eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feat/add-keycloak-to-full

Browse Source
This commit is contained in:
Roman Perekhod
2026-03-24 12:40:16 +01:00
committed by GitHub
parent aa7c040d90 5908d90dfc
commit 4fe4f822a2
6 changed files with 325 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
changelog/unreleased/fix-log-data-path-at-startup.md Normal file
View File

@@ -0,0 +1,10 @@
Enhancement: Log effective data and config paths at startup
oCIS now logs the effective data path and config path at startup so
operators can immediately verify that data is written to the expected
location. This helps catch misconfigured Docker volume mounts where
data silently falls back to an ephemeral container path instead of
the intended persistent mount.
https://github.com/owncloud/ocis/pull/12117
https://github.com/owncloud/ocis/issues/12044

11
changelog/unreleased/fix-search-skipdir-reindex.md Normal file
View File

@@ -0,0 +1,11 @@
Bugfix: Always descend into directories during space reindexing
The search indexer's `IndexSpace` walk previously used `filepath.SkipDir`
to skip entire directory subtrees when the directory itself was already
indexed. After a failed or interrupted indexing run (e.g. Tika crash),
this caused thousands of unindexed files to be permanently skipped
because the parent directory's mtime had not changed. The indexer now
always descends into directories, relying on the O(1) per-file DocID
lookup to skip already-indexed files efficiently.
https://github.com/owncloud/ocis/pull/12119

