diff --git a/CHANGELOG.md b/CHANGELOG.md index 9005547a..3cfb1d03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# 2018-12-23 + +## (BC Break) mxisd upgrade with multiple base DN support + +mxisd has bee upgraded to [version 1.2.2](https://github.com/kamax-matrix/mxisd/releases/tag/v1.2.2), which supports [multiple base DNs](https://github.com/kamax-matrix/mxisd/blob/v1.2.2/docs/stores/ldap.md#base). + +If you were configuring this playbook's `matrix_mxisd_ldap_connection_baseDn` variable until now (a string containing a single base DN), you'll need to change to configuring the `matrix_mxisd_ldap_connection_baseDns` variable (an array containing multiple base DNs). + +Example change: + +- before: `matrix_mxisd_ldap_connection_baseDn: OU=Users,DC=example,DC=org` +- after: `matrix_mxisd_ldap_connection_baseDns: ['OU=Users,DC=example,DC=org']` + + # 2018-12-21 ## Synapse 0.34.0 and Python 3 diff --git a/roles/matrix-server/defaults/main.yml b/roles/matrix-server/defaults/main.yml index 81eec541..67ee84ef 100644 --- a/roles/matrix-server/defaults/main.yml +++ b/roles/matrix-server/defaults/main.yml @@ -227,7 +227,7 @@ matrix_mailer_relay_auth_password: "" # If you wish to use the public identity servers (matrix.org, vector.im, riot.im) instead of your own, # you may wish to disable this. matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.2.1" +matrix_mxisd_docker_image: "kamax/mxisd:1.2.2" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" @@ -252,7 +252,7 @@ matrix_mxisd_ldap_enabled: false matrix_mxisd_ldap_connection_host: ldapHostnameOrIp matrix_mxisd_ldap_connection_tls: false matrix_mxisd_ldap_connection_port: 389 -matrix_mxisd_ldap_connection_baseDn: OU=Users,DC=example,DC=org +matrix_mxisd_ldap_connection_baseDns: ['OU=Users,DC=example,DC=org'] matrix_mxisd_ldap_connection_bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org matrix_mxisd_ldap_connection_bindPassword: TheUserPassword # The following keys are optional: diff --git a/roles/matrix-server/tasks/setup/setup_mxisd.yml b/roles/matrix-server/tasks/setup/setup_mxisd.yml index 8d6f361e..5a76d372 100644 --- a/roles/matrix-server/tasks/setup/setup_mxisd.yml +++ b/roles/matrix-server/tasks/setup/setup_mxisd.yml @@ -4,6 +4,11 @@ # Tasks related to setting up mxisd # +- name: (Deprecation) Fail if using outdated configuration + fail: + msg: "You're using the `matrix_mxisd_ldap_connection_baseDn` variable (single string), which has been superseded by `matrix_mxisd_ldap_connection_baseDns` (array of strings). See https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#bc-break-mxisd-upgrade-with-multiple-base-dn-support" + when: "matrix_mxisd_ldap_connection_baseDn is defined" + - name: Fail if mailer is not enabled fail: msg: "You need to enable the mailer service (matrix_mailer_enabled) to install mxisd" diff --git a/roles/matrix-server/templates/mxisd/mxisd.yaml.j2 b/roles/matrix-server/templates/mxisd/mxisd.yaml.j2 index 58930284..b9c6e229 100644 --- a/roles/matrix-server/templates/mxisd/mxisd.yaml.j2 +++ b/roles/matrix-server/templates/mxisd/mxisd.yaml.j2 @@ -22,7 +22,8 @@ ldap.enabled: {{ matrix_mxisd_ldap_enabled }} ldap.connection.host: {{ matrix_mxisd_ldap_connection_host }} ldap.connection.tls: {{ matrix_mxisd_ldap_connection_tls }} ldap.connection.port: {{ matrix_mxisd_ldap_connection_port }} -ldap.connection.baseDn: {{ matrix_mxisd_ldap_connection_baseDn }} +ldap.connection.baseDns: +{{ matrix_mxisd_ldap_connection_baseDns|to_nice_yaml }} ldap.connection.bindDn: {{ matrix_mxisd_ldap_connection_bindDn }} ldap.connection.bindPassword: {{ matrix_mxisd_ldap_connection_bindPassword }}