AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2025-05-04 19:55:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Split User and Group filter

Browse source
This commit is contained in:
Sven Feyerabend 2021-05-18 23:26:33 +02:00
parent 2b982babbb
commit 547ce9a744
4 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -1,4 +1,3 @@
# Free Overleaf Ldap Implementation # Free Overleaf Ldap Implementation
This repo contains an improved, free ldap authentication and authorisation This repo contains an improved, free ldap authentication and authorisation
@ -80,9 +79,9 @@ LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: dc=DOMAIN,dc=TLD LDAP_BASE: dc=DOMAIN,dc=TLD
LDAP_BIND_USER: cn=ldap_reader,dc=DOMAIN,dc=TLS LDAP_BIND_USER: cn=ldap_reader,dc=DOMAIN,dc=TLS
LDAP_BIND_PW: TopSecret LDAP_BIND_PW: TopSecret
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP # users need to match this filter to login.
# you have to set a group filter a minimal groupfilter would be: '(objectClass=person)' #All occurrences of `%u` get replaced by the entered uid.
LDAP_GROUP_FILTER: '(memberof=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_USER_FILTER: '(memberof=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)(uid=%u)'
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true. # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
# Admin Users can invite external (non ldap) users. This feature makes only sense # Admin Users can invite external (non ldap) users. This feature makes only sense

5
docker-compose.certbot.yml
View file

@ -58,8 +58,8 @@ services:
LDAP_SERVER: ldaps://LDAPSERVER:636 LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP # Binds with the LDAP_BIND_USER and searches for users matching this filter:
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_USER_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)(uid=%u)'
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true. # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
# Admin Users can invite external (non ldap) users. This feature makes only sense # Admin Users can invite external (non ldap) users. This feature makes only sense
@ -71,6 +71,7 @@ services:
# All users in the LDAP_GROUP_FILTER are loaded from the ldap server into contacts. # All users in the LDAP_GROUP_FILTER are loaded from the ldap server into contacts.
# This LDAP search happens without bind. If you want this and your LDAP needs a bind you can # This LDAP search happens without bind. If you want this and your LDAP needs a bind you can
# adapt this in the function getLdapContacts() in ContactsController.js (lines 82 - 107) # adapt this in the function getLdapContacts() in ContactsController.js (lines 82 - 107)
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'false' LDAP_CONTACTS: 'false'
# Same property, unfortunately with different names in # Same property, unfortunately with different names in

8
docker-compose.traefik.yml
View file

@ -135,11 +135,10 @@ services:
LDAP_SERVER: ldaps://LDAPSERVER:636 LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS #LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP # # Binds with the LDAP_BIND_USER and searches for users matching this filter:
# LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_USER_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)(uid=%u)'
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true. # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
# Admin Users can invite external (non ldap) users. This feature makes only sense # Admin Users can invite external (non ldap) users. This feature makes only sense
@ -151,6 +150,7 @@ services:
# All users in the LDAP_GROUP_FILTER are loaded from the ldap server into contacts. # All users in the LDAP_GROUP_FILTER are loaded from the ldap server into contacts.
# This LDAP search happens without bind. If you want this and your LDAP needs a bind you can # This LDAP search happens without bind. If you want this and your LDAP needs a bind you can
# adapt this in the function getLdapContacts() in ContactsController.js (lines 82 - 107) # adapt this in the function getLdapContacts() in ContactsController.js (lines 82 - 107)
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'false' LDAP_CONTACTS: 'false'
# Same property, unfortunately with different names in # Same property, unfortunately with different names in

2
ldap-overleaf-sl/sharelatex/AuthenticationManager.js
View file

@ -276,7 +276,7 @@ const AuthenticationManager = {
const ldap_base = process.env.LDAP_BASE const ldap_base = process.env.LDAP_BASE
var uid = query.email var uid = query.email
const replacer = new RegExp("%u", "g") const replacer = new RegExp("%u", "g")
const filterstr = process.env.LDAP_GROUP_FILTER.replace(replacer, ldapEscape.filter`${uid}`) //replace all appearances const filterstr = process.env.LDAP_USER_FILTER.replace(replacer, ldapEscape.filter`${uid}`) //replace all appearances
console.log("filterstr:" + filterstr) console.log("filterstr:" + filterstr)
var userDn = "" //ldapEscape.filter`uid=${uid}` + ',' + ldap_bd; var userDn = "" //ldapEscape.filter`uid=${uid}` + ',' + ldap_bd;
var mail = "" var mail = ""