Improving Matrix integration

tafkaz · September 3, 2020, 4:12pm

We are evaluatinig Univention as a matrix provisioning tool right now, and came to some obstacles we hope someone may help us with:

1.)
Apparently, only username and password are provided in Matrix from the LDAP of Univention.
Why aren’t mail addresses, group memberships, telephone numbers and possibly other attributes also taken along?
Can this be built somehow and if so, is there a manual or do you have a hint for us?

2.)
You can usually search for users directly in Matrix, but unfortunately this is not possible with Univention integration.
How do you manage to search the users within the UCS LDAP in Matrix, maybe also restricted to those users who are in the same group?

We certainly have a lot of other things that would come to our minds about Matrix, but with answers to these two questions, we would at least be able to get a bit further.

Thanks
Sascha

ahrnke · September 4, 2020, 3:40pm

Hi Sascha,

there current Matrix integration is using the Synapse LDAP Auth Provider. If you look at the description (and the code), you can see that there are just the attributes you mentioned being used,
The link above also mentions that there is a ma1sd - Federated Matrix Identity Server which could most likely be used to achieve the things you mentioned. There are a couple more problems to solve if you run your own identity server. During my recent test I have noticed that the mobile app is using vector.fm’s identity server by default. This might or might not be acceptable for your use-case.

I know that our appcenter-team is in contact with the companies behind Matrix Synapse and Element to discuss improvements. Feel free to add your use-case.

hth,
Dirk

audiolinux · February 25, 2021, 8:54pm

Hi @tafkaz and @ahrnke

are there any news concerning ucs matrix/synapse implementation? Actually we’re testing synapse as well. I wonder if and how the setttings in /var/lib/univention-appcenter/apps/synapse/data/generated/homeserver.yaml configuration are applied.

Cheers

Sebastian

tafkaz · March 4, 2021, 2:29pm

Hi @audiolinux,
not that i would know, i’m afraid.
cheers
Sascha

audiolinux · March 4, 2021, 3:18pm

Thank you Sascha. Maybe this implementation could be very useful: https://github.com/spantaleev/matrix-docker-ansible-deploy

Cheers

Sebastian

ahrnke · March 5, 2021, 11:59am

Hi,

as I havent done anything with this integration since september and there seems to be no further progress in the hand-over I’d recommend to ask the primary contact as described in Q&A: Who is my primary contact regarding questions about apps?
While this is our “Feedback”-channel in this case and I could ask directly I would recommend to to so nevertheless.

Best Regards,
Dirk

danield · August 6, 2021, 1:55pm

Hello there fellow Matrix people,
does any of you succeed in configuring synapse to work with SAML2 SSO? I’m pretty our users won’t accept matrix/element without SSO.
I followed
https://nickhu.co.uk/posts/2020-07-13-matrix-synapse-shibboleth-saml.html
https://wiki.hostsharing.net/index.php/Matrix_Synapse_installieren
for my SSO-setup but in vain. Synapse won’t accept the metadata-remote, even though this very same IdP-URL works for other saml2-Setups (Nextcloud, Humhub).
The server uses a self signed cert BTW.

I’d also love to see the Synapse-App support SSO out of the box – if it’s just there, ppl have one less excuse to stay with their proprietaery messengers.
Merzi,
-daniel