smhaller / ldap-overleaf-sl Goto Github PK

Hi,

I tried to follow your instructions but I receive the following error

[...]
Step 7/31 : RUN npm install ldapts-search
 ---> Running in 5ceb10366306
npm ERR! Tracker "idealTree" already exists

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-02-20T17_09_37_696Z-debug.log
The command '/bin/sh -c npm install ldapts-search' returned a non-zero code: 1

There is a possibility to use a local git repository and as remote: sharelatex.

Getting it to run:

git clone https://gitlab.inria.fr/sed-rennes/sharelatex/python-sharelatex
cd  python-sharelatex
tar xzf git-sharelatex.patch.tar.gz
git apply  git-sharelatex.patch
pip3 install .

The patch: git-sharelatex.patch.tar.gz fixes follwoing things:

• correct handling for CSRF Token regex for current Sharelatex Versions - not only one Sharelatex Version.
• added some try / except block for the keyring (if you want to use git-sharelatex on a remote terminal machine)

The patch is submitted to inria via mail

In general this works fine with Sharelatex < 2.6.1 and a single Sharelatex instance. (For usage see the readme in https://gitlab.inria.fr/sed-rennes/sharelatex/python-sharelatex)

Issue with Sharelatex 2.6.1:

• CSRF token does not work when doing a git-sharelatex push. This worked with Sharelatex 2.1.1. - 2.5.2. Weirdly the token works when doing clone. I did not find the responsible code differences from 2.5.2 and 2.6.1 - so no solution yet. (This is submitted to inria via mail)

Issue with Traefik:

• If you start Sharelatex with multiple instances (>1) the CSRF Token / HTTP Headers are not handled correctly - maybe someone with more experience with Traefik can suggest a solution.

Hey, first of all, I appreciate your efforts to build a LDAP solution for sharelatex. I was happy to see this improved version makes it possible to set a different base DN, in worksasintended's version this part is hard coded.

I would like to use this with my own reverse proxy running. So only port 80 and no traefik / certbot. Is this possible without any major changes, and if yes, could you point me towards the right changes in the docker-compose.yml?

Thanks, Simon

Let me say: You guys rock. Getting LDAP authentication in the community edition of Overleaf is implementing THE key feature of the pro version. Since you seem to have dug really deep into Overleaf, I have a question that you might be able to answer:
At our institution, we are aiming to take as much (security related) overhead from the web devs as possible. To this end, we have a Keycloak running (which has an LDAP/Kerberos connection) and for every web app, we deploy an authentication proxy in front of the actual app (additionally to Traefik that we use to handle SSL stuff). This auth proxy does the dance with Keycloak and then sets certain http header fields which the web app can then use to know who's logged in. This way, none of our devs has to implement authentication in their web app. Instead, we configure the auth proxy so that only certain groups, ... whatever have access to the individual app.
Actually all of our off-the-shelf-web-appliances have an option for "other authentication method" or "http header authentication" or whatever. I had contacted the Overleaf support to see if this would be possible but got no reply. Didn't find and option for it in the docs either.
With your knowledge of the code, could you estimate how much work it would be to log people in via http request header fields?
Thanks in advance!

The following command:
bash scripts/extract_files.sh 4.1.1
causes an error when trying to start the containers.
It should be
bash scripts/extract_files.sh 4.2.0

This is probably on your ToDo-List already, but an update to support Sharelatex 3.5 would be great! :)

We were not able to successfully configure the connection to our OpenLDAP 2.6.2 server. The OpenLDAP server only accepts TLS connections and we use Let's Encrypt certificate. Overleaf was installed using docker and we use portainer to manage our containers.

The following error message shows up in openldap's log when we try to login into Overleaf:

slapd[2667385]: conn=1000 fd=15 closed (TLS negotiation failure)

If I add the variable "NODE_TLS_REJECT_UNAUTHORIZED: 0" to Overleaf's stack then the first connection succeed according to the openldap's log:

fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 fd=24 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384
fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 op=0 BIND dn="cn=Lamarque V. Souza,ou=people,dc=petrosoftdesign,dc=com" method=128
fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 op=0 BIND dn="cn=Lamarque V. Souza,ou=people,dc=petrosoftdesign,dc=com" mech=SIMPLE bind_ssf=0 ssf=256
fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000047 text=
fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 op=1 UNBIND
fev 28 10:43:07 lynx.petrosoftdesign.com slapd[2667385]: conn=1039 fd=24 closed

but I still cannot log in.

