mildstone deploy

docker-compose.yml

@@ -2,7 +2,7 @@ version: "2.2"
 services:
   sharelatex:
     restart: always
-    image: ldap-overleaf-sl
+    image: ldap-overleaf-sl:240728
     container_name: ldap-overleaf-sl
     depends_on:
       mongo:
@@ -31,8 +31,8 @@ services:
       SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
       # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
       # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
-      SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
-      SHARELATEX_EMAIL_SMTP_PORT: 587
+      SHARELATEX_EMAIL_SMTP_HOST: 192.168.1.99
+      SHARELATEX_EMAIL_SMTP_PORT: 25
       SHARELATEX_EMAIL_SMTP_SECURE: "false"
       # SHARELATEX_EMAIL_SMTP_USER:
       # SHARELATEX_EMAIL_SMTP_PASS:
@@ -40,6 +40,8 @@ services:
       # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
       SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
 
+      #LOG_LEVEL: "debug"
+
       # make public links accessible w/o login (link sharing issue)
       # https://github.com/overleaf/docker-image/issues/66
       # https://github.com/overleaf/overleaf/issues/628
@@ -52,32 +54,34 @@ services:
       # SHARELATEX_SECURE_COOKIE: "true"
       # SHARELATEX_BEHIND_PROXY: "true"
 
-      LDAP_SERVER: ldaps://LDAPSERVER:636
-      LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
+      LDAP_SERVER: ldap://ipa.mildstone.org:389
+      LDAP_BASE: cn=users,cn=accounts,dc=mildstone,dc=org
 
       ### There are to ways get users from the ldap server
 
       ## NO LDAP BIND USER:
       # Tries directly to bind with the login user (as uid)
       # LDAP_BINDDN: uid=%u,ou=someunit,ou=people,dc=DOMAIN,dc=TLD
+      # LDAP_BINDDN: uid=%u,ou=people,dc=mildstone,dc=org
 
       ## Or you can use ai global LDAP_BIND_USER
-      # LDAP_BIND_USER:
-      # LDAP_BIND_PW:
+      LDAP_BIND_USER: uid=ldapsearch,cn=users,cn=accounts,dc=mildstone,dc=org
+      LDAP_BIND_PW: ldap_ha39it9
 
       # Only allow users matching LDAP_USER_FILTER
-      LDAP_USER_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
+      LDAP_USER_FILTER: "(&(memberof=cn=latexusers,cn=groups,cn=accounts,dc=mildstone,dc=org)(uid=%u))"
 
       # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
       # Admin Users can invite external (non ldap) users. This feature makes only sense
       # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
       # system wide messages.
-      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
+      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=admins,cn=groups,cn=accounts,dc=mildstone,dc=org)"
       ALLOW_EMAIL_LOGIN: "true"
 
       # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
-      LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
-      LDAP_CONTACTS: "false"
+      LDAP_CONTACT_FILTER: "(memberof=cn=latexusers,cn=groups,cn=accounts,dc=mildstone,dc=org)"
+      LDAP_CONTACTS: "true"
+
 
       ## OAuth2 Settings
       # OAUTH2_ENABLED: "true"