diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py
index 79b0534b3b..0f890fc04a 100644
--- a/synapse/config/homeserver.py
+++ b/synapse/config/homeserver.py
@@ -30,7 +30,7 @@ from .saml2 import SAML2Config
from .cas import CasConfig
from .password import PasswordConfig
from .jwt import JWTConfig
-from .ldap import LDAPConfig
+from .password_auth_providers import PasswordAuthProviderConfig
from .emailconfig import EmailConfig
from .workers import WorkerConfig
@@ -39,8 +39,8 @@ class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig,
RatelimitConfig, ContentRepositoryConfig, CaptchaConfig,
VoipConfig, RegistrationConfig, MetricsConfig, ApiConfig,
AppServiceConfig, KeyConfig, SAML2Config, CasConfig,
- JWTConfig, LDAPConfig, PasswordConfig, EmailConfig,
- WorkerConfig,):
+ JWTConfig, PasswordConfig, EmailConfig,
+ WorkerConfig, PasswordAuthProviderConfig,):
pass
diff --git a/synapse/config/ldap.py b/synapse/config/ldap.py
deleted file mode 100644
index d83c2230be..0000000000
--- a/synapse/config/ldap.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 Niklas Riekenbrauck
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from ._base import Config, ConfigError
-
-
-MISSING_LDAP3 = (
- "Missing ldap3 library. This is required for LDAP Authentication."
-)
-
-
-class LDAPMode(object):
- SIMPLE = "simple",
- SEARCH = "search",
-
- LIST = (SIMPLE, SEARCH)
-
-
-class LDAPConfig(Config):
- def read_config(self, config):
- ldap_config = config.get("ldap_config", {})
-
- self.ldap_enabled = ldap_config.get("enabled", False)
-
- if self.ldap_enabled:
- # verify dependencies are available
- try:
- import ldap3
- ldap3 # to stop unused lint
- except ImportError:
- raise ConfigError(MISSING_LDAP3)
-
- self.ldap_mode = LDAPMode.SIMPLE
-
- # verify config sanity
- self.require_keys(ldap_config, [
- "uri",
- "base",
- "attributes",
- ])
-
- self.ldap_uri = ldap_config["uri"]
- self.ldap_start_tls = ldap_config.get("start_tls", False)
- self.ldap_base = ldap_config["base"]
- self.ldap_attributes = ldap_config["attributes"]
-
- if "bind_dn" in ldap_config:
- self.ldap_mode = LDAPMode.SEARCH
- self.require_keys(ldap_config, [
- "bind_dn",
- "bind_password",
- ])
-
- self.ldap_bind_dn = ldap_config["bind_dn"]
- self.ldap_bind_password = ldap_config["bind_password"]
- self.ldap_filter = ldap_config.get("filter", None)
-
- # verify attribute lookup
- self.require_keys(ldap_config['attributes'], [
- "uid",
- "name",
- "mail",
- ])
-
- def require_keys(self, config, required):
- missing = [key for key in required if key not in config]
- if missing:
- raise ConfigError(
- "LDAP enabled but missing required config values: {}".format(
- ", ".join(missing)
- )
- )
-
- def default_config(self, **kwargs):
- return """\
- # ldap_config:
- # enabled: true
- # uri: "ldap://ldap.example.com:389"
- # start_tls: true
- # base: "ou=users,dc=example,dc=com"
- # attributes:
- # uid: "cn"
- # mail: "email"
- # name: "givenName"
- # #bind_dn:
- # #bind_password:
- # #filter: "(objectClass=posixAccount)"
- """
diff --git a/synapse/config/password_auth_providers.py b/synapse/config/password_auth_providers.py
new file mode 100644
index 0000000000..f6d9bb1c62
--- /dev/null
+++ b/synapse/config/password_auth_providers.py
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 Openmarket
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from ._base import Config
+
+import importlib
+
+
+class PasswordAuthProviderConfig(Config):
+ def read_config(self, config):
+ self.password_providers = []
+
+ # We want to be backwards compatible with the old `ldap_config`
+ # param.
+ ldap_config = config.get("ldap_config", {})
+ self.ldap_enabled = ldap_config.get("enabled", False)
+ if self.ldap_enabled:
+ from synapse.util.ldap_auth_provider import LdapAuthProvider
+ parsed_config = LdapAuthProvider.parse_config(ldap_config)
+ self.password_providers.append((LdapAuthProvider, parsed_config))
+
+ providers = config.get("password_providers", [])
+ for provider in providers:
+ # We need to import the module, and then pick the class out of
+ # that, so we split based on the last dot.
+ module, clz = provider['module'].rsplit(".", 1)
+ module = importlib.import_module(module)
+ provider_class = getattr(module, clz)
+
+ provider_config = provider_class.parse_config(provider["config"])
+ self.password_providers.append((provider_class, provider_config))
+
+ def default_config(self, **kwargs):
+ return """\
+ # password_providers:
+ # - module: "synapse.util.ldap_auth_provider.LdapAuthProvider"
+ # config:
+ # enabled: true
+ # uri: "ldap://ldap.example.com:389"
+ # start_tls: true
+ # base: "ou=users,dc=example,dc=com"
+ # attributes:
+ # uid: "cn"
+ # mail: "email"
+ # name: "givenName"
+ # #bind_dn:
+ # #bind_password:
+ # #filter: "(objectClass=posixAccount)"
+ """
|
