feat: refine way of adding users to instances

Signed-off-by: Julian Koberg <julian.koberg@kiteworks.com>
2026-04-25 17:25:21 +02:00 · 2026-01-13 12:54:19 +01:00
parent ddc6cb0651
commit 09c2dfbd11
13 changed files with 180 additions and 81 deletions
--- a/deployments/examples/ocis_multi/config/ldap/ldif/04_internal.ldif
+++ b/deployments/examples/ocis_multi/config/ldap/ldif/04_internal.ldif
@@ -6,3 +6,15 @@ objectClass: top
 objectClass: organizationalRole
 description: to be used for refint in empty groups
 cn: nobody
+
+dn: cn=ec730a6c-1b63-4b45-b83b-9e2311afdf85,dc=owncloud,dc=com
+objectClass: top
+objectClass: organizationalRole
+description: base
+cn: ec730a6c-1b63-4b45-b83b-9e2311afdf85
+
+dn: cn=8d24cb5f-6ee6-4b98-86df-c4c268dddb46,dc=owncloud,dc=com
+objectClass: top
+objectClass: organizationalRole
+description: ocm
+cn: 8d24cb5f-6ee6-4b98-86df-c4c268dddb46
--- a/deployments/examples/ocis_multi/config/ldap/ldif/20_users.ldif
+++ b/deployments/examples/ocis_multi/config/ldap/ldif/20_users.ldif
@@ -17,7 +17,7 @@ uidNumber: 20000
 gidNumber: 30000
 homeDirectory: /home/einstein
 ownCloudUUID: 4c510ada-c86b-4815-8820-42cdf82c3d51
-owncloudMemberOf: base
+owncloudMemberOf: ec730a6c-1b63-4b45-b83b-9e2311afdf85
 ownCloudRole: ocisUser
 userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ==

@@ -39,7 +39,7 @@ uidNumber: 20001
 gidNumber: 30000
 homeDirectory: /home/marie
 ownCloudUUID: f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c
-owncloudMemberOf: ocm
+owncloudMemberOf: 8d24cb5f-6ee6-4b98-86df-c4c268dddb46
 ownCloudRole: ocisUser
 userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ==

@@ -82,7 +82,7 @@ uidNumber: 20002
 gidNumber: 30000
 homeDirectory: /home/katherine
 ownCloudUUID: 534bb038-6f9d-4093-946f-133be61fa4e7
-owncloudMemberOf: base
+owncloudMemberOf: ec730a6c-1b63-4b45-b83b-9e2311afdf85
 ownCloudRole: ocisSpaceAdmin
 userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ==

@@ -104,7 +104,7 @@ uidNumber: 20003
 gidNumber: 30000
 homeDirectory: /home/moss
 ownCloudUUID: 058bff95-6708-4fe5-91e4-9ea3d377588b
-owncloudMemberOf: ocm
+owncloudMemberOf: 8d24cb5f-6ee6-4b98-86df-c4c268dddb46
 ownCloudRole: ocisAdmin
 userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc=

@@ -126,7 +126,7 @@ uidNumber: 20004
 gidNumber: 30000
 homeDirectory: /home/admin
 ownCloudUUID: ddc2004c-0977-11eb-9d3f-a793888cd0f8
-owncloudMemberOf: base
-owncloudMemberOf: ocm
+owncloudMemberOf: ec730a6c-1b63-4b45-b83b-9e2311afdf85
+owncloudMemberOf: 8d24cb5f-6ee6-4b98-86df-c4c268dddb46
 ownCloudRole: ocisAdmin
 userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo=
--- a/deployments/examples/ocis_multi/docker-compose.yml
+++ b/deployments/examples/ocis_multi/docker-compose.yml
@@ -88,11 +88,13 @@ services:
      OCIS_LDAP_INSECURE: "true"
      OCIS_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
      OCIS_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
+      OCIS_LDAP_USER_FILTER: "(objectclass=owncloud)"
      OCIS_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
      OCIS_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
      OCIS_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
      OCIS_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
      OCIS_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
+      OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE: "cn"
      LDAP_LOGIN_ATTRIBUTES: "uid"
      OCIS_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
      IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
@@ -102,9 +104,8 @@ services:
      GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
      # Multi-Instance Configuration
      OCIS_MULTI_INSTANCE_ENABLED: true
-      OCIS_MULTI_INSTANCE_INSTANCEID: "base"
+      OCIS_MULTI_INSTANCE_INSTANCEID: "ec730a6c-1b63-4b45-b83b-9e2311afdf85"
      # user filter required for multi-instance ocis
-      OCIS_LDAP_USER_FILTER: "(&(objectclass=owncloud)(|(ownCloudMemberOf=base)(ownCloudGuestOf=base)))"
      # Workaround needed to show external users - can be removed once fixed
      OCIS_SHOW_USER_EMAIL_IN_RESULTS: true
      PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: ownCloudRole
@@ -186,7 +187,7 @@ services:
      GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
      # Multi-Instance
      OCIS_MULTI_INSTANCE_ENABLED: true
-      OCIS_MULTI_INSTANCE_INSTANCEID: "ocm"
+      OCIS_MULTI_INSTANCE_INSTANCEID: "8d24cb5f-6ee6-4b98-86df-c4c268dddb46"
      # user filter required for multi-instance ocis
      OCIS_LDAP_USER_FILTER: "(&(objectclass=owncloud)(|(ownCloudMemberOf=ocm)(ownCloudGuestOf=ocm)))"
      # Workaround needed to show external users - can be removed once fixed