From b79bf57febc77ecd835181ed77498e1210302763 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 27 Apr 2022 08:11:00 +0000 Subject: [PATCH] commit 0758854b638d4aeb9f229165f6ef34da42eacc40 Merge: 103abf840 aa7d75c84 Author: Ralf Haferkamp Date: Wed Apr 27 10:08:13 2022 +0200 Merge pull request #3331 from rhafer/idm-default-cfg [full-ci] Switch default config from account/glauth to builtin libregraph/idm --- .../_includes/auth-basic-config-example.yaml | 24 ++++++++++--------- extensions/_includes/auth-basic_configvars.md | 24 ++++++++++--------- .../_includes/graph-config-example.yaml | 16 ++++++------- extensions/_includes/graph_configvars.md | 16 ++++++------- .../_includes/group-config-example.yaml | 24 ++++++++++--------- extensions/_includes/group_configvars.md | 24 ++++++++++--------- extensions/_includes/idp-config-example.yaml | 11 +++++---- extensions/_includes/idp_configvars.md | 11 +++++---- extensions/_includes/ocs-config-example.yaml | 2 +- extensions/_includes/ocs_configvars.md | 2 +- .../_includes/proxy-config-example.yaml | 2 +- extensions/_includes/proxy_configvars.md | 2 +- .../_includes/storage-config-example.yaml | 22 ++++++++--------- extensions/_includes/user-config-example.yaml | 24 ++++++++++--------- extensions/_includes/user_configvars.md | 24 ++++++++++--------- grpc_apis/ocis/messages/accounts/v0/grpc.md | 2 +- grpc_apis/ocis/messages/settings/v0/grpc.md | 2 +- grpc_apis/ocis/messages/store/v0/grpc.md | 2 +- grpc_apis/ocis/messages/thumbnails/v0/grpc.md | 2 +- grpc_apis/ocis/services/accounts/v0/grpc.md | 2 +- grpc_apis/ocis/services/settings/v0/grpc.md | 2 +- grpc_apis/ocis/services/store/v0/grpc.md | 2 +- grpc_apis/ocis/services/thumbnails/v0/grpc.md | 2 +- 23 files changed, 129 insertions(+), 115 deletions(-) diff --git a/extensions/_includes/auth-basic-config-example.yaml b/extensions/_includes/auth-basic-config-example.yaml index 6148253dee4..9b3765ef4cd 100644 --- a/extensions/_includes/auth-basic-config-example.yaml +++ b/extensions/_includes/auth-basic-config-example.yaml @@ -26,19 +26,21 @@ auth_providers: json: file: "" ldap: - uri: ldaps://localhost:9126 - cacert: ~/.ocis/ldap/ldap.crt + uri: ldaps://localhost:9235 + cacert: ~/.ocis/idm/ldap.crt insecure: false - binddn: cn=reva,ou=sysusers,dc=ocis,dc=test + binddn: uid=reva,ou=sysusers,o=libregraph-idm bindpassword: reva - userbasedn: dc=ocis,dc=test - groupbasedn: dc=ocis,dc=test + userbasedn: ou=users,o=libregraph-idm + groupbasedn: ou=groups,o=libregraph-idm + userscope: sub + groupscope: sub userfilter: "" groupfilter: "" - userobjectclass: posixAccount - groupobjectclass: posixGroup + userobjectclass: inetOrgPerson + groupobjectclass: groupOfNames loginattributes: - - cn + - uid - mail idp: https://localhost:9200 gatewayendpoint: "" @@ -47,14 +49,14 @@ auth_providers: idisoctetstring: false mail: mail displayname: displayname - username: cn + username: uid groupschema: - id: cn + id: ownclouduuid idisoctetstring: false mail: mail displayname: cn groupname: cn - member: cn + member: member owncloud_sql: dbusername: owncloud dbpassword: secret diff --git a/extensions/_includes/auth-basic_configvars.md b/extensions/_includes/auth-basic_configvars.md index b38736416dd..f39b3fe24c1 100644 --- a/extensions/_includes/auth-basic_configvars.md +++ b/extensions/_includes/auth-basic_configvars.md @@ -10,27 +10,29 @@ | AUTH_BASIC_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.| | AUTH_BASIC_AUTH_PROVIDER | string | ldap | The auth provider which should be used by the service| | AUTH_BASIC_JSON_PROVIDER_FILE | string | | The file to which the json provider writes the data.