Use allow_existing_users flag instead
when external registration is enabled, this means that we don't move all of the external users as oidc accounts
This commit is contained in:
Girish Ramakrishnan
22
start.sh
22
start.sh
@@ -4,26 +4,6 @@ set -eu
|
|||||||
|
|
||||||
mkdir -p /app/data/data /app/data/configs /run/synapse
|
mkdir -p /app/data/data /app/data/configs /run/synapse
|
||||||
|
|
||||||
# can be removed in the next release (https://github.com/matrix-org/synapse/issues/7633)
|
|
||||||
migrate_ldap_users_to_oidc() {
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
echo "==> Migrating existing LDAP users to OIDC"
|
|
||||||
|
|
||||||
# Wait for synapse to finish db setup, before we do any db operations
|
|
||||||
while ! curl --fail http://localhost:8008; do
|
|
||||||
echo "==> Waiting for Synapse to come up"
|
|
||||||
sleep 5
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "==> Synapse is up, migrate LDAP users"
|
|
||||||
users_to_migrate=$(PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE} -AXqtc "SELECT count(*) FROM Users u LEFT JOIN user_external_ids ext_ids ON u.name=ext_ids.user_id WHERE ext_ids.user_id IS NULL")
|
|
||||||
echo "==> Users to migrate: ${users_to_migrate}"
|
|
||||||
if [[ ${users_to_migrate} -gt 0 ]]; then
|
|
||||||
PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE} -c "INSERT INTO user_external_ids SELECT 'oidc-cloudron' AS auth_provider, substring(u.name from '@(.*):') AS external_id, u.name as user_id FROM Users u LEFT JOIN user_external_ids ext_ids ON u.name=ext_ids.user_id WHERE ext_ids.user_id IS NULL"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
|
if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
|
||||||
echo "==> Detected first run"
|
echo "==> Detected first run"
|
||||||
|
|
||||||
@@ -99,6 +79,8 @@ if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
|||||||
yq eval -i ".oidc_providers[0].authorization_endpoint=\"${CLOUDRON_OIDC_AUTH_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
yq eval -i ".oidc_providers[0].authorization_endpoint=\"${CLOUDRON_OIDC_AUTH_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
||||||
yq eval -i ".oidc_providers[0].token_endpoint=\"${CLOUDRON_OIDC_TOKEN_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
yq eval -i ".oidc_providers[0].token_endpoint=\"${CLOUDRON_OIDC_TOKEN_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
||||||
yq eval -i ".oidc_providers[0].userinfo_endpoint=\"${CLOUDRON_OIDC_PROFILE_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
yq eval -i ".oidc_providers[0].userinfo_endpoint=\"${CLOUDRON_OIDC_PROFILE_ENDPOINT}\"" /app/data/configs/homeserver.yaml
|
||||||
|
# https://s3lph.me/ldap-to-oidc-migration-3-matrix.html
|
||||||
|
yq eval -i ".oidc_providers[0].allow_existing_users=true" /app/data/configs/homeserver.yaml
|
||||||
yq eval -i ".oidc_providers[0].user_mapping_provider.config.localpart_template=\"{{ user.sub }}\"" /app/data/configs/homeserver.yaml
|
yq eval -i ".oidc_providers[0].user_mapping_provider.config.localpart_template=\"{{ user.sub }}\"" /app/data/configs/homeserver.yaml
|
||||||
yq eval -i ".oidc_providers[0].user_mapping_provider.config.display_name_template=\"{{ user.name }}\"" /app/data/configs/homeserver.yaml
|
yq eval -i ".oidc_providers[0].user_mapping_provider.config.display_name_template=\"{{ user.name }}\"" /app/data/configs/homeserver.yaml
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user