AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2024-10-05 23:23:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Distinguish between ldap bind DN and ldap base dn - to match ldap functionality properly

Browse Source
This commit is contained in:
Simon M. Haller-Seeber 2020-05-14 12:09:53 +02:00
parent 3cfba2317a
commit 8eed93e3d3
4 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -63,23 +63,25 @@ Edit [docker-compose.yml](docker-compose.yml) to fit your local setup.
``` ```
LDAP_SERVER: ldaps://LDAPSERVER:636 LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BIND_BASE: ou=people,dc=DOMAIN,dc=TLD LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP # By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP
# you have to set a group filter a minimal groupfilter would be: '(objectClass=person)'
LDAP_GROUP_FILTER: '(memberof=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_GROUP_FILTER: '(memberof=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
# if user is in ADMIN_GROUP on user creation (2 first login) it sets isAdmin to true. # if user is in ADMIN_GROUP on user creation (2 first login) it sets isAdmin to true.
LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'true' LDAP_CONTACTS: 'true'
``` ```
### Contacts ### LDAP Contacts
All users in the GROUPNAME are loaded from the ldap server into the contacts. At the moment If you enable this, then all users in GROUPNAME are loaded from the ldap server into the contacts.
this happens every time you click on "Share" within a project. At the moment this happens every time you click on "Share" within a project.
The user search happens without bind - so if your LDAP needs a bind you can adapt this in the The user search happens without bind - so if your LDAP needs a bind you can adapt this in the
function `getLdapContacts()` in ContactsController.js (lines 82 - 107) function `getLdapContacts()` in ContactsController.js (lines 82 - 107)
if you want to disable this function set: if you want to enable this function set:
``` ```
LDAP_CONTACTS: 'false' LDAP_CONTACTS: 'true'
``` ```
### Sharelatex Configuration ### Sharelatex Configuration

5
docker-compose.yml
View File

@ -44,12 +44,13 @@ services:
SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues." SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
LDAP_SERVER: ldaps://LDAPSERVER:636 LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BIND_BASE: ou=people,dc=DOMAIN,dc=TLD LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP # By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
# if user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true. # if user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)' LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'true' LDAP_CONTACTS: 'false'
# Same property, unfortunately with different names in # Same property, unfortunately with different names in
# different locations # different locations

9
ldap-overleaf-sl/sharelatex/AuthenticationManager.js
View File

@ -269,10 +269,11 @@ const AuthenticationManager = {
}); });
//const bindDn = process.env.LDAP_BIND_USER //const bindDn = process.env.LDAP_BIND_USER
//const bindPassword = process.env.LDAP_BIND_PW //const bindPassword = process.env.LDAP_BIND_PW
const ldap_bb = process.env.LDAP_BIND_BASE const ldap_bd = process.env.LDAP_BINDDN
const ldap_base = process.env.LDAP_BASE
const uid = query.email.split('@')[0] const uid = query.email.split('@')[0]
const filterstr = '(&' + process.env.LDAP_GROUP_FILTER + '(uid=' + uid + '))' const filterstr = '(&' + process.env.LDAP_GROUP_FILTER + '(uid=' + uid + '))'
const userDn = 'uid=' + uid + ',' + ldap_bb; const userDn = 'uid=' + uid + ',' + ldap_bd;
var mail = "" var mail = ""
var firstname = "" var firstname = ""
var lastname = "" var lastname = ""
@ -287,7 +288,7 @@ const AuthenticationManager = {
} }
// get user data // get user data
try { try {
const {searchEntries, searchRef,} = await client.search(ldap_bb, { const {searchEntries, searchRef,} = await client.search(ldap_base, {
scope: 'sub', scope: 'sub',
filter: filterstr , filter: filterstr ,
}); });
@ -309,7 +310,7 @@ const AuthenticationManager = {
// if admin filter is set - only set admin for user in ldap group // if admin filter is set - only set admin for user in ldap group
if (process.env.LDAP_ADMIN_GROUP_FILTER) { if (process.env.LDAP_ADMIN_GROUP_FILTER) {
const adminfilter = '(&' + process.env.LDAP_ADMIN_GROUP_FILTER + '(uid=' + uid + '))' const adminfilter = '(&' + process.env.LDAP_ADMIN_GROUP_FILTER + '(uid=' + uid + '))'
adminEntry = await client.search(ldap_bb, { adminEntry = await client.search(ldap_base, {
scope: 'sub', scope: 'sub',
filter: adminfilter, filter: adminfilter,
}); });

4
ldap-overleaf-sl/sharelatex/ContactController.js
View File

@ -86,10 +86,10 @@ module.exports = ContactsController = {
const client = new Client({ const client = new Client({
url: process.env.LDAP_SERVER, url: process.env.LDAP_SERVER,
}); });
const ldap_bb = process.env.LDAP_BIND_BASE const ldap_base = process.env.LDAP_BASE
// get user data // get user data
try { try {
const {searchEntries,searchReferences,} = await client.search(ldap_bb, {scope: 'sub',filter: process.env.LDAP_GROUP_FILTER ,}); const {searchEntries,searchReferences,} = await client.search(ldap_base, {scope: 'sub',filter: process.env.LDAP_GROUP_FILTER ,});
await searchEntries; await searchEntries;
for (var i = 0; i < searchEntries.length; i++) { for (var i = 0; i < searchEntries.length; i++) {
var entry = new Map() var entry = new Map()