commit 0758854

Merge: 103abf8 aa7d75c Author: Ralf Haferkamp <rhaferkamp@owncloud.com> Date: Wed Apr 27 10:08:13 2022 +0200 Merge pull request #3331 from rhafer/idm-default-cfg [full-ci] Switch default config from account/glauth to builtin libregraph/idm
owncloud · Apr 27, 2022 · b79bf57 · b79bf57
1 parent 56018a9
commit b79bf57
Show file tree

Hide file tree

Showing 23 changed files with 129 additions and 115 deletions.
diff --git a/extensions/_includes/auth-basic-config-example.yaml b/extensions/_includes/auth-basic-config-example.yaml
@@ -26,19 +26,21 @@ auth_providers:
   json:
     file: ""
   ldap:
-    uri: ldaps://localhost:9126
-    cacert: ~/.ocis/ldap/ldap.crt
+    uri: ldaps://localhost:9235
+    cacert: ~/.ocis/idm/ldap.crt
     insecure: false
-    binddn: cn=reva,ou=sysusers,dc=ocis,dc=test
+    binddn: uid=reva,ou=sysusers,o=libregraph-idm
     bindpassword: reva
-    userbasedn: dc=ocis,dc=test
-    groupbasedn: dc=ocis,dc=test
+    userbasedn: ou=users,o=libregraph-idm
+    groupbasedn: ou=groups,o=libregraph-idm
+    userscope: sub
+    groupscope: sub
     userfilter: ""
     groupfilter: ""
-    userobjectclass: posixAccount
-    groupobjectclass: posixGroup
+    userobjectclass: inetOrgPerson
+    groupobjectclass: groupOfNames
     loginattributes:
-    - cn
+    - uid
     - mail
     idp: https://localhost:9200
     gatewayendpoint: ""
@@ -47,14 +49,14 @@ auth_providers:
       idisoctetstring: false
       mail: mail
       displayname: displayname
-      username: cn
+      username: uid
     groupschema:
-      id: cn
+      id: ownclouduuid
       idisoctetstring: false
       mail: mail
       displayname: cn
       groupname: cn
-      member: cn
+      member: member
   owncloud_sql:
     dbusername: owncloud
     dbpassword: secret

diff --git a/extensions/_includes/auth-basic_configvars.md b/extensions/_includes/auth-basic_configvars.md
@@ -10,27 +10,29 @@
 | AUTH_BASIC_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.|
 | AUTH_BASIC_AUTH_PROVIDER | string | ldap | The auth provider which should be used by the service|
 | AUTH_BASIC_JSON_PROVIDER_FILE | string |  | The file to which the json provider writes the data.|
-| LDAP_URI;AUTH_BASIC_LDAP_URI | string | ldaps://localhost:9126 | |
-| LDAP_CACERT;AUTH_BASIC_LDAP_CACERT | string | ~/.ocis/ldap/ldap.crt | |
+| LDAP_URI;AUTH_BASIC_LDAP_URI | string | ldaps://localhost:9235 | |
+| LDAP_CACERT;AUTH_BASIC_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | |
 | LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE | bool | false | |
-| LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN | string | cn=reva,ou=sysusers,dc=ocis,dc=test | |
+| LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | |
 | LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD | string | reva | |
-| LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN | string | dc=ocis,dc=test | |
-| LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN | string | dc=ocis,dc=test | |
+| LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |
+| LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | |
+| LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE | string | sub | |
+| LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE | string | sub | |
 | LDAP_USERFILTER;AUTH_BASIC_LDAP_USERFILTER | string |  | |
 | LDAP_GROUPFILTER;AUTH_BASIC_LDAP_USERFILTER | string |  | |
-| LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS | string | posixAccount | |
-| LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS | string | posixGroup | |
-| LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES |  | [cn mail] | |
+| LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | |
+| LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | |
+| LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES |  | [uid mail] | |
 | OCIS_URL;AUTH_BASIC_IDP_URL | string | https://localhost:9200 | |
 | LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID | string | ownclouduuid | |
 | LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING | bool | false | |
 | LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL | string | mail | |
 | LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME | string | displayname | |
-| LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME | string | cn | |
-| LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID | string | cn | |
+| LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME | string | uid | |
+| LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID | string | ownclouduuid | |
 | LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING | bool | false | |
 | LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL | string | mail | |
 | LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME | string | cn | |
 | LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME | string | cn | |
-| LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER | string | cn | |
+| LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER | string | member | |
diff --git a/extensions/_includes/graph-config-example.yaml b/extensions/_includes/graph-config-example.yaml
@@ -28,23 +28,23 @@ spaces:
   insecure: false
   extended_space_properties_cache_ttl: 0
 identity:
-  backend: cs3
+  backend: ldap
   ldap:
-    uri: ldap://localhost:9125
-    insecure: false
-    bind_dn: ""
-    bind_password: ""
+    uri: ldaps://localhost:9235
+    insecure: true
+    bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm
+    bind_password: idm
     use_server_uuid: false
-    write_enabled: false
-    user_base_dn: ou=users,dc=ocis,dc=test
+    write_enabled: true
+    user_base_dn: ou=users,o=libregraph-idm
     user_search_scope: sub
     user_filter: ""
     user_objectclass: inetOrgPerson
     user_mail_attribute: mail
     user_displayname_attribute: displayName
     user_name_attribute: uid
     user_id_attribute: owncloudUUID
-    group_base_dn: ou=groups,dc=ocis,dc=test
+    group_base_dn: ou=groups,o=libregraph-idm
     group_search_scope: sub
     group_filter: ""
     group_objectclass: groupOfNames