PS: ALLOW_EMAIL_LOGIN is set to 'true' in Overleaf's stack.

• The "delete your account" link does nothing but link back to the user settings page.
• Trying to "request password reset" fails, showing "Something went wrong. Please try again."

Hi,

Do you see a chance to test with/support the latest OSS Sharelatex version (2.6.1 at the moment I believe) and, in general, future latest versions? There is unfortunately no changelog for the things they implement as far as I know. And the open source version is generally put in second place behind the commercial version. But it would still be nice to be current with the small improvements in Sharelatex that they are willing to share with the community.

Hi,

I've successfully installed your overleaf-LDAP version but ran into a problem with inviting external (non-LDAP) users.

Opening the personal link works but once I enter a random password (I guess this is what I should be doing and that internally this sets the password initially given that as an external users I don't have a password yet at this point) I see the below error message.

Any ideas - should this work?

I can see the external user in the database btw and the user also has a hashed password associated with him - so this part seems to work. But how does the external user learn about their password?

Hi,
First, thanks for the perfect adoption on overleaf.

Besides the admin panel, everything is working ...
... I have no content, when I open the panel... It doesn't matter if I do this with an local or LDAP admin.

Have I done something wrong, or is this a bug?
What would you need from me in order to be able to support?

I am using the latest version on this GitHub repository.

I'm use "sAMAccountName" as uid，but it didn't work。
You are also using windows active directory?
thank you in advance.

I need to migrate my ldap connection to ldaps. Unfortunately the Active Directory's certificate is signed by our internal CA so it's generally not trusted by any libraries. I tried to install the cert in the system cert store but it seams the according library uses it's on trust store and ignores the system's. I've been looking at the code of this repo for almost an hour now but have not come very far. I understand that there is a Client object which comes from the ldapts library which probably does all the TLS-dance and verfies the certificate and everything. And then I got stuck...
Is there a possibility to manually pass in a trusted ca-cert when connecting? If so, it would be awesome if one could pass a cert in as an environment variable...
Or is there an even simpler solution? I'm glad to see the default config also uses TLS so it's really just a detail which is in my way...
Thanks in advance!

Hi !

I was wondering if it was possible to provide an example for a configuration with keycloak and traefik ?

Thank you !

We are using OAuth with our Overleaf server, which causes the "regular" login to stop working. It should be possible to tell Overleaf to get from the login page directly to the OAuth provider.

ShareLatex 4.0.0 has been released since 2023-05-30 and brings serveral features. Are there any updates planed?

I'd like to raise a PR if you can point out what needs to be changed.

Release Brief

• A new Source editor in addition to the Legacy editor will be available to users.
• Deleted projects and users can be automatically cleaned up after 90 days.
• TeXLive 2023 is now the default version for instances not running Sandboxed Compiles.
• The limit on a project’s editable content size (the sum of sizes of all editable files) has been increased from 5MB to 7MB.
• General performance and stability improvements to the application, along with many small improvements and bug fixes.

I am currently trying to use your ldap version of overleaf at our small research group. We are using the LDAP server from Synology and there is some weird behavior when logging in.

I made an ldap group called overleaf and only members of that group should be able to login. When I try to login, the logs of /var/log/sharelatex/web.log show an array with multiple users found. But according to the code here, the first element of the array is taken as the result, even tho, the actual match is found somewhere else. This results in a positive login, but the email and name is not set correctly. Is this some weird behavior of the Synology server or am I missing some setting?

I also logged the filterstr and the result was (memberof=cn=overleaf,cn=groups,dc=example,dc=com), which gives no indication of the user to be searched for.

Hi, very interesting project ... but it doesn't work, when I try to start the docker-composer I have this error:

`ERROR: pull access denied for ldap-overleaf-sl, repository does not exist or may require 'docker login'

Include an option to instead use an OAuth2 identitiy provider--i.e. gitlab or github--for registration / login.

