mildstone deploy

.env

@@ -1,6 +1,6 @@
 # do not use quotes (")
-MYDOMAIN=MYDOMAIN.TLD
-MYMAIL=MYEMAIL@MYDOMAIN.TLD
+MYDOMAIN=overleaf.mildstone.org
+MYMAIL=andrea.rgn@gmail.com
 MYDATA=/data
 LOGIN_TEXT=username
 COLLAB_TEXT=Direct share with collaborators is enabled only for activated users!

Makefile

@@ -4,7 +4,7 @@ build:
 	docker build --build-arg login_text="${LOGIN_TEXT}" \
 		     --build-arg collab_text="${COLLAB_TEXT}" \
 		     --build-arg admin_is_sysadmin="${ADMIN_IS_SYSADMIN}" \
-		     -t "ldap-overleaf-sl" ldap-overleaf-sl 
+		     -t "ldap-overleaf-sl:240728" ldap-overleaf-sl 
 
 clean: check_clean
 	docker-compose down

docker-compose.yml

@@ -2,7 +2,7 @@ version: "2.2"
 services:
   sharelatex:
     restart: always
-    image: ldap-overleaf-sl
+    image: ldap-overleaf-sl:240728
     container_name: ldap-overleaf-sl
     depends_on:
       mongo:
@@ -31,8 +31,8 @@ services:
       SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
       # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
       # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
-      SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
-      SHARELATEX_EMAIL_SMTP_PORT: 587
+      SHARELATEX_EMAIL_SMTP_HOST: 192.168.1.99
+      SHARELATEX_EMAIL_SMTP_PORT: 25
       SHARELATEX_EMAIL_SMTP_SECURE: "false"
       # SHARELATEX_EMAIL_SMTP_USER:
       # SHARELATEX_EMAIL_SMTP_PASS:
@@ -40,6 +40,8 @@ services:
       # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
       SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
 
+      #LOG_LEVEL: "debug"
+
       # make public links accessible w/o login (link sharing issue)
       # https://github.com/overleaf/docker-image/issues/66
       # https://github.com/overleaf/overleaf/issues/628
@@ -52,32 +54,34 @@ services:
       # SHARELATEX_SECURE_COOKIE: "true"
       # SHARELATEX_BEHIND_PROXY: "true"
 
-      LDAP_SERVER: ldaps://LDAPSERVER:636
-      LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
+      LDAP_SERVER: ldap://ipa.mildstone.org:389
+      LDAP_BASE: cn=users,cn=accounts,dc=mildstone,dc=org
 
       ### There are to ways get users from the ldap server
 
       ## NO LDAP BIND USER:
       # Tries directly to bind with the login user (as uid)
       # LDAP_BINDDN: uid=%u,ou=someunit,ou=people,dc=DOMAIN,dc=TLD
+      # LDAP_BINDDN: uid=%u,ou=people,dc=mildstone,dc=org
 
       ## Or you can use ai global LDAP_BIND_USER
-      # LDAP_BIND_USER:
-      # LDAP_BIND_PW:
+      LDAP_BIND_USER: uid=ldapsearch,cn=users,cn=accounts,dc=mildstone,dc=org
+      LDAP_BIND_PW: ldap_ha39it9
 
       # Only allow users matching LDAP_USER_FILTER
-      LDAP_USER_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
+      LDAP_USER_FILTER: "(&(memberof=cn=latexusers,cn=groups,cn=accounts,dc=mildstone,dc=org)(uid=%u))"
 
       # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
       # Admin Users can invite external (non ldap) users. This feature makes only sense
       # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
       # system wide messages.
-      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
+      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=admins,cn=groups,cn=accounts,dc=mildstone,dc=org)"
       ALLOW_EMAIL_LOGIN: "true"
 
       # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
-      LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
-      LDAP_CONTACTS: "false"
+      LDAP_CONTACT_FILTER: "(memberof=cn=latexusers,cn=groups,cn=accounts,dc=mildstone,dc=org)"
+      LDAP_CONTACTS: "true"
+
 
       ## OAuth2 Settings
       # OAUTH2_ENABLED: "true"

ldap-overleaf-sl/Dockerfile

@@ -13,10 +13,17 @@ ARG admin_is_sysadmin
 # set workdir (might solve issue #2 - see https://stackoverflow.com/questions/57534295/)
 WORKDIR /overleaf/services/web
 
+
+
+RUN npm cache clean --force && \ 
+    npm install -g npm@10.5.0
+
+
     # install latest npm
-RUN npm install -g npm && \
+RUN \
     ## clean cache (might solve issue #2)
-    # npm cache clean --force && \
+    ##npm cache clean --force && \
+    ##npm install -g npm@latest && \
     npm install ldap-escape ldapts-search ldapts@3.2.4 && \
     # npm install bcrypt@5.0.0 && \
     ## This variant of updateing texlive does not work
@@ -85,3 +92,6 @@ RUN sed -iE "s/email@example.com/${login_text:-user}/g" /overleaf/services/web/a
 #     echo "/usr/cron.weekly/nginx-cert.sh 2>&1 > /dev/null" > /etc/rc.local && \
 #     chmod 0744 /etc/rc.local
 