diff --git a/extensions/_includes/graph_configvars.md b/extensions/_includes/graph_configvars.md
@@ -15,22 +15,22 @@
 | GRAPH_SPACES_DEFAULT_QUOTA | string | 1000000000 | |
 | OCIS_INSECURE;GRAPH_SPACES_INSECURE | bool | false | |
 | GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL | int | 0 | |
-| GRAPH_IDENTITY_BACKEND | string | cs3 | |
-| LDAP_URI;GRAPH_LDAP_URI | string | ldap://localhost:9125 | |
-| OCIS_INSECURE;GRAPH_LDAP_INSECURE | bool | false | |
-| LDAP_BIND_DN;GRAPH_LDAP_BIND_DN | string |  | |
-| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string |  | |
+| GRAPH_IDENTITY_BACKEND | string | ldap | |
+| LDAP_URI;GRAPH_LDAP_URI | string | ldaps://localhost:9235 | |
+| OCIS_INSECURE;GRAPH_LDAP_INSECURE | bool | true | |
+| LDAP_BIND_DN;GRAPH_LDAP_BIND_DN | string | uid=libregraph,ou=sysusers,o=libregraph-idm | |
+| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string | idm | |
 | GRAPH_LDAP_SERVER_UUID | bool | false | |
-| GRAPH_LDAP_SERVER_WRITE_ENABLED | bool | false | |
-| LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN | string | ou=users,dc=ocis,dc=test | |
+| GRAPH_LDAP_SERVER_WRITE_ENABLED | bool | true | |
+| LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |
 | LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE | string | sub | |
 | LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER | string |  | |
 | LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | |
 | LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE | string | mail | |
 | LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE | string | displayName | |
 | LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE | string | uid | |
 | LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE | string | owncloudUUID | |
-| LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN | string | ou=groups,dc=ocis,dc=test | |
+| LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | |
 | LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE | string | sub | |
 | LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER | string |  | |
 | LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | |

diff --git a/extensions/_includes/group-config-example.yaml b/extensions/_includes/group-config-example.yaml
@@ -27,19 +27,21 @@ drivers:
   json:
     file: ""
   ldap:
-    uri: ldaps://localhost:9126
-    cacert: ~/.ocis/ldap/ldap.crt
+    uri: ldaps://localhost:9235
+    cacert: ~/.ocis/idm/ldap.crt
     insecure: false
-    binddn: cn=reva,ou=sysusers,dc=ocis,dc=test
+    binddn: uid=reva,ou=sysusers,o=libregraph-idm
     bindpassword: reva
-    userbasedn: dc=ocis,dc=test
-    groupbasedn: dc=ocis,dc=test
+    userbasedn: ou=users,o=libregraph-idm
+    groupbasedn: ou=groups,o=libregraph-idm
+    userscope: sub
+    groupscope: sub
     userfilter: ""
     groupfilter: ""
-    userobjectclass: posixAccount
-    groupobjectclass: posixGroup
+    userobjectclass: inetOrgPerson
+    groupobjectclass: groupOfNames
     loginattributes:
-    - cn
+    - uid
     - mail
     idp: https://localhost:9200
     gatewayendpoint: ""
@@ -48,14 +50,14 @@ drivers:
       idisoctetstring: false
       mail: mail
       displayname: displayname
-      username: cn
+      username: uid
     groupschema:
-      id: cn
+      id: ownclouduuid
       idisoctetstring: false
       mail: mail
       displayname: cn
       groupname: cn
-      member: cn
+      member: member
   owncloudsql:
     dbusername: owncloud
     dbpassword: secret

