AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2024-10-05 23:23:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

adapt readme

Browse Source
This commit is contained in:
Simon M. Haller-Seeber 2020-05-15 13:51:58 +02:00
parent f7606ab383
commit dbb8f6f85b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -14,20 +14,20 @@ This implementation uses *no* ldap bind user - it tries to bind to the ldap (usi
the uid and credentials of the user which tries to login. the uid and credentials of the user which tries to login.
Only valid LDAP users or Email-Users registerd by an admin can login. Only valid LDAP users or email users registered by an admin can login.
This module authenticates against the local DB if `ALLOW_EMAIL_LOGIN` is set to `true` if this fails This module authenticates against the local DB if `ALLOW_EMAIL_LOGIN` is set to `true` if this fails
it tries to authenticate against the specified LDAP server. it tries to authenticate against the specified LDAP server.
*Therefore:* *Therefore:*
- LDAP Users can not change their password for the ldap username login. They have to change it at the ldap server. - LDAP Users can not change their password for the ldap username login. They have to change it at the ldap server.
- LDAP Users can reset their local db password. Then they can decide if they login with either their LDAP-user and password or with their Email and local db password. - LDAP Users can reset their local db password. Then they can decide if they login with either their ldap user and password or with their email and local db password.
- Users can not change their email. The email adress is taken from the ldap server (mail) field. (or by invitation through an admin). - Users can not change their email. The email address is taken from the ldap server (mail) field. (or by invitation through an admin).
This ldap mail field has to contain a valid mail adress. Firstname and lastname are taken from the fields "givenName" and "sn". This ldap mail field has to contain a valid mail address. Firstname and lastname are taken from the fields "givenName" and "sn".
If you want to use different fields change the code in AuthenticationManager.js lines 297-299. If you want to use different fields change the code in AuthenticationManager.js lines 297-299.
- Admins can invite non ldap users directly (via email). Additionally (``link sharing`` of projects is possible). - Admins can invite non ldap users directly (via email). Additionally (``link sharing`` of projects is possible).
*Important:* *Important:*
Sharelatex/Overleaf uses the email adress to identify users: If you change the field in the LDAP you have to update the corresponding field Sharelatex/Overleaf uses the email address to identify users: If you change the field in the LDAP you have to update the corresponding field
in the mongo db. in the mongo db.
``` ```
@ -59,7 +59,7 @@ MYDATA=/data
*MYDOMAIN* is the FQDN for sharelatex and certbot (letsencrypt) *MYDOMAIN* is the FQDN for sharelatex and certbot (letsencrypt)
*MYMAIL* is the admin mailadress *MYMAIL* is the admin mailaddress
### LDAP Configuration ### LDAP Configuration
@ -127,7 +127,7 @@ docker-compose up -d
*Known Issue:* *Known Issue:*
During the first startup the certbot image will get an initial certificate - if that During the first startup the certbot image will get an initial certificate - if that
happens not in a very timley matter sharelatex will fail to start: Due to the missing certificates happens not in a very timely matter sharelatex will fail to start: Due to the missing certificates
nginx crashes. Solution: wait 10 seconds and restart the sharelatex container. nginx crashes. Solution: wait 10 seconds and restart the sharelatex container.
``` ```