diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 6892411f30de2b3477fb7d08375ea4fbd52aee04..059925aa284cc862635b7e4b8b195ab9f8c68e55 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -577,7 +577,7 @@ Parameters Path to file on Ansible host that contains the X.509 certificate used for TLS for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``. -**xmpp_domains** (list, mandatory) +**xmpp_domains** (list, optional, ``ansible_facts[host]['domain']``) List of domains that are served by this Prosody instance. Each item is a string specifying a domain. @@ -593,24 +593,25 @@ Parameters **xmpp_ldap_password** (string, mandatory) Password used for authenticating to the LDAP server. -**xmpp_ldap_filter** (string, mandatory) +**xmpp_ldap_filter** (string, optional, ``(mail=$user@$host)``) LDAP filter used for obtaining a list of users available on the Prosody server. Two special strings can be used for specifying the user and domain, ``$user``, and ``$host`` within. These will be replaced with real values in the filter every time a user is looked-up. -**xmpp_ldap_scope** (string, mandatory) +**xmpp_ldap_scope** (string, optional, ``subtree``) Scope for performing the LDAP search for obtaining a list of users available on the Prosody server. -**xmpp_ldap_tls** (boolean, mandatory) - Specifies whether to use STARTTLS extension when connecting to the LDAP server - or not. - -**xmpp_ldap_base** (string, mandatory) +**xmpp_ldap_base** (string, optional, see below) Base DN under which the lists of users available on the Prosody should be looked-up. + If not specified, the value will default to base DN constructed by putting all + elements of the server's domain as ``dc`` entries (as per standard Debian + convention). I.e. if XMPP server domain is ``example.com``, the resulting base + DN would be ``dc=example,dc=com``. + Examples ~~~~~~~~ @@ -636,7 +637,6 @@ Here is an example configuration for setting-up XMPP server using Prosody: # side. xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,dc=example,dc=com)(mail=$user@$host))' xmpp_ldap_scope: "onelevel" - xmpp_ldap_tls: "true" xmpp_ldap_base: "ou=people,dc=example,dc=com" diff --git a/roles/xmpp_server/defaults/main.yml b/roles/xmpp_server/defaults/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..43cd1cbd3c394b7fdbc3e7d4f38161aed3e9d0af --- /dev/null +++ b/roles/xmpp_server/defaults/main.yml @@ -0,0 +1,6 @@ +--- + +xmpp_domains: "{{ ansible_facts[host]['domain'] }}" +xmpp_ldap_filter: '(mail=$user@$host)' +xmpp_ldap_scope: subtree +xmpp_ldap_base: "{{ ansible_facts[host]['domain'] | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}" diff --git a/roles/xmpp_server/templates/prosody.cfg.lua.j2 b/roles/xmpp_server/templates/prosody.cfg.lua.j2 index 75789744a6ea5e4983d51c5f2960a9c91ce22a53..e6a403d68fb1770ce129fb441a36bccc3671d941 100644 --- a/roles/xmpp_server/templates/prosody.cfg.lua.j2 +++ b/roles/xmpp_server/templates/prosody.cfg.lua.j2 @@ -65,7 +65,6 @@ ldap_rootdn = "{{ xmpp_ldap_bind_dn }}" ldap_password = "{{ xmpp_ldap_password }}" ldap_filter = "{{ xmpp_ldap_filter }}" ldap_scope = "{{ xmpp_ldap_scope }}" -ldap_tls = {{ xmpp_ldap_tls }} ldap_base = "{{ xmpp_ldap_base }}" -- Storage backend. diff --git a/testsite/group_vars/xmpp.yml b/testsite/group_vars/xmpp.yml index cbb87bc66511704a3c82f53be9c9d7ec853fb99d..f26c906a09b95700bd1244ce5deb30286bec94ad 100644 --- a/testsite/group_vars/xmpp.yml +++ b/testsite/group_vars/xmpp.yml @@ -41,6 +41,4 @@ xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail= xmpp_ldap_scope: "onelevel" -xmpp_ldap_tls: "true" - xmpp_ldap_base: "ou=people,{{ testsite_ldap_base }}"