diff --git a/extensions/_includes/group_configvars.md b/extensions/_includes/group_configvars.md
@@ -8,27 +8,29 @@
 | GROUPS_DEBUG_ZPAGES | bool | false | |
 | GROUPS_GRPC_ADDR | string | 127.0.0.1:9160 | The address of the grpc service.|
 | GROUPS_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.|
-| LDAP_URI;GROUPS_LDAP_URI | string | ldaps://localhost:9126 | |
-| LDAP_CACERT;GROUPS_LDAP_CACERT | string | ~/.ocis/ldap/ldap.crt | |
+| LDAP_URI;GROUPS_LDAP_URI | string | ldaps://localhost:9235 | |
+| LDAP_CACERT;GROUPS_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | |
 | LDAP_INSECURE;GROUPS_LDAP_INSECURE | bool | false | |
-| LDAP_BIND_DN;GROUPS_LDAP_BIND_DN | string | cn=reva,ou=sysusers,dc=ocis,dc=test | |
+| LDAP_BIND_DN;GROUPS_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | |
 | LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD | string | reva | |
-| LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN | string | dc=ocis,dc=test | |
-| LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN | string | dc=ocis,dc=test | |
+| LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |
+| LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | |
+| LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE | string | sub | |
+| LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE | string | sub | |
 | LDAP_USERFILTER;GROUPS_LDAP_USERFILTER | string |  | |
 | LDAP_GROUPFILTER;GROUPS_LDAP_USERFILTER | string |  | |
-| LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS | string | posixAccount | |
-| LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS | string | posixGroup | |
-| LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES |  | [cn mail] | |
+| LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | |
+| LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | |
+| LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES |  | [uid mail] | |
 | OCIS_URL;GROUPS_IDP_URL | string | https://localhost:9200 | |
 | LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID | string | ownclouduuid | |
 | LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING | bool | false | |
 | LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL | string | mail | |
 | LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME | string | displayname | |
-| LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME | string | cn | |
-| LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID | string | cn | |
+| LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME | string | uid | |
+| LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID | string | ownclouduuid | |
 | LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING | bool | false | |
 | LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL | string | mail | |
 | LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME | string | cn | |
 | LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME | string | cn | |
-| LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER | string | cn | |
+| LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER | string | member | |
diff --git a/extensions/_includes/idp-config-example.yaml b/extensions/_includes/idp-config-example.yaml
@@ -56,15 +56,16 @@ idp:
   refresh_token_duration_seconds: 94608000
   dynamic_client_secret_duration_seconds: 0
 ldap:
-  uri: ldap://localhost:9125
-  bind_dn: cn=idp,ou=sysusers,dc=ocis,dc=test
+  uri: ldaps://localhost:9235
+  cacert: ~/.ocis/idm/ldap.crt
+  bind_dn: uid=idp,ou=sysusers,o=libregraph-idm
   bind_password: idp
-  base_dn: ou=users,dc=ocis,dc=test
+  base_dn: ou=users,o=libregraph-idm
   scope: sub
-  login_attribute: cn
+  login_attribute: uid
   email_attribute: mail
   name_attribute: displayName
   uuid_attribute: uid
   uuid_attribute_type: text
   filter: ""
-  objectclass: posixAccount
+  objectclass: inetOrgPerson
diff --git a/extensions/_includes/idp_configvars.md b/extensions/_includes/idp_configvars.md
@@ -35,15 +35,16 @@
 | IDP_ID_TOKEN_EXPIRATION | uint64 | 3600 | |
 | IDP_REFRESH_TOKEN_EXPIRATION | uint64 | 94608000 | |
 |  | uint64 | 0 | |
-| LDAP_URI;IDP_LDAP_URI | string | ldap://localhost:9125 | |
-| LDAP_BIND_DN;IDP_LDAP_BIND_DN | string | cn=idp,ou=sysusers,dc=ocis,dc=test | |
+| LDAP_URI;IDP_LDAP_URI | string | ldaps://localhost:9235 | |
+| LDAP_CACERT;IDP_LDAP_TLS_CACERT | string | ~/.ocis/idm/ldap.crt | |
+| LDAP_BIND_DN;IDP_LDAP_BIND_DN | string | uid=idp,ou=sysusers,o=libregraph-idm | |
 | LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD | string | idp | |
-| LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN | string | ou=users,dc=ocis,dc=test | |
+| LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN | string | ou=users,o=libregraph-idm | |
 | LDAP_USER_SCOPE;IDP_LDAP_SCOPE | string | sub | |
-| IDP_LDAP_LOGIN_ATTRIBUTE | string | cn | |
+| IDP_LDAP_LOGIN_ATTRIBUTE | string | uid | |
 | LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE | string | mail | |
 | LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE | string | displayName | |
 | LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE | string | uid | |
 | IDP_LDAP_UUID_ATTRIBUTE_TYPE | string | text | |
 | LDAP_USER_FILTER;IDP_LDAP_FILTER | string |  | |
-| LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS | string | posixAccount | |
+| LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS | string | inetOrgPerson | |
diff --git a/extensions/_includes/ocs-config-example.yaml b/extensions/_includes/ocs-config-example.yaml
@@ -40,6 +40,6 @@ reva:
   address: 127.0.0.1:9142
 identity_management:
   address: https://localhost:9200
-account_backend: accounts
+account_backend: cs3
 storage_users_driver: ocis
 machine_auth_api_key: change-me-please
diff --git a/extensions/_includes/ocs_configvars.md b/extensions/_includes/ocs_configvars.md
@@ -11,6 +11,6 @@
 | OCIS_JWT_SECRET;OCS_JWT_SECRET | string | Pive-Fumkiu4 | |
 | REVA_GATEWAY | string | 127.0.0.1:9142 | |
 | OCIS_URL;OCS_IDM_ADDRESS | string | https://localhost:9200 | |
-| OCS_ACCOUNT_BACKEND_TYPE | string | accounts | |
+| OCS_ACCOUNT_BACKEND_TYPE | string | cs3 | |
 | STORAGE_USERS_DRIVER;OCS_STORAGE_USERS_DRIVER | string | ocis | |
 | OCIS_MACHINE_AUTH_API_KEY;OCS_MACHINE_AUTH_API_KEY | string | change-me-please | |
diff --git a/extensions/_includes/proxy-config-example.yaml b/extensions/_includes/proxy-config-example.yaml
@@ -153,7 +153,7 @@ pre_signed_url:
   allowed_http_methods:
   - GET
   enabled: true
-account_backend: accounts
+account_backend: cs3
 user_oidc_claim: email
 user_cs3_claim: mail
 machine_auth_api_key: change-me-please

