Distinguish between ldap bind DN and ldap base dn - to match ldap functionality properly

2024-10-05 23:23:59 +02:00 · 2020-05-14 12:09:53 +02:00 · 2020-05-14 12:09:53 +02:00 · 8eed93e3d3
commit 8eed93e3d3
parent 3cfba2317a
4 changed files with 18 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -63,23 +63,25 @@ Edit [docker-compose.yml](docker-compose.yml) to fit your local setup.

 ```
 LDAP_SERVER: ldaps://LDAPSERVER:636
-LDAP_BIND_BASE: ou=people,dc=DOMAIN,dc=TLD
+LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
+LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
 # By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP
+# you have to set a group filter a minimal groupfilter would be: '(objectClass=person)'
 LDAP_GROUP_FILTER: '(memberof=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
 # if user is in ADMIN_GROUP on user creation (2 first login) it sets isAdmin to true.
 LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
 LDAP_CONTACTS: 'true'
 ```

-### Contacts 
+### LDAP Contacts 

-All users in the GROUPNAME are loaded from the ldap server into the contacts. At the moment 
-this happens every time you click on "Share" within a project.
+If you enable this, then all users in GROUPNAME are loaded from the ldap server into the contacts. 
+At the moment this happens every time you click on "Share" within a project.
 The user search happens without bind - so if your LDAP needs a bind you can adapt this in the 
 function `getLdapContacts()` in ContactsController.js (lines 82 - 107) 
-if you want to disable this function set:
+if you want to enable this function set:
 ```
-LDAP_CONTACTS: 'false'
+LDAP_CONTACTS: 'true'
 ```

 ### Sharelatex Configuration
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -44,12 +44,13 @@ services:
            SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues." 

            LDAP_SERVER: ldaps://LDAPSERVER:636
-            LDAP_BIND_BASE: ou=people,dc=DOMAIN,dc=TLD
+            LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
+            LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
            # By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP
            LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
            # if user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
            LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
-            LDAP_CONTACTS: 'true'
+            LDAP_CONTACTS: 'false'

            # Same property, unfortunately with different names in
            # different locations
--- a/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
+++ b/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
@ -269,10 +269,11 @@ const AuthenticationManager = {
        });
        //const bindDn = process.env.LDAP_BIND_USER
        //const bindPassword = process.env.LDAP_BIND_PW
-        const ldap_bb = process.env.LDAP_BIND_BASE
+        const ldap_bd = process.env.LDAP_BINDDN
+        const ldap_base = process.env.LDAP_BASE
        const uid = query.email.split('@')[0]
        const filterstr = '(&' + process.env.LDAP_GROUP_FILTER + '(uid=' + uid + '))'
-        const userDn = 'uid=' + uid + ',' + ldap_bb;
+        const userDn = 'uid=' + uid + ',' + ldap_bd;
        var mail = ""
        var firstname = ""
        var lastname = ""
@ -287,7 +288,7 @@ const AuthenticationManager = {
        }
 	// get user data
        try {
-          const {searchEntries, searchRef,} = await client.search(ldap_bb, {
+          const {searchEntries, searchRef,} = await client.search(ldap_base, {
 		  scope: 'sub',
 		  filter: filterstr ,
 	  });
@ -309,7 +310,7 @@ const AuthenticationManager = {
          // if admin filter is set - only set admin for user in ldap group
 	  if (process.env.LDAP_ADMIN_GROUP_FILTER) { 
            const adminfilter = '(&' + process.env.LDAP_ADMIN_GROUP_FILTER + '(uid=' + uid + '))' 
-            adminEntry = await client.search(ldap_bb, {
+            adminEntry = await client.search(ldap_base, {
 		    scope: 'sub',
 		    filter: adminfilter,
 	    });
--- a/ldap-overleaf-sl/sharelatex/ContactController.js
+++ b/ldap-overleaf-sl/sharelatex/ContactController.js
@ -86,10 +86,10 @@ module.exports = ContactsController = {
    const client = new Client({
    url: process.env.LDAP_SERVER,
    });
-    const ldap_bb = process.env.LDAP_BIND_BASE
+    const ldap_base = process.env.LDAP_BASE
    // get user data
    try {
-      const {searchEntries,searchReferences,} = await client.search(ldap_bb, {scope: 'sub',filter: process.env.LDAP_GROUP_FILTER ,});
+      const {searchEntries,searchReferences,} = await client.search(ldap_base, {scope: 'sub',filter: process.env.LDAP_GROUP_FILTER ,});
      await searchEntries;
      for (var i = 0; i < searchEntries.length; i++) {
       var entry = new Map()