Hello,
thanks first for the great extension.
I tried to install the overlaf with LDAP and after filling in my environments

# do not use quotes (")
MYDOMAIN=overleaf.local
MYMAIL=*********@*******.com
MYDATA=/home/overleaf/Dokumente/ldap-overleaf-sl
LOGIN_TEXT=username
COLLAB_TEXT=Direct share with collaborators is enabled only for activated users!
ADMIN_IS_SYSADMIN=false

All Services are up and running but the sharelatex server throws wthis error in the logs

Aug 24 11:21:30 682e2312bd14 syslog-ng[60]: syslog-ng shutting down; version='3.25.1'
*** Running /etc/my_init.d/00_make_sharelatex_data_dirs.sh...
*** Running /etc/my_init.d/00_regen_sharelatex_secrets.sh...
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/00_restore_site_status...
*** Running /etc/my_init.d/00_set_docker_host_ipaddress.sh...
*** Running /etc/my_init.d/01_nginx_config_template.sh...
Nginx: generating config file from template
Nginx: reloading config
 * Reloading nginx configuration nginx
   ...done.
*** Running /etc/my_init.d/10_delete_old_logs.sh...
*** Running /etc/my_init.d/10_syslog-ng.init...
Aug 24 11:21:31 682e2312bd14 syslog-ng[60]: syslog-ng starting up; version='3.25.1'
*** Running /etc/my_init.d/98_check_db_access.sh...
Checking can connect to mongo and redis
Using default settings from /overleaf/services/web/config/settings.defaults.js
Using settings from /etc/sharelatex/settings.js
Set UV_THREADPOOL_SIZE=16
Cannot connect to mongodb
MongooseServerSelectionError: Server selection timed out after 60000 ms
    at NativeConnection.Connection.openUri (/overleaf/services/web/node_modules/mongoose/lib/connection.js:825:32)
    at /overleaf/services/web/node_modules/mongoose/lib/index.js:411:10
    at /overleaf/services/web/node_modules/mongoose/lib/helpers/promiseOrCallback.js:41:5
    at new Promise (<anonymous>)
    at promiseOrCallback (/overleaf/services/web/node_modules/mongoose/lib/helpers/promiseOrCallback.js:40:10)
    at Mongoose._promiseOrCallback (/overleaf/services/web/node_modules/mongoose/lib/index.js:1285:10)
    at Mongoose.connect (/overleaf/services/web/node_modules/mongoose/lib/index.js:410:20)
    at Object.<anonymous> (/overleaf/services/web/app/src/infrastructure/Mongoose.js:19:36)
    at Module._compile (node:internal/modules/cjs/loader:1198:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10) {
  reason: TopologyDescription {
    type: 'Unknown',
    servers: Map(1) { 'mongo:27017' => [ServerDescription] },
    stale: false,
    compatible: true,
    heartbeatFrequencyMS: 10000,
    localThresholdMS: 15,
    setName: null,
    maxElectionId: null,
    maxSetVersion: null,
    commonWireVersion: 0,
    logicalSessionTimeoutMinutes: null
  },
  code: undefined
}
*** /etc/my_init.d/98_check_db_access.sh failed with status 1

*** Killing all processes...
Aug 24 11:22:32 682e2312bd14 syslog-ng[60]: syslog-ng shutting down; version='3.25.1'

Can someone help me to fix this issue.

thank you for your good work! It would be interesting to have your images on dockerhub for easier use. that being said, there might be a thing or two required to work with reproducible builds. In any case it would be good to have!

Hi guys,

i just tried to implement a simple docker-compose with a generic test-ldap. It starts but not more. I cant login. I've tried a lot but nothing seems to work. The problem is always the same

For my test-ldap I use this: https://github.com/rroemhild/docker-test-openldap
The other containers a stright forward I guess (see my docker-compose below).

This is the Problem I face everytime I tried to login with a account

Session error. Please check you have cookies enabled. If the problem persists, try clearing your cache and cookies.

I follow the instruction with clearing enbaling and so on but it doesn't help.
I also set this ENV to true and false. Nothing helps. I googled a lot nothing helps. What is wrong? Anybody had the same problem?

SHARELATEX_SECURE_COOKIE=true

I always get a 403 on /login when i look at the chrome dev-tools.

What I assume?
I assume after starting a complete new docker-compose with the ldap and the overleaf-ldap to login with the [email protected] and the password professor. But this doesn't work for any reason.

