type 'mxid', regardless of the directory type, we recommend using 'pager' as it is a standard attribute but
# shouldn't be used in infrastructures.
attribute: 'sAMAccountName'

9
src/main/groovy/io/kamax/mxisd/config/LdapConfig.groovy
View File

@@ -31,6 +31,7 @@ class LdapConfig {
private int port
private String baseDn
private String query
private String type
private String attribute
private String bindDn
private String bindPassword
@@ -67,6 +68,14 @@ class LdapConfig {
this.query = query
}
String getType() {
return type
}
void setType(String type) {
this.type = type
}
String getAttribute() {
return attribute
}

2
src/main/groovy/io/kamax/mxisd/config/ServerConfig.groovy
View File

@@ -42,7 +42,7 @@ class ServerConfig implements InitializingBean {
@Override
void afterPropertiesSet() throws Exception {
if (StringUtils.isBlank(getName())) {
throw new RuntimeException("Server name must be configured!")
throw new RuntimeException("Server name must be configured. Use the same realm as your Homeserver")
}
}

42
src/main/groovy/io/kamax/mxisd/lookup/LdapProvider.groovy
View File

@@ -22,6 +22,8 @@ package io.kamax.mxisd.lookup
import io.kamax.mxisd.api.ThreePidType
import io.kamax.mxisd.config.LdapConfig
import io.kamax.mxisd.config.ServerConfig
import org.apache.commons.lang.StringUtils
import org.apache.directory.api.ldap.model.cursor.EntryCursor
import org.apache.directory.api.ldap.model.entry.Attribute
import org.apache.directory.api.ldap.model.message.SearchScope
@@ -29,14 +31,21 @@ import org.apache.directory.ldap.client.api.LdapConnection
import org.apache.directory.ldap.client.api.LdapNetworkConnection
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import org.springframework.beans.factory.InitializingBean
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.stereotype.Component
@Component
class LdapProvider implements ThreePidProvider {
class LdapProvider implements ThreePidProvider, InitializingBean {
public static final String UID = "uid"
public static final String MATRIX_ID = "mxid"
private Logger log = LoggerFactory.getLogger(LdapProvider.class)
@Autowired
private ServerConfig srvCfg
@Autowired
private LdapConfig ldapCfg
@@ -45,6 +54,13 @@ class LdapProvider implements ThreePidProvider {
return 20
}
@Override
void afterPropertiesSet() throws Exception {
if (!Arrays.asList(UID, MATRIX_ID).contains(ldapCfg.getType())) {
throw new IllegalArgumentException(ldapCfg.getType() + " is not a valid LDAP lookup type")
}
}
@Override
Optional<?> find(ThreePidType type, String threePid) {
log.info("Performing LDAP lookup ${threePid} of type ${type}")
@@ -59,10 +75,30 @@ class LdapProvider implements ThreePidProvider {
if (cursor.next()) {
Attribute attribute = cursor.get().get(ldapCfg.getAttribute())
if (attribute != null) {
String data = attribute.get().toString()
if (data.length() < 1) {
log.warn("Bind was found but value is empty")
return Optional.empty()
}
StringBuilder matrixId = new StringBuilder()
// TODO Should we turn this block into a map of functions?
if (StringUtils.equals("uid", ldapCfg.getType())) {
matrixId.append("@").append(data).append(":").append(srvCfg.getName())
}
if (StringUtils.equals("mxid", ldapCfg.getType())) {
matrixId.append(data)
}
if (matrixId.length() < 1) {
log.warn("Bind was found but type ${ldapCfg.getType()} is not supported")
return Optional.empty()
}
return Optional.of([
address : threePid,
medium : type,
mxid : attribute.get().toString(),
mxid : matrixId.toString(),
not_before: 0,
not_after : 9223372036854775807,
ts : 0
@@ -76,7 +112,9 @@ class LdapProvider implements ThreePidProvider {
conn.close()
}
log.info("No match found")
return Optional.empty()
}
}