e2b99f150f
* Add scripts to rebrand variables.env and overleaf.rc
* Update bin/upgrade to prompt for config file rebrand
* Update bin/up to check for correct variable prefix
Ensures SHARELATEX_ is in place for version <= 4.x, and
OVERLEAF_ for version >= 5.x
* Rebrand variables for bin/docker-compose
Updates docker-compose.base.yml and sibling containers
base file with the changes in the script
* Update bin/doctor to support OVERLEAF_ prefix
* Update documentation with the OVERLEAF_ prefix
* Rebrand variables.env and overleaf.rc in config-seed
* Prepare config/version and CHANGELOG for release (WIP)
* Fix script documentation
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Fix doctor logs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Remove unnecessary fallbacks to SHARELATEX_ vars
* SEt OVERLEAF_DATA_PATH to data/overleaf
* Remove duplicated environment entries
* Moved prefix brand checs from bin/up to bin/docker-compose
* Move set +o pipefail into subshell commands
* Use separate legacy compose files for required SHARELATEX_ vars
* Handle overleaf.rc rebranding before version upgrade
* Group output from rebranding process
* Move prompt for rebranding into helper function
* Refuse to start with mismatching ShareLaTeX vs Overleaf branded configs
* Print expected prefix when checking variables.env
* Print number of mismatching variables in overleaf.rc
* Check on variable rebranding from bin/doctor
* Cleanup bin/doctor lookup for ShareLaTeX branded overleaf.rc
* Update filesystem paths in bin/logs and docs
* Flag old TEXMFVAR entry in config/variables.env
REF: 1829e7ee2a
* Update config-seed version to 5.0.1 and changelog
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
2.5 KiB
LDAP
Available in Overleaf Server Pro is the ability to use a LDAP server to manage users. It is also possible to use with Active Directory systems.
LDAP is configured in the Toolkit via variables.env.
The EXTERNAL_AUTH variable must be set to ldap, to enable the LDAP module:
EXTERNAL_AUTH=ldap
(To preserve backward compatibility with older configuration files, if
EXTERNAL_AUTH is not set, but OVERLEAF_LDAP_URL is set (SHARELATEX_LDAP_URL for versions 4.x and older), then the LDAP
module will be activated. We still recommend setting EXTERNAL_AUTH explicitely)
After bootstrapping Server Pro for the first time with LDAP authentication, an existing LDAP user must be given admin permissions visiting /launchpad page (or via CLI, but in this case ignoring password confirmation).
LDAP users will appear in Overleaf Admin Panel once they log in first time with their initial credentials.
The Developer wiki contains further documentation on the available Environment Variables and other configuration elements.
Example
At Overleaf, we test the LDAP integration against a test openldap server. The following is an example of a working configuration:
# added to variables.env
# For versions of Overleaf CE/Server Pro `4.x` and older use the 'SHARELATEX_' prefix instead of 'OVERLEAF_'
EXTERNAL_AUTH=ldap
OVERLEAF_LDAP_URL=ldap://ldap:389
OVERLEAF_LDAP_SEARCH_BASE=ou=people,dc=planetexpress,dc=com
OVERLEAF_LDAP_SEARCH_FILTER=(uid={{username}})
OVERLEAF_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com
OVERLEAF_LDAP_BIND_CREDENTIALS=GoodNewsEveryone
OVERLEAF_LDAP_EMAIL_ATT=mail
OVERLEAF_LDAP_NAME_ATT=cn
OVERLEAF_LDAP_LAST_NAME_ATT=sn
OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN=true
The openldap needs to run in the same network as the sharelatex container (which by default would be overleaf_default), so we'll proceed with the following steps:
- Run
docker network create overleaf_default(will possibly fail due to anetwork with name overleaf_default already existserror, that's ok). - Start
openldapcontainer withdocker run --network=overleaf_default --name=ldap rroemhild/test-openldap:1.1 - Edit
variables.envto add the LDAP Environment Variables as listed above. - Restart Server Pro
You should be able to login using fry as both username and password.