| -| LDAP_URI;AUTH_BASIC_LDAP_URI | string | ldaps://localhost:9126 | | -| LDAP_CACERT;AUTH_BASIC_LDAP_CACERT | string | ~/.ocis/ldap/ldap.crt | | +| LDAP_URI;AUTH_BASIC_LDAP_URI | string | ldaps://localhost:9235 | | +| LDAP_CACERT;AUTH_BASIC_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | | | LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE | bool | false | | -| LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN | string | cn=reva,ou=sysusers,dc=ocis,dc=test | | +| LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | | | LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD | string | reva | | -| LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN | string | dc=ocis,dc=test | | -| LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN | string | dc=ocis,dc=test | | +| LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | | +| LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | | +| LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE | string | sub | | +| LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE | string | sub | | | LDAP_USERFILTER;AUTH_BASIC_LDAP_USERFILTER | string | | | | LDAP_GROUPFILTER;AUTH_BASIC_LDAP_USERFILTER | string | | | -| LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS | string | posixAccount | | -| LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS | string | posixGroup | | -| LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES | | [cn mail] | | +| LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | | +| LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | | +| LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES | | [uid mail] | | | OCIS_URL;AUTH_BASIC_IDP_URL | string | https://localhost:9200 | | | LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID | string | ownclouduuid | | | LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL | string | mail | | | LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME | string | displayname | | -| LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME | string | cn | | -| LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID | string | cn | | +| LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME | string | uid | | +| LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID | string | ownclouduuid | | | LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL | string | mail | | | LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME | string | cn | | | LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME | string | cn | | -| LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER | string | cn | | \ No newline at end of file +| LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER | string | member | | \ No newline at end of file diff --git a/extensions/_includes/graph-config-example.yaml b/extensions/_includes/graph-config-example.yaml index 57219319463..b1adc66e80e 100644 --- a/extensions/_includes/graph-config-example.yaml +++ b/extensions/_includes/graph-config-example.yaml @@ -28,15 +28,15 @@ spaces: insecure: false extended_space_properties_cache_ttl: 0 identity: - backend: cs3 + backend: ldap ldap: - uri: ldap://localhost:9125 - insecure: false - bind_dn: "" - bind_password: "" + uri: ldaps://localhost:9235 + insecure: true + bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm + bind_password: idm use_server_uuid: false - write_enabled: false - user_base_dn: ou=users,dc=ocis,dc=test + write_enabled: true + user_base_dn: ou=users,o=libregraph-idm user_search_scope: sub user_filter: "" user_objectclass: inetOrgPerson @@ -44,7 +44,7 @@ identity: user_displayname_attribute: displayName user_name_attribute: uid user_id_attribute: owncloudUUID - group_base_dn: ou=groups,dc=ocis,dc=test + group_base_dn: ou=groups,o=libregraph-idm group_search_scope: sub group_filter: "" group_objectclass: groupOfNames diff --git a/extensions/_includes/graph_configvars.md b/extensions/_includes/graph_configvars.md index d8e5642cef9..890b853283f 100644 --- a/extensions/_includes/graph_configvars.md +++ b/extensions/_includes/graph_configvars.md @@ -15,14 +15,14 @@ | GRAPH_SPACES_DEFAULT_QUOTA | string | 1000000000 | | | OCIS_INSECURE;GRAPH_SPACES_INSECURE | bool | false | | | GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL | int | 0 | | -| GRAPH_IDENTITY_BACKEND | string | cs3 | | -| LDAP_URI;GRAPH_LDAP_URI | string | ldap://localhost:9125 | | -| OCIS_INSECURE;GRAPH_LDAP_INSECURE | bool | false | | -| LDAP_BIND_DN;GRAPH_LDAP_BIND_DN | string | | | -| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string | | | +| GRAPH_IDENTITY_BACKEND | string | ldap | | +| LDAP_URI;GRAPH_LDAP_URI | string | ldaps://localhost:9235 | | +| OCIS_INSECURE;GRAPH_LDAP_INSECURE | bool | true | | +| LDAP_BIND_DN;GRAPH_LDAP_BIND_DN | string | uid=libregraph,ou=sysusers,o=libregraph-idm | | +| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string | idm | | | GRAPH_LDAP_SERVER_UUID | bool | false | | -| GRAPH_LDAP_SERVER_WRITE_ENABLED | bool | false | | -| LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN | string | ou=users,dc=ocis,dc=test | | +| GRAPH_LDAP_SERVER_WRITE_ENABLED | bool | true | | +| LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | | | LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE | string | sub | | | LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER | string | | | | LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | | @@ -30,7 +30,7 @@ | LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE | string | displayName | | | LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE | string | uid | | | LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE | string | owncloudUUID | | -| LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN | string | ou=groups,dc=ocis,dc=test | | +| LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | | | LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE | string | sub | | | LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER | string | | | | LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | | diff --git a/extensions/_includes/group-config-example.yaml b/extensions/_includes/group-config-example.yaml index 9b075ee8c6d..0526ed21c17 100644 --- a/extensions/_includes/group-config-example.yaml +++ b/extensions/_includes/group-config-example.yaml @@ -27,19 +27,21 @@ drivers: json: file: "" ldap: - uri: ldaps://localhost:9126 - cacert: ~/.ocis/ldap/ldap.crt + uri: ldaps://localhost:9235 + cacert: ~/.ocis/idm/ldap.crt insecure: false - binddn: cn=reva,ou=sysusers,dc=ocis,dc=test + binddn: uid=reva,ou=sysusers,o=libregraph-idm bindpassword: reva - userbasedn: dc=ocis,dc=test - groupbasedn: dc=ocis,dc=test + userbasedn: ou=users,o=libregraph-idm + groupbasedn: ou=groups,o=libregraph-idm + userscope: sub + groupscope: sub userfilter: "" groupfilter: "" - userobjectclass: posixAccount - groupobjectclass: posixGroup + userobjectclass: inetOrgPerson + groupobjectclass: groupOfNames loginattributes: - - cn + - uid - mail idp: https://localhost:9200 gatewayendpoint: "" @@ -48,14 +50,14 @@ drivers: idisoctetstring: false mail: mail displayname: displayname - username: cn + username: uid groupschema: - id: cn + id: ownclouduuid idisoctetstring: false mail: mail displayname: cn groupname: cn - member: cn + member: member owncloudsql: dbusername: owncloud dbpassword: secret diff --git a/extensions/_includes/group_configvars.md b/extensions/_includes/group_configvars.md index 213691b319e..bb453ed0c9a 100644 --- a/extensions/_includes/group_configvars.md +++ b/extensions/_includes/group_configvars.md @@ -8,27 +8,29 @@ | GROUPS_DEBUG_ZPAGES | bool | false | | | GROUPS_GRPC_ADDR | string | 127.0.0.1:9160 | The address of the grpc service.| | GROUPS_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.