Guwan
/
ldap-matter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document usage with nginx-proxy-letsencry; Fixes #71

This commit is contained in:
Norman Köster 2021-01-18 11:18:23 +01:00
parent 122e7138e7
commit 723eb5140e
1 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
README.md
View File

@ -266,6 +266,66 @@ Parameters 'ldap_bind_dn' and 'ldap_bind_pass' are required if your LDAP is rest
To try your configuration you can use `ldap.php` available at the root of this project which use the LDAP library for PHP or you can use `ldapsearch` command in a shell.
### Additional information for usage with nginx-proxy, nginx-proxy-letsencrypt
In case you want to use `nginx-proxy`, `nginx-proxy-letsencrypt`, and (for example) `openldap`, it is possible to use subdomains for your services. Following this approach you could have mattermost running on on `https://chat.example.com` and authenticate *via this container from `https://oauth.example.com`. This container will then have its own letsencypt certificate.
You can add the following settings to your configuration files for this type of setup.
docker-compose.yaml
```yaml
version: '3'
[...]
services:
mattermost-ldap:
[...]
expose:
- 80
- 443
environment:
[...]
- VIRTUAL_HOST=oauth.example.com,www.oauth.example.com
- LETSENCRYPT_HOST=oauth.example.com,www.oauth.example.com
[...]
```
.env
```bash
[...]
redirect_uri = "https://chat.example.com/signup/gitlab/complete"
[...]
ldap_filter = "(&(objectClass=inetOrgPerson)(memberof=cn=chat,ou=groups,dc=example,dc=com))"
[...]
```
This filter will additionally allow you to filter based on group affiliation within your LDAP server.
Finally, add the following to your mattermost config.json to ensure the correct redirect.
```json
[...]
"GitLabSettings": {
"Enable": true,
"Secret": "XXX",
"Id": "YYY",
"Scope": "",
"AuthEndpoint": "https://oauth.example.com/oauth/authorize.php",
"TokenEndpoint": "https://oauth.example.com/oauth/token.php",
"UserApiEndpoint": "https://oauth.example.com/oauth/resource.php"
},
[...]
```
## Usage
If you have succeeded previous step you only have to go to the login page of your Mattermost server and click on the Gitlab Button. You will be redirected to a form asking for your LDAP credentials. If your credentials are valid, you will be asked to authorize Oauth to give your information to Mattermost. After authorizing you should be redirected on Mattermost connected with your account.