Thank you very much for any help :)

P.S.
This is my docker-compose:

version: "3.9"

volumes:
  dev_overleaf_mongo_data: {}
  dev_overleaf_redis_data: {}
  dev_overleaf_data: {}


networks:
  dev_overleaf:
    driver: bridge
    name: dev_overleaf

services:

  mongo:
    image: mongo:5.0.5
    container_name: mongo
    networks:
      - dev_overleaf
    volumes:
      - dev_overleaf_mongo_data:/data/db

  redis:
    image: redis:6.2.6
    container_name: redis
    sysctls:
      - net.core.somaxconn=65535
    volumes:
      - dev_overleaf_redis_data:/data
    networks:
      - dev_overleaf

  mailhog:
    container_name: mailhog
    image: mailhog/mailhog:v1.0.1
    networks:
      - dev_overleaf
    ports:
      - 1025:1025 
      - 8025:8025 

  ldap-container:
    image: rroemhild/test-openldap
    container_name: ldap-container
    networks:
      - dev_overleaf
    ports:
      - 10389:10389

  overleaf:
    container_name: overleaf
    image: ldap-overleaf-sl:latest
    ports:
      - 80:80
    networks:
      - dev_overleaf
    volumes:
      - dev_overleaf_data:/var/lib/sharelatex
    environment:
      - SHARELATEX_APP_NAME=Overleaf
      - SHARELATEX_REDIS_HOST=redis
      - SHARELATEX_REDIS_PORT=6379
      - SHARELATEX_MONGO_HOST=mongo
      - SHARELATEX_MONGO_PORT=27017
      - SHARELATEX_MONGO_URL=mongodb://mongo/sharelatex
      - SHARELATEX_SITE_URL=http://localhost
      - SHARELATEX_NAV_TITLE=A-Title
      - [email protected]
      - [email protected]
      - SHARELATEX_EMAIL_SMTP_HOST=mailhog 
      - SHARELATEX_EMAIL_SMTP_PORT=1025
      - SHARELATEX_EMAIL_SMTP_SECURE=false
      - SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH=false
      - SHARELATEX_EMAIL_SMTP_IGNORE_TLS=true 
      - SHARELATEX_ALLOW_PUBLIC_ACCESS=true 
      - SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING=true
      - SHARELATEX_SECURE_COOKIE=true
      - SHARELATEX_BEHIND_PROXY=false
      - LDAP_SERVER=ldap://ldap-container:10389
      - LDAP_BASE=dc=planetexpress,dc=com

      ### There are to ways get users from the ldap server 

      ## NO LDAP BIND USER:
      # Tries to bind with login-user (as uid) to LDAP_BINDDN
      - LDAP_BINDDN=uid=%u,ou=people,dc=planetexpress,dc=com

      ## Using a LDAP_BIND_USER/PW
      # LDAP_BIND_USER:
      # LDAP_BIND_PW:

      # Only allow users matching LDAP_USER_FILTER
      #LDAP_USER_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'

      # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
      # Admin Users can invite external (non ldap) users. This feature makes only sense
      # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
      # system wide messages.
      #LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
      - ALLOW_EMAIL_LOGIN=false

      # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
      #LDAP_CONTACT_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
      - LDAP_CONTACTS=false

      # Same property, unfortunately with different names in
      # different locations
      - ENABLED_LINKED_FILE_TYPES=url,project_file
      - ENABLE_CONVERSIONS=true 

I tried to do LDAP authentication but could not resolve the following error.
Other services are working with the same credentials (e.g. QNAP NAS)

docker exec ldap-overleaf-sl cat /var/log/sharelatex/web.log
Set UV_THREADPOOL_SIZE=16
ENABLE_TRACE_AGENT set to undefined
ENABLE_DEBUG_AGENT set to undefined
ENABLE_PROFILE_AGENT set to undefined
Using default settings from /overleaf/services/web/config/settings.defaults.js
Using settings from /etc/sharelatex/settings.js
(node:172) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)
An Error occured while getting user data during ldapsearch: Error: The target object cannot be found. Code: 0x20

docker-compose.yaml is this. (* is changed for secret)