| -| LDAP_URI;GROUPS_LDAP_URI | string | ldaps://localhost:9126 | | -| LDAP_CACERT;GROUPS_LDAP_CACERT | string | ~/.ocis/ldap/ldap.crt | | +| LDAP_URI;GROUPS_LDAP_URI | string | ldaps://localhost:9235 | | +| LDAP_CACERT;GROUPS_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | | | LDAP_INSECURE;GROUPS_LDAP_INSECURE | bool | false | | -| LDAP_BIND_DN;GROUPS_LDAP_BIND_DN | string | cn=reva,ou=sysusers,dc=ocis,dc=test | | +| LDAP_BIND_DN;GROUPS_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | | | LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD | string | reva | | -| LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN | string | dc=ocis,dc=test | | -| LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN | string | dc=ocis,dc=test | | +| LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | | +| LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | | +| LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE | string | sub | | +| LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE | string | sub | | | LDAP_USERFILTER;GROUPS_LDAP_USERFILTER | string | | | | LDAP_GROUPFILTER;GROUPS_LDAP_USERFILTER | string | | | -| LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS | string | posixAccount | | -| LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS | string | posixGroup | | -| LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES | | [cn mail] | | +| LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | | +| LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | | +| LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES | | [uid mail] | | | OCIS_URL;GROUPS_IDP_URL | string | https://localhost:9200 | | | LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID | string | ownclouduuid | | | LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL | string | mail | | | LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME | string | displayname | | -| LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME | string | cn | | -| LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID | string | cn | | +| LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME | string | uid | | +| LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID | string | ownclouduuid | | | LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL | string | mail | | | LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME | string | cn | | | LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME | string | cn | | -| LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER | string | cn | | \ No newline at end of file +| LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER | string | member | | \ No newline at end of file diff --git a/extensions/_includes/idp-config-example.yaml b/extensions/_includes/idp-config-example.yaml index f6c1679c0e1..d105e9e0d03 100644 --- a/extensions/_includes/idp-config-example.yaml +++ b/extensions/_includes/idp-config-example.yaml @@ -56,15 +56,16 @@ idp: refresh_token_duration_seconds: 94608000 dynamic_client_secret_duration_seconds: 0 ldap: - uri: ldap://localhost:9125 - bind_dn: cn=idp,ou=sysusers,dc=ocis,dc=test + uri: ldaps://localhost:9235 + cacert: ~/.ocis/idm/ldap.crt + bind_dn: uid=idp,ou=sysusers,o=libregraph-idm bind_password: idp - base_dn: ou=users,dc=ocis,dc=test + base_dn: ou=users,o=libregraph-idm scope: sub - login_attribute: cn + login_attribute: uid email_attribute: mail name_attribute: displayName uuid_attribute: uid uuid_attribute_type: text filter: "" - objectclass: posixAccount + objectclass: inetOrgPerson diff --git a/extensions/_includes/idp_configvars.md b/extensions/_includes/idp_configvars.md index 121fcc238d0..f8737d8b5cf 100644 --- a/extensions/_includes/idp_configvars.md +++ b/extensions/_includes/idp_configvars.md @@ -35,15 +35,16 @@ | IDP_ID_TOKEN_EXPIRATION | uint64 | 3600 | | | IDP_REFRESH_TOKEN_EXPIRATION | uint64 | 94608000 | | | | uint64 | 0 | | -| LDAP_URI;IDP_LDAP_URI | string | ldap://localhost:9125 | | -| LDAP_BIND_DN;IDP_LDAP_BIND_DN | string | cn=idp,ou=sysusers,dc=ocis,dc=test | | +| LDAP_URI;IDP_LDAP_URI | string | ldaps://localhost:9235 | | +| LDAP_CACERT;IDP_LDAP_TLS_CACERT | string | ~/.ocis/idm/ldap.crt | | +| LDAP_BIND_DN;IDP_LDAP_BIND_DN | string | uid=idp,ou=sysusers,o=libregraph-idm | | | LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD | string | idp | | -| LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN | string | ou=users,dc=ocis,dc=test | | +| LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN | string | ou=users,o=libregraph-idm | | | LDAP_USER_SCOPE;IDP_LDAP_SCOPE | string | sub | | -| IDP_LDAP_LOGIN_ATTRIBUTE | string | cn | | +| IDP_LDAP_LOGIN_ATTRIBUTE | string | uid | | | LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE | string | mail | | | LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE | string | displayName | | | LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE | string | uid | | | IDP_LDAP_UUID_ATTRIBUTE_TYPE | string | text | | | LDAP_USER_FILTER;IDP_LDAP_FILTER | string | | | -| LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS | string | posixAccount | | \ No newline at end of file +| LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS | string | inetOrgPerson | | \ No newline at end of file diff --git a/extensions/_includes/ocs-config-example.yaml b/extensions/_includes/ocs-config-example.yaml index 65f9f318f48..95fd9436717 100644 --- a/extensions/_includes/ocs-config-example.yaml +++ b/extensions/_includes/ocs-config-example.yaml @@ -40,6 +40,6 @@ reva: address: 127.0.0.1:9142 identity_management: address: https://localhost:9200 -account_backend: accounts +account_backend: cs3 storage_users_driver: ocis machine_auth_api_key: change-me-please diff --git a/extensions/_includes/ocs_configvars.md b/extensions/_includes/ocs_configvars.md index 0c12be151bf..d8aad8f2a37 100644 --- a/extensions/_includes/ocs_configvars.md +++ b/extensions/_includes/ocs_configvars.md @@ -11,6 +11,6 @@ | OCIS_JWT_SECRET;OCS_JWT_SECRET | string | Pive-Fumkiu4 | | | REVA_GATEWAY | string | 127.0.0.1:9142 | | | OCIS_URL;OCS_IDM_ADDRESS | string | https://localhost:9200 | | -| OCS_ACCOUNT_BACKEND_TYPE | string | accounts | | +| OCS_ACCOUNT_BACKEND_TYPE | string | cs3 | | | STORAGE_USERS_DRIVER;OCS_STORAGE_USERS_DRIVER | string | ocis | | | OCIS_MACHINE_AUTH_API_KEY;OCS_MACHINE_AUTH_API_KEY | string | change-me-please | | \ No newline at end of file diff --git a/extensions/_includes/proxy-config-example.yaml b/extensions/_includes/proxy-config-example.yaml index c3e774b2573..3ea8b4c83f2 100644 --- a/extensions/_includes/proxy-config-example.yaml +++ b/extensions/_includes/proxy-config-example.yaml @@ -153,7 +153,7 @@ pre_signed_url: allowed_http_methods: - GET enabled: true -account_backend: accounts +account_backend: cs3 user_oidc_claim: email user_cs3_claim: mail machine_auth_api_key: change-me-please diff --git a/extensions/_includes/proxy_configvars.md b/extensions/_includes/proxy_configvars.md index a3be1d11aae..09ab54f17ab 100644 --- a/extensions/_includes/proxy_configvars.md +++ b/extensions/_includes/proxy_configvars.md @@ -18,7 +18,7 @@ | PROXY_OIDC_USERINFO_CACHE_TTL | int | 10 | | | OCIS_JWT_SECRET;PROXY_JWT_SECRET | string | Pive-Fumkiu4 | | | PROXY_ENABLE_PRESIGNEDURLS | bool | true | | -| PROXY_ACCOUNT_BACKEND_TYPE | string | accounts | | +| PROXY_ACCOUNT_BACKEND_TYPE | string | cs3 | | | PROXY_USER_OIDC_CLAIM | string | email | | | PROXY_USER_CS3_CLAIM | string | mail | | | OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY | string | change-me-please | | diff --git a/extensions/_includes/storage-config-example.yaml b/extensions/_includes/storage-config-example.yaml index d61f2f0daa8..51cf8b3087b 100644 --- a/extensions/_includes/storage-config-example.yaml +++ b/extensions/_includes/storage-config-example.yaml @@ -31,21 +31,21 @@ reva: uid_claim: "" gid_claim: "" ldap: - uri: ldaps://localhost:9126 - ca_cert: ~/.ocis/ldap/ldap.crt + uri: ldaps://localhost:9235 + ca_cert: ~/.ocis/idm/ldap.crt insecure: false - user_base_dn: dc=ocis,dc=test - group_base_dn: dc=ocis,dc=test + user_base_dn: ou=users,o=libregraph-idm + group_base_dn: ou=groups,o=libregraph-idm user_scope: sub group_scope: sub - user_objectclass: posixAccount - group_objectclass: posixGroup + user_objectclass: inetOrgPerson + group_objectclass: groupOfNames user_filter: "" group_filter: "" login_attributes: - - cn + - uid - mail - bind_dn: cn=reva,ou=sysusers,dc=ocis,dc=test + bind_dn: uid=reva,ou=sysusers,o=libregraph-idm bind_password: reva idp: https://localhost:9200 