diff --git a/extensions/_includes/proxy_configvars.md b/extensions/_includes/proxy_configvars.md
@@ -18,7 +18,7 @@
 | PROXY_OIDC_USERINFO_CACHE_TTL | int | 10 | |
 | OCIS_JWT_SECRET;PROXY_JWT_SECRET | string | Pive-Fumkiu4 | |
 | PROXY_ENABLE_PRESIGNEDURLS | bool | true | |
-| PROXY_ACCOUNT_BACKEND_TYPE | string | accounts | |
+| PROXY_ACCOUNT_BACKEND_TYPE | string | cs3 | |
 | PROXY_USER_OIDC_CLAIM | string | email | |
 | PROXY_USER_CS3_CLAIM | string | mail | |
 | OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY | string | change-me-please | |

diff --git a/extensions/_includes/storage-config-example.yaml b/extensions/_includes/storage-config-example.yaml
@@ -31,38 +31,38 @@ reva:
     uid_claim: ""
     gid_claim: ""
   ldap:
-    uri: ldaps://localhost:9126
-    ca_cert: ~/.ocis/ldap/ldap.crt
+    uri: ldaps://localhost:9235
+    ca_cert: ~/.ocis/idm/ldap.crt
     insecure: false
-    user_base_dn: dc=ocis,dc=test
-    group_base_dn: dc=ocis,dc=test
+    user_base_dn: ou=users,o=libregraph-idm
+    group_base_dn: ou=groups,o=libregraph-idm
     user_scope: sub
     group_scope: sub
-    user_objectclass: posixAccount
-    group_objectclass: posixGroup
+    user_objectclass: inetOrgPerson
+    group_objectclass: groupOfNames
     user_filter: ""
     group_filter: ""
     login_attributes:
-    - cn
+    - uid
     - mail
-    bind_dn: cn=reva,ou=sysusers,dc=ocis,dc=test
+    bind_dn: uid=reva,ou=sysusers,o=libregraph-idm
     bind_password: reva
     idp: https://localhost:9200
     user_schema:
       id: ownclouduuid
       id_is_octet_string: false
       mail: mail
       display_name: displayname
-      user_name: cn
+      user_name: uid
       uid_number: uidnumber
       gid_number: gidnumber
     group_schema:
-      id: cn
+      id: ownclouduuid
       id_is_octet_string: false
       mail: mail
       display_name: cn
       group_name: cn
-      member: cn
+      member: member
       gid_number: gidnumber
   user_group_rest:
     client_id: ""