Docker-Compose no user_settings area and conflicting documentation

JustinC · July 26, 2023, 4:35pm

Hello! I am looking to deploy this at our office for housing docs from both users and from our in house ERP. BUT I need to get LDAP working on this before it becomes a viable option.

The docs are GREAT but they seem to have some omissions on this user_settings area to put the config in for a docker-compose install.

docs say it should be a “media” volume and just create the folder there but there is no media volume created

and the compose-docs here say:

If Mayan EDMS was installed using Docker, the user_settings/ folder will be found inside the Docker volume. If you installed Mayan EDMS according to the Docker instructions provided in this documentation, your user_settings/ folder should be located in the directory: /docker-volumes/mayan/user_settings/ .

https://docs.mayan-edms.com/chapters/settings.html?highlight=user_settings#via-python-settings-files

and the ldap settings file mentions vaguely what to do but not enough to get a location to setup?

I think we may just be missing a bit of docs to make this work.

does anyone have a working 5 step on how they added LDAP to a fresh install of EDMS?

JustinC · July 26, 2023, 4:48pm

after a bit of fiddling here… it turns out you need to put the file in the /var/lib/docker/volumes/mayan_app/_data/user_settings but this piece seems to be “assumed” that we will just use that folder. would be EXTRA helpful if there was a one liner on the file in git where to put it.

now i just have to get the system to auth to our DC here looks to talk to it but I likely just have a setting wrong in that file.

JustinC · July 26, 2023, 6:29pm

OK I fixed that so now users can login with their email address and local AD user passwords YAY!

BUT we need to do this via SSL and so need to have LDAPS so the passwords are not sent clear over the wire for this.

In the ldap_connection_settings.py file there is a setup routine for this but this will apply only to a direct install?? as changing the host file will not echange the environment on the container.

has anyone been able to make ldaps work in a docker deployment?

for anyone coming accross this later in the ldap_connection_settings.py file I had to change:

From:
AUTH_LDAP_USER_SEARCH = LDAPSearch(
‘{},{}’.format(LDAP_ADDITIONAL_USER_DN, LDAP_BASE_DN),
ldap.SCOPE_SUBTREE, ‘(uid=%(user)s)’
)

To:
AUTH_LDAP_USER_SEARCH = LDAPSearch(“DC=office,DC=atlasmfg,DC=com”,
ldap.SCOPE_SUBTREE, “(&(objectClass=user)(mail=%(user)s))”)

this let me use the email address in AD as the userid in Mayan.

Also had to comment out the default AUTH_LDAP_USER_ATTR_MAP and use the one below:

AUTH_LDAP_USER_ATTR_MAP = {
‘username’: ‘mail’,
‘first_name’: ‘givenName’,
‘last_name’: ‘sn’,
‘email’: ‘mail’
}

Also to enable a fallback admin I setup the local auth as a fallback by putting this at the end of the file:

AUTHENTICATION_BACKENDS = (
‘django_auth_ldap.backend.LDAPBackend’,
‘django.contrib.auth.backends.ModelBackend’,
)

replacing the code that was there already.