+
+COPY update_texlive.sh /overleaf/services/web
+RUN sh update_texlive.sh

ldap-overleaf-sl/update_texlive.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cd /usr/local/texlive/
+if [ -d 2023 ] 
+then
+	cp -a 2023 2024
+	rm -f 2024/tlpkg/backups/*
+	cd 2024
+	wget  https://mirror.ctan.org/systems/texlive/tlnet/update-tlmgr-latest.sh
+	sh update-tlmgr-latest.sh -- --upgrade
+fi
+tlmgr update --self --all
+tlmgr install scheme-full
+luaotfload-tool -fu
+

scripts/copy.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -e
+
+CONTAINER_FILE_PATHS=(
+    "/overleaf/services/web/app/src/Features/Authentication/AuthenticationManager.js"
+    "/overleaf/services/web/app/src/Features/Authentication/AuthenticationController.js"
+    "/overleaf/services/web/app/src/Features/Contacts/ContactController.js"
+    "/overleaf/services/web/app/src/router.js"
+    "/overleaf/services/web/app/views/user/settings.pug"
+    "/overleaf/services/web/app/views/user/login.pug"
+    "/overleaf/services/web/app/views/layout/navbar.pug"
+    "/overleaf/services/web/app/views/layout/navbar-marketing.pug"
+    "/overleaf/services/web/app/views/admin/index.pug"
+    "/overleaf/services/web/app/views/admin/index.pug"
+)
+
+FILENAMES=(
+    "AuthenticationManager.js"
+    "AuthenticationController.js"
+    "ContactController.js"
+    "router.js"
+    "settings.pug"
+    "login.pug"
+    "navbar.pug"
+    "navbar-marketing.pug"
+    "admin-index.pug"
+    "admin-sysadmin.pug"
+)
+
+if [ "${#CONTAINER_FILE_PATHS[@]}" -ne "${#FILENAMES[@]}" ]; then
+    echo "Error: The number of source files and target filenames does not match."
+    exit 1
+fi
+
+HOST_TARGET_PATH="ldap-overleaf-sl/sharelatex_ori"
+
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 [version]"
+    exit 1
+else
+    VERSION=$1
+fi
+
+CONTAINER_NAME="tmp_sharelatex_for_extract_files"
+IMAGE="sharelatex/sharelatex:$VERSION"
+
+for i in "${!CONTAINER_FILE_PATHS[@]}"; do
+    file_path="${CONTAINER_FILE_PATHS[i]}"
+    new_filename="${FILENAMES[i]}"
+    new_target_path="$HOST_TARGET_PATH/$new_filename"
+    echo " copy:  $new_target_path"
+    docker cp $CONTAINER_NAME:$file_path $new_target_path
+done
+#
+#echo "Stopping and removing container..."
+#docker stop $CONTAINER_NAME
+#docker rm $CONTAINER_NAME

scripts/extract_files.sh

@@ -60,13 +60,13 @@ docker run -d --name $CONTAINER_NAME $IMAGE
 echo "Waiting for container to start up..."
 sleep 10
 
-for i in "${!CONTAINER_FILE_PATHS[@]}"; do
-    file_path="${CONTAINER_FILE_PATHS[i]}"
-    new_filename="${FILENAMES[i]}"
-    new_target_path="$HOST_TARGET_PATH/$new_filename"
-    docker cp $CONTAINER_NAME:$file_path $new_target_path
-done
-
-echo "Stopping and removing container..."
-docker stop $CONTAINER_NAME
-docker rm $CONTAINER_NAME
+#for i in "${!CONTAINER_FILE_PATHS[@]}"; do
+#    file_path="${CONTAINER_FILE_PATHS[i]}"
+#    new_filename="${FILENAMES[i]}"
+#    new_target_path="$HOST_TARGET_PATH/$new_filename"
+#    docker cp $CONTAINER_NAME:$file_path $new_target_path
+#done
+#
+#echo "Stopping and removing container..."
+#docker stop $CONTAINER_NAME
+#docker rm $CONTAINER_NAME

scripts/make_diffs.sh

@@ -8,6 +8,7 @@ for filename in $(ls $MODIFIED_DIR); do
     raw_file="$ORI_DIR/$filename"
 
     if [ -f "$raw_file" ]; then
+        echo "working on $raw_file" 
         diff_output="$DIFFS_DIR/${filename}.diff"
         diff "$raw_file" "$MODIFIED_DIR/$filename" > "$diff_output"
     else