AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2024-10-05 23:23:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
yzx9 2023-11-23 17:20:11 +08:00
parent f53790c452
commit 78652946ee
1 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -8,29 +8,32 @@ The inital idea for this implementation was taken from
[worksasintended](https://github.com/worksasintended).
## BREAKING CHANGE
be careful if you try to migrate from 3.3.2! Backup your machines and data.
The migration paths hould be:
- Backup Your machines and Data
- run latest 3.5 sharelatex image and run the migration scripts
- run this sharelatex image (4.1.1) and run the migrations scripts
Be careful if you try to migrate from 3.3.2! Backup your machines and data. The migration paths should be:
- Backup Your machines and data
- Run latest 3.5 sharelatex image and run the migration scripts
- Run this sharelatex image (4.1.1) and run the migrations scripts
## Limitations
## Limitations:
NEW: This version provides the possibility to use a separate ldap bind user. It does this just to find the proper BIND DN and record for the provided email, so it is possible that users from different groups / OUs can login.
Afterwards it tries to bind to the ldap (using ldapts) with the user DN and credentials of the user which tries to login. No hassle of password hashing for LDAP pwds!
If you upgrade from an older commit:
**Note**:
- you have to add: uid=%u to your BIND_DN
- LDAP_GROUP_FILTER is now named LDAP_USER_FILTER
- Import of contacts from LDAP is now controlled by LDAP_CONTACT_FILTER
Only valid LDAP users or email users registered by an admin can login.
This module authenticates against the local DB if `ALLOW_EMAIL_LOGIN` is set to `true` if this fails
it tries to authenticate against the specified LDAP server.
*Note:*
**Note**:
- LDAP Users can not change their password for the ldap username login. They have to change it at the ldap server.
- LDAP Users can reset their local db password. Then they can decide if they login with either their ldap user and password or with their email and local db password.
- Users can not change their email. The email address is taken from the ldap server (mail) field. (or by invitation through an admin).
@ -81,13 +84,10 @@ ADMIN_IS_SYSADMIN=false
*COLLAB_TEXT* : displayed for email invitation (share.pug)<br/>
*ADMIN_IS_SYSADMIN* : false or true (if ``false`` isAdmin group is allowed to add users to sharelatex and post messages. if ``true`` isAdmin group is allowed to logout other users / set maintenance mode)
### LDAP Configuration
Edit [docker-compose.treafik.yml](docker-compose.traefik.yml) or [docker-compose.certbot.yml](docker-compose.certbot.yml) to fit your local setup.
```
LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: dc=DOMAIN,dc=TLD
@ -121,6 +121,7 @@ LDAP_CONTACTS: 'false'
If you enable LDAP_CONTACTS, then all users in LDAP_CONTACT_FILTER are loaded from the ldap server into the contacts.
At the moment this happens every time you click on "Share" within a project.
if you want to enable this function set:
```
LDAP_CONTACT_FILTER: (objectClass=person)
LDAP_CONTACTS: 'true'
@ -140,7 +141,7 @@ OAUTH2_PROFILE_URL: https://api.github.com/user
OAUTH2_USER_ATTR_EMAIL: email
OAUTH2_USER_ATTR_UID: id
OAUTH2_USER_ATTR_FIRSTNAME: name
OAUTH2_USER_ATTR_LASTNAME:
OAUTH2_USER_ATTR_LASTNAME: site_admin
```
### Sharelatex Configuration
@ -160,19 +161,21 @@ Install docker-compose:
pip install docker-compose
```
use the command:
use the command
```
make
```
to generate the ldap-overleaf-sl docker image.
use the command
use the command:
```
docker network create web
```
to create a network for the docker instances.
to create a network for the docker instances.
## Startup
@ -193,19 +196,27 @@ There are 2 different ways of starting either using Traefik or using Certbot. Ad
#### Using Traefik
Then start docker containers (with loadbalancer):
```
export NUMINSTANCES=1
docker-compose -f docker-compose.traefik.yml up -d --scale sharelatex=$NUMINSTANCES
```
#### Using Certbot
Enable line 65/66 and 69/70 in ldapoverleaf-sl/Dockerfile and ``make`` again.
```
docker-compose -f docker-compose.certbot.yml up -d
```
## Debug
1. Set the env variable `LOG_LEVEL` to debug (default is info - you can do this in the docker-compose file)
2. Look in the logs of sharelatex (e.g. `/var/log/sharelatex/web.log`)
## Upgrading
*Be aware:* if you upgrade from a previous installation check your docker image version
E.g.: Mongodb: You cannot upgrade directly from mongo 4.2 to 5.0. You must first upgrade from 4.2 to 4.4.