user_schema: @@ -53,16 +53,16 @@ reva: id_is_octet_string: false mail: mail display_name: displayname - user_name: cn + user_name: uid uid_number: uidnumber gid_number: gidnumber group_schema: - id: cn + id: ownclouduuid id_is_octet_string: false mail: mail display_name: cn group_name: cn - member: cn + member: member gid_number: gidnumber user_group_rest: client_id: "" diff --git a/extensions/_includes/user-config-example.yaml b/extensions/_includes/user-config-example.yaml index 0ba76d159c7..1715a5cbe88 100644 --- a/extensions/_includes/user-config-example.yaml +++ b/extensions/_includes/user-config-example.yaml @@ -27,19 +27,21 @@ drivers: json: file: "" ldap: - uri: ldaps://localhost:9126 - cacert: ~/.ocis/ldap/ldap.crt + uri: ldaps://localhost:9235 + cacert: ~/.ocis/idm/ldap.crt insecure: false - binddn: cn=reva,ou=sysusers,dc=ocis,dc=test + binddn: uid=reva,ou=sysusers,o=libregraph-idm bindpassword: reva - userbasedn: dc=ocis,dc=test - groupbasedn: dc=ocis,dc=test + userbasedn: ou=users,o=libregraph-idm + groupbasedn: ou=groups,o=libregraph-idm + userscope: sub + groupscope: sub userfilter: "" groupfilter: "" - userobjectclass: posixAccount - groupobjectclass: posixGroup + userobjectclass: inetOrgPerson + groupobjectclass: groupOfNames loginattributes: - - cn + - uid - mail idp: https://localhost:9200 gatewayendpoint: "" @@ -48,14 +50,14 @@ drivers: idisoctetstring: false mail: mail displayname: displayname - username: cn + username: uid groupschema: - id: cn + id: ownclouduuid idisoctetstring: false mail: mail displayname: cn groupname: cn - member: cn + member: member owncloudsql: dbusername: owncloud dbpassword: secret diff --git a/extensions/_includes/user_configvars.md b/extensions/_includes/user_configvars.md index 19b36ed96d3..172e36bc65d 100644 --- a/extensions/_includes/user_configvars.md +++ b/extensions/_includes/user_configvars.md @@ -8,27 +8,29 @@ | USERS_DEBUG_ZPAGES | bool | false | | | USERS_GRPC_ADDR | string | 127.0.0.1:9144 | The address of the grpc service.| | USERS_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.| -| LDAP_URI;USERS_LDAP_URI | string | ldaps://localhost:9126 | | -| LDAP_CACERT;USERS_LDAP_CACERT | string | ~/.ocis/ldap/ldap.crt | | +| LDAP_URI;USERS_LDAP_URI | string | ldaps://localhost:9235 | | +| LDAP_CACERT;USERS_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | | | LDAP_INSECURE;USERS_LDAP_INSECURE | bool | false | | -| LDAP_BIND_DN;USERS_LDAP_BIND_DN | string | cn=reva,ou=sysusers,dc=ocis,dc=test | | +| LDAP_BIND_DN;USERS_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | | | LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD | string | reva | | -| LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN | string | dc=ocis,dc=test | | -| LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN | string | dc=ocis,dc=test | | +| LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | | +| LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | | +| LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE | string | sub | | +| LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE | string | sub | | | LDAP_USERFILTER;USERS_LDAP_USERFILTER | string | | | | LDAP_GROUPFILTER;USERS_LDAP_USERFILTER | string | | | -| LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS | string | posixAccount | | -| LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS | string | posixGroup | | -| LDAP_LOGIN_ATTRIBUTES;USERS_LDAP_LOGIN_ATTRIBUTES | | [cn mail] | | +| LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS | string | inetOrgPerson | | +| LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS | string | groupOfNames | | +| LDAP_LOGIN_ATTRIBUTES;USERS_LDAP_LOGIN_ATTRIBUTES | | [uid mail] | | | OCIS_URL;USERS_IDP_URL | string | https://localhost:9200 | | | LDAP_USER_SCHEMA_ID;USERS_LDAP_USER_SCHEMA_ID | string | ownclouduuid | | | LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_USER_SCHEMA_MAIL;USERS_LDAP_USER_SCHEMA_MAIL | string | mail | | | LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME | string | displayname | | -| LDAP_USER_SCHEMA_USERNAME;USERS_LDAP_USER_SCHEMA_USERNAME | string | cn | | -| LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID | string | cn | | +| LDAP_USER_SCHEMA_USERNAME;USERS_LDAP_USER_SCHEMA_USERNAME | string | uid | | +| LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID | string | ownclouduuid | | | LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING | bool | false | | | LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL | string | mail | | | LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME | string | cn | | | LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME | string | cn | | -| LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER | string | cn | | \ No newline at end of file +| LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER | string | member | | \ No newline at end of file diff --git a/grpc_apis/ocis/messages/accounts/v0/grpc.md b/grpc_apis/ocis/messages/accounts/v0/grpc.md index 9bd6cac78d2..63709a101af 100644 --- a/grpc_apis/ocis/messages/accounts/v0/grpc.md +++ b/grpc_apis/ocis/messages/accounts/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.messages.accounts.v0" url: /grpc_apis/ocis_messages_accounts_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/messages/settings/v0/grpc.md b/grpc_apis/ocis/messages/settings/v0/grpc.md index 59affc442ef..5bbecd82352 100644 --- a/grpc_apis/ocis/messages/settings/v0/grpc.md +++ b/grpc_apis/ocis/messages/settings/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.messages.settings.v0" url: /grpc_apis/ocis_messages_settings_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/messages/store/v0/grpc.md b/grpc_apis/ocis/messages/store/v0/grpc.md index 9d557c1389f..b24dcab4c7c 100644 --- a/grpc_apis/ocis/messages/store/v0/grpc.md +++ b/grpc_apis/ocis/messages/store/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.messages.store.v0" url: /grpc_apis/ocis_messages_store_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/messages/thumbnails/v0/grpc.md b/grpc_apis/ocis/messages/thumbnails/v0/grpc.md index 567d60f4f9e..cd12a5af3b7 100644 --- a/grpc_apis/ocis/messages/thumbnails/v0/grpc.md +++ b/grpc_apis/ocis/messages/thumbnails/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.messages.thumbnails.v0" url: /grpc_apis/ocis_messages_thumbnails_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/services/accounts/v0/grpc.md b/grpc_apis/ocis/services/accounts/v0/grpc.md index ed9ddad6af9..f764cb66543 100644 --- a/grpc_apis/ocis/services/accounts/v0/grpc.md +++ b/grpc_apis/ocis/services/accounts/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.services.accounts.v0" url: /grpc_apis/ocis_services_accounts_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/services/settings/v0/grpc.md b/grpc_apis/ocis/services/settings/v0/grpc.md index 689229b521a..6d58eab592b 100644 --- a/grpc_apis/ocis/services/settings/v0/grpc.md +++ b/grpc_apis/ocis/services/settings/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.services.settings.v0" url: /grpc_apis/ocis_services_settings_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/services/store/v0/grpc.md b/grpc_apis/ocis/services/store/v0/grpc.md index fe09533b958..7081a20068e 100644 --- a/grpc_apis/ocis/services/store/v0/grpc.md +++ b/grpc_apis/ocis/services/store/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.services.store.v0" url: /grpc_apis/ocis_services_store_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis --- diff --git a/grpc_apis/ocis/services/thumbnails/v0/grpc.md b/grpc_apis/ocis/services/thumbnails/v0/grpc.md index db3fde249e6..bf738b6d837 100644 --- a/grpc_apis/ocis/services/thumbnails/v0/grpc.md +++ b/grpc_apis/ocis/services/thumbnails/v0/grpc.md @@ -1,7 +1,7 @@ --- title: "ocis.services.thumbnails.v0" url: /grpc_apis/ocis_services_thumbnails_v0 -date: 2022-04-27T07:23:00Z +date: 2022-04-27T08:09:41Z weight: 50 geekdocRepo: https://github.com/owncloud/ocis ---