mirrors/overleaf-toolkit
1
0
Fork 0
mirror of https://github.com/overleaf/toolkit.git synced 2025-04-19 15:28:06 +02:00
Code Activity
overleaf-toolkit/doc/ldap.md
June Kelly a1b8e3b42a wip: Add new EXTERNAL_AUTH variable
2021-08-05 13:10:33 +01:00

2.4 KiB
Raw Permalink Blame History

LDAP

Available in Overleaf Server Pro is the ability to use a LDAP server to manage users. It is also possible to use with Active Directory systems.

LDAP is configured in the Toolkit via variables.env.

The EXTERNAL_AUTH variable must be set to ldap, to enable the LDAP module:

EXTERNAL_AUTH=ldap

(To preserve backward compatibility with older configuration files, if EXTERNAL_AUTH is not set, but SHARELATEX_LDAP_URL is set, then the LDAP module will be activated. We still recommend setting EXTERNAL_AUTH explicitely)

After bootstrapping Server Pro for the first time with LDAP authentication, an existing LDAP user must be given admin permissions visiting /launchpad page (or via CLI, but in this case ignoring password confirmation).

LDAP users will appear in Overleaf Admin Panel once they log in first time with their initial credentials.

The Developer wiki contains further documentation on the available Environment Variables and other configuration elements.

Example

At Overleaf, we test the LDAP integration against a test openldap server. The following is an example of a working configuration:

# added to variables.env

EXTERNAL_AUTH=ldap
SHARELATEX_LDAP_URL=ldap://ldap:389
SHARELATEX_LDAP_SEARCH_BASE=ou=people,dc=planetexpress,dc=com
SHARELATEX_LDAP_SEARCH_FILTER=(uid={{username}})
SHARELATEX_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com
SHARELATEX_LDAP_BIND_CREDENTIALS=GoodNewsEveryone
SHARELATEX_LDAP_EMAIL_ATT=mail
SHARELATEX_LDAP_NAME_ATT=cn
SHARELATEX_LDAP_LAST_NAME_ATT=sn
SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN=true

The openldap needs to run in the same network as the sharelatex container (which by default would be overleaf_default), so we'll proceed with the following steps:

  • Run docker network create overleaf_default (will possibly fail due to a network with name overleaf_default already exists error, that's ok).
  • Start openldap container with docker run --network=overleaf_default --name=ldap rroemhild/test-openldap:1.1
  • Edit variables.env to add the LDAP Environment Variables as listed above.
  • Restart Server Pro

You should be able to login using fry as both username and password.