eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-27 18:17:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

graph: new config option GRAPH_LDAP_GROUP_CREATE_BASE_DN

Browse Source 
By setting GRAPH_LDAP_GROUP_CREATE_BASE_DN a distinct subtree can be
configured where new LDAP groups are created. That subtree needs to be
subordinate to GRAPH_LDAP_GROUP_BASE_DN. All groups outside for
GRAPH_LDAP_GROUP_CREATE_BASE_DN are considered read-only and only groups
below that DN can be updated and deleted.

This is introduced for a pretty specific usecase where most groups are managed
in an external source (e.g. a read-only replica of an LDAP tree). But we still
want to allow the local administrator to create groups in a writeable subtree
attached to that replica.
This commit is contained in:
Ralf Haferkamp
2023-03-30 17:31:14 +02:00
committed by Ralf Haferkamp
parent 65a3fc09ca
commit 120887abcc
9 changed files with 216 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
services/graph/pkg/config/defaults/defaultconfig.go
View File

@@ -159,6 +159,10 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.Identity.LDAP.GroupCreateBaseDN == "" {
cfg.Identity.LDAP.GroupCreateBaseDN = cfg.Identity.LDAP.GroupBaseDN
}
}
// Sanitize sanitized the configuration