cat docker-compose.yml
version: "2.2"
services:
  sharelatex:
    restart: always
    image: ldap-overleaf-sl
    container_name: ldap-overleaf-sl
    depends_on:
      mongo:
        condition: service_healthy
      redis:
        condition: service_healthy
    privileged: false
    ports:
      - 80:80
    links:
      - mongo
      - redis
    volumes:
      - ${MYDATA}/sharelatex:/var/lib/sharelatex
      - ${MYDATA}/letsencrypt:/etc/letsencrypt
      - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain
    environment:
      SHARELATEX_APP_NAME: Overleaf
      SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
      SHARELATEX_SITE_URL: https://${MYDOMAIN}
      SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}
      #SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg
      SHARELATEX_ADMIN_EMAIL: ${MYMAIL}
      SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'
      SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'
      SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
      # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
      # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
      SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
      SHARELATEX_EMAIL_SMTP_PORT: 587
      SHARELATEX_EMAIL_SMTP_SECURE: "false"
      # SHARELATEX_EMAIL_SMTP_USER:
      # SHARELATEX_EMAIL_SMTP_PASS:
      # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
      # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
      SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."

      # make public links accessible w/o login (link sharing issue)
      # https://github.com/overleaf/docker-image/issues/66
      # https://github.com/overleaf/overleaf/issues/628
      # https://github.com/overleaf/web/issues/367
      # Fixed in 2.0.2 (Release date: 2019-11-26)
      SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"
      SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"

      # Uncomment the following line to enable secure cookies if you are using SSL
      # SHARELATEX_SECURE_COOKIE: "true"
      # SHARELATEX_BEHIND_PROXY: "true"

      LDAP_SERVER: ldaps://**.jp:636
      LDAP_BASE: dc=*,dc=*,dc=*,dc=*,dc=*

      ### There are to ways get users from the ldap server

      ## NO LDAP BIND USER:
      # Tries directly to bind with the login user (as uid)
      LDAP_BINDDN: uid=%u,ou=people,dc=*,dc=*,dc=*,dc=*,dc=*

      ## Or you can use ai global LDAP_BIND_USER
      LDAP_BIND_USER: cn=readopnly,dc=*,dc=*,dc=*,dc=*,dc=*
      LDAP_BIND_PW: *

      # Only allow users matching LDAP_USER_FILTER
      LDAP_USER_FILTER: "(memberof=cn=*,ou=*,dc=*,dc=*,dc=*,dc=*,dc=*)"

      # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
      # Admin Users can invite external (non ldap) users. This feature makes only sense
      # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
      # system wide messages.
      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=root,ou=*,dc=*,dc=*,dc=*,dc=*,dc=*)"
      ALLOW_EMAIL_LOGIN: "true"

      # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
      LDAP_CONTACT_FILTER: "(objectClass=person)"
      LDAP_CONTACTS: "false"

      ## OAuth2 Settings
      # OAUTH2_ENABLED: "true"
      # OAUTH2_PROVIDER: YOUR_OAUTH2_PROVIDER
      # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
      # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
      # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
      # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL
      # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL
      # OAUTH2_TOKEN_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json']
      # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL
      # OAUTH2_USER_ATTR_EMAIL: email
      # OAUTH2_USER_ATTR_UID: id
      # OAUTH2_USER_ATTR_FIRSTNAME: name
      # OAUTH2_USER_ATTR_LASTNAME:
      # OAUTH2_USER_ATTR_IS_ADMIN: site_admin

      # Same property, unfortunately with different names in
      # different locations
      SHARELATEX_REDIS_HOST: redis
      REDIS_HOST: redis
      REDIS_PORT: 6379

      ENABLED_LINKED_FILE_TYPES: "url,project_file"

      # Enables Thumbnail generation using ImageMagick
      ENABLE_CONVERSIONS: "true"

  mongo:
    restart: always
    image: mongo:4.4
    container_name: mongo
    expose:
      - 27017
    volumes:
      - ${MYDATA}/mongo_data:/data/db
    healthcheck:
      test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
      interval: 10s
      timeout: 10s
      retries: 5
    command: "--replSet overleaf"

  # See also: https://github.com/overleaf/overleaf/issues/1120
  mongoinit:
    image: mongo:4.4
    # this container will exit after executing the command
    restart: "no"
    depends_on:
      mongo:
        condition: service_healthy
    entrypoint:
      [
        "mongo",
        "--host",
        "mongo:27017",
        "--eval",
        'rs.initiate({ _id: "overleaf", members: [ { _id: 0, host: "mongo:27017" } ] })',
      ]

  redis:
    restart: always
    image: redis:6.2
    container_name: redis
    expose:
      - 6379
    volumes:
      - ${MYDATA}/redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

Thank you very much for this add-on.

