dendrite
dendrite copied to clipboard
matrix-org
LDAP
I am new to matrix and I would like to add dendrite to Syncloud store. For this I need LDAP integration (login, user creation), which I can try adding if there is no working solution is available yet.
So it was rejected in favour of the future OIDC (which is not available right now as I understand) For those who are desperate like me to get LDAP support right now, feel free to use my branch which I will rebase from time to time. https://github.com/cyberb/dendrite/commits/syncloud
it has this new config section:
ldap:
enabled: true
uri: "ldap://localhost:389"
base_dn: "dc=syncloud,dc=org"
# admin bind modes uses a separate admin ldap account to perform user search
admin_bind_enabled: true
admin_bind_dn: "cn=admin,dc=syncloud,dc=org"
admin_bind_password: "syncloud"
search_base_dn: "ou=users,dc=syncloud,dc=org"
search_filter: "(&(objectclass=inetOrgPerson)(cn={username}))"
search_attribute: "cn"
# direct user bind if admin bind is disabled
user_bind_dn: "cn={username},ou=users,dc=syncloud,dc=org"
# is user an admin or not
admin_group_dn: "cn=syncloud,ou=groups,dc=syncloud,dc=org"
admin_group_filter: "(memberUid={username})"
admin_group_attribute: "memberUid"
Hey @cyberb, Thanks for the contribution! I am indeed desperate like you to have LDAP support. Will it work for me out of the box right now?
It works for me in Syncloud project, use the fork and add the config, let me know here if it does not work I will help or fix the code.
So it was rejected in favour of the future OIDC (which is not available right now as I understand)
LDAP is the established standard, you pretty much have to support it, in order to be usable in integrated environments.
@cyberb
Thanks pal!
Working smoothly with user_bind_dn mode.
Will let you know if anything goes wrong as we set the whole system up 😄
So it was rejected in favour of the future OIDC (which is not available right now as I understand)
As far as I understood the dendrite team doesn't want to maintain OIDC anyway or do I misunderstand this message @kegsay?
For those who are desperate like me to get LDAP support right now, feel free to use my branch which I will rebase from time to time. https://github.com/cyberb/dendrite/commits/syncloud
Is there any tagged container image available from your branch, @cyberb? Or is there a chance that the dendrite maintainers might reconsider merging OIDC and/or LDAP support?
Well, I am from Syncloud not Matrix, all I know is in this comment: https://github.com/matrix-org/dendrite/pull/2986#issuecomment-1443117073
I am happy to reduce the change to bare minimum (remove admin bind/user search) and even happy to support from time to time the piece of code.
Is there any tagged container image available from your branch
no, but you can try Syncloud docker container and install matrix app inside if you want. https://github.com/syncloud/platform/wiki/Docker
What is the current status there? Do we have a chance to get LDAP(s) support merged?
This might be relevant for the folks watching this issue:
It sounds like the Matrix server Rust implementation "Conduit" will get LDAP. Which does not seem to be true for Dendrite.
Hence you might want to watch the other issue too.