However I still had to add packages with tlmgr after building the docker images using make build.
I don't really know why, as this should have a texlive full install already (as specified in the Dockerfile of this repo through apt install texlive-full), but it kept saying "biblatex missing", xcolor.sty not found and others.

So I ended up with another Dockerfile doing:

FROM ldap-overleaf-sl:latest
RUN tlmgr update --self
RUN tlmgr install scheme-full

which still installs 4526 packages.
Before that, the docker image already had a size of 6.6GB

I already looked here:
https://github.com/overleaf/overleaf/wiki/Quick-Start-Guide#latex-environment

I also found out that this is currently using texlive 2019 - is there a way to install a more recent texlive?

It would be great to have the possibility to restrict logins to a specific group listed in the /userinfo endpoint on OpenID/Oauth.

Since docker was design as a layering system, every RUN command will generating commits and always exists where, even if some files are marked for deletion at the next layer. It is therefore recommanded to merge RUN commands like:

RUN echo "Hello, " && \
    echo "World!"

When selecting "Account" -> "Account Settings", I get a "Something went wrong, sorry".

From the logs:

Cannot find module '../../../../modules/oauth2-server/app/src/OAuthPersonalAccessTokenManager'
Require stack:
- /overleaf/services/web/app/src/Features/User/UserPagesController.js
- /overleaf/services/web/app/src/router.js
- /overleaf/services/web/app/src/infrastructure/Server.js
- /overleaf/services/web/app.js

ENOENT: no such file or directory, open '/overleaf/services/web/app/views/user/settings/user-affiliations.pug'
    at /overleaf/services/web/app/views/user/settings.pug line 17

I've tried many many times. But always get the following, when I want to login.
Session error. Please check you have cookies enabled. If the problem persists, try clearing your cache and cookies.

I created diffs that can be applied to version 5:
https://github.com/davrot/ldap-overleaf-sl

However, I couldn't / will not test them because I am too stupid to get an Authentik server running and was not even able to run a test OAuth2 in Python against it. Thus I will give up on the Authentik server idea and will modify the overleaf password part to be connected directly to a real LDAP server.

Long story short, maybe the diffs and scripts, I did last night, are helpful for somebody...

when building with sharelatex 2.6.1 I am getting

Session error. Please check you have cookies enabled. If the problem persists, try clearing your cache and cookies.

on attempted logon.

The nginx log shows:

2021/11/11 23:48:01 [error] 170#170: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.44.50, server: _, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "docker-1:8081"

the web.log from sharelatex contains

invalid csrf token

I have to say though I ripped out traefik and directly exposed port 80 from the sharelatex container so it might be related to that. It goes without saying that I did attempt different browsers (ff and chromium) and that I purged caches.

sharelatex 3.0.1 will not show me the login screen but "bad gateway" instead.

extract.sh doesn't grab navbar-marketing.pug, which has a diff and is required by the Dockerfile

Current file modification strategies primarily include two approaches:

• Complete File Replacement: This method have to involves importing the entire original file. For instance, in #33, adding just six lines of code required importing over 2000 lines from the router.js file. The drawbacks are significant; it not only necessitates the import of the entire file but also requires manual updates whenever the upstream file changes.
• sed Command for Single-Line Edits: While useful for single-line modifications, this approach falls short when dealing with multi-line changes.

This issue introduces a marker-based replacement method, essentially an enhanced version of the sed command. Its key advantages are:

• No Need to Import the Entire Original File: This method eliminates the need to import large files for minor edits.
• Easier Synchronization with Upstream Changes: It simplifies updating in response to changes in the original file.
• Multi-Line Applicability: Unlike sed, it is well-suited for modifications spanning multiple lines.
• Clearer Patch Files: The patch files are more concise and understandable.

If you are interested in this solution, I am ready to submit a PR for its implementation..