311
docs/helpers/env_vars.yaml
View File

@@ -6038,10 +6038,10 @@ IDM_ADMIN_USER_ID:
removalVersion: ""
deprecationInfo: ""
IDM_CREATE_DEMO_USERS:
name: IDM_CREATE_DEMO_USERS
name: SETTINGS_SETUP_DEFAULT_ASSIGNMENTS;IDM_CREATE_DEMO_USERS
defaultValue: "false"
type: bool
description: Flag to enable or disable the creation of the demo users.
description: The default role assignments the demo users should be setup.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -7882,12 +7882,12 @@ OCDAV_WEBDAV_NAMESPACE:
removalVersion: ""
deprecationInfo: ""
OCIS_ADMIN_USER_ID:
name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID
name: OCIS_ADMIN_USER_ID;SETTINGS_ADMIN_USER_ID
defaultValue: ""
type: string
description: ID of the user who collects all necessary information for deletion.
Consider that the UUID can be encoded in some LDAP deployment configurations like
in .ldif files. These need to be decoded beforehand.
description: ID of the user that should receive admin privileges. Consider that
the UUID can be encoded in some LDAP deployment configurations like in .ldif files.
These need to be decoded beforehand.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -7912,28 +7912,28 @@ OCIS_ASYNC_UPLOADS:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_PASSWORD:
name: OCIS_CACHE_AUTH_PASSWORD;STORAGE_USERS_ID_CACHE_AUTH_PASSWORD
name: OCIS_CACHE_AUTH_PASSWORD;GRAPH_CACHE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the cache store. Only applies when
store type 'nats-js-kv' is configured.
description: The password to authenticate with the cache. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_USERNAME:
name: OCIS_CACHE_AUTH_USERNAME;STORAGE_USERS_ID_CACHE_AUTH_USERNAME
name: OCIS_CACHE_AUTH_USERNAME;GRAPH_CACHE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the cache store. Only applies when
store type 'nats-js-kv' is configured.
description: The username to authenticate with the cache. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_DATABASE:
name: OCIS_CACHE_DATABASE
defaultValue: ids-storage-users
defaultValue: cache-userinfo
type: string
description: The database name the configured store should use.
introductionVersion: pre5.0
@@ -7941,7 +7941,7 @@ OCIS_CACHE_DATABASE:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_DISABLE_PERSISTENCE:
name: OCIS_CACHE_DISABLE_PERSISTENCE;STORAGE_USERS_ID_CACHE_DISABLE_PERSISTENCE
name: OCIS_CACHE_DISABLE_PERSISTENCE;GRAPH_CACHE_DISABLE_PERSISTENCE
defaultValue: "false"
type: bool
description: Disables persistence of the cache. Only applies when store type 'nats-js-kv'
@@ -7951,7 +7951,7 @@ OCIS_CACHE_DISABLE_PERSISTENCE:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE:
name: OCIS_CACHE_STORE;STORAGE_USERS_ID_CACHE_STORE
name: OCIS_CACHE_STORE;GRAPH_CACHE_STORE
defaultValue: memory
type: string
description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'',
@@ -7961,11 +7961,11 @@ OCIS_CACHE_STORE:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE_NODES:
name: OCIS_CACHE_STORE_NODES;STORAGE_USERS_ID_CACHE_STORE_NODES
name: OCIS_CACHE_STORE_NODES;GRAPH_CACHE_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
type: '[]string'
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
when 'memory' store are configured. Note that the behaviour how nodes are used
is dependent on the library of the configured store. See the Environment Variable
Types description for more details.
introductionVersion: pre5.0
@@ -7973,13 +7973,11 @@ OCIS_CACHE_STORE_NODES:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_TTL:
name: OCIS_CACHE_TTL;STORAGE_USERS_ID_CACHE_TTL
defaultValue: 24m0s
name: OCIS_CACHE_TTL;GRAPH_CACHE_TTL
defaultValue: 336h0m0s
type: Duration
description: Default time to live for user info in the user info cache. Only applied
when access tokens have no expiration. Defaults to 300s which is derived from
the underlaying package though not explicitly set as default. See the Environment
Variable Types description for more details.
description: Time to live for cache records in the graph. Defaults to '336h' (2
weeks). See the Environment Variable Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -8022,46 +8020,46 @@ OCIS_CLAIM_MANAGED_SPACES_REGEXP:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_CREDENTIALS:
name: OCIS_CORS_ALLOW_CREDENTIALS;AUTH_APP_CORS_ALLOW_CREDENTIALS
name: OCIS_CORS_ALLOW_CREDENTIALS;THUMBNAILS_CORS_ALLOW_CREDENTIALS
defaultValue: "true"
type: bool
description: 'Allow credentials for CORS.See following chapter for more details:
*Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.'
introductionVersion: pre5.0
introductionVersion: "6.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_HEADERS:
name: OCIS_CORS_ALLOW_HEADERS;AUTH_APP_CORS_ALLOW_HEADERS
name: OCIS_CORS_ALLOW_HEADERS;THUMBNAILS_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id
Ocs-Apirequest]'
Cache-Control]'
type: '[]string'
description: 'A list of allowed CORS headers. See following chapter for more details:
*Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
See the Environment Variable Types description for more details.'
introductionVersion: pre5.0
introductionVersion: "6.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_METHODS:
name: OCIS_CORS_ALLOW_METHODS;AUTH_APP_CORS_ALLOW_METHODS
defaultValue: '[GET POST DELETE]'
name: OCIS_CORS_ALLOW_METHODS;THUMBNAILS_CORS_ALLOW_METHODS
defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]'
type: '[]string'
description: 'A list of allowed CORS methods. See following chapter for more details:
*Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method.
See the Environment Variable Types description for more details.'
introductionVersion: pre5.0
introductionVersion: "6.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_ORIGINS:
name: OCIS_CORS_ALLOW_ORIGINS;AUTH_APP_CORS_ALLOW_ORIGINS
name: OCIS_CORS_ALLOW_ORIGINS;THUMBNAILS_CORS_ALLOW_ORIGINS
defaultValue: '[*]'
type: '[]string'
description: 'A list of allowed CORS origins. See following chapter for more details:
*Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin.
See the Environment Variable Types description for more details.'
introductionVersion: pre5.0
introductionVersion: "6.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8178,27 +8176,25 @@ OCIS_ENABLE_OCM:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_PASSWORD:
name: OCIS_EVENTS_AUTH_PASSWORD;OCM_EVENTS_AUTH_PASSWORD
name: OCIS_EVENTS_AUTH_PASSWORD;SHARING_EVENTS_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the events broker. The events broker
is the ocis service which receives and delivers events between the services.
description: Password for the events broker.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_USERNAME:
name: OCIS_EVENTS_AUTH_USERNAME;OCM_EVENTS_AUTH_USERNAME
name: OCIS_EVENTS_AUTH_USERNAME;SHARING_EVENTS_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the events broker. The events broker
is the ocis service which receives and delivers events between the services.
description: Username for the events broker.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_CLUSTER:
name: OCIS_EVENTS_CLUSTER;OCM_EVENTS_CLUSTER
name: OCIS_EVENTS_CLUSTER;SHARING_EVENTS_CLUSTER
defaultValue: ocis-cluster
type: string
description: The clusterID of the event system. The event system is the message
@@ -8209,7 +8205,7 @@ OCIS_EVENTS_CLUSTER:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENABLE_TLS:
name: OCIS_EVENTS_ENABLE_TLS;OCM_EVENTS_ENABLE_TLS
name: OCIS_EVENTS_ENABLE_TLS;SHARING_EVENTS_ENABLE_TLS
defaultValue: "false"
type: bool
description: Enable TLS for the connection to the events broker. The events broker
@@ -8219,7 +8215,7 @@ OCIS_EVENTS_ENABLE_TLS:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENDPOINT:
name: OCIS_EVENTS_ENDPOINT;OCM_EVENTS_ENDPOINT
name: OCIS_EVENTS_ENDPOINT;SHARING_EVENTS_ENDPOINT
defaultValue: 127.0.0.1:9233
type: string
description: The address of the event system. The event system is the message queuing
@@ -8229,21 +8225,21 @@ OCIS_EVENTS_ENDPOINT:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE:
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE
defaultValue: ""
type: string
description: The root CA certificate used to validate the server's TLS certificate.
If provided OCM_EVENTS_TLS_INSECURE will be seen as false.
If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_GATEWAY_GRPC_ADDR:
name: OCIS_GATEWAY_GRPC_ADDR;STORAGE_USERS_GATEWAY_GRPC_ADDR
name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR
defaultValue: 127.0.0.1:9142
type: string
description: The bind address of the gateway GRPC address.
introductionVersion: "5.0"
description: The bind address of the GRPC service.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8271,11 +8267,11 @@ OCIS_GRPC_CLIENT_TLS_MODE:
removalVersion: ""
deprecationInfo: ""
OCIS_GRPC_PROTOCOL:
name: OCIS_GRPC_PROTOCOL;AUTH_APP_GRPC_PROTOCOL
name: OCIS_GRPC_PROTOCOL;SHARING_GRPC_PROTOCOL
defaultValue: ""
type: string
description: The transport protocol of the GRPC service.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8311,7 +8307,7 @@ OCIS_HTTP_TLS_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_INSECURE:
name: OCIS_INSECURE;OCM_EVENTS_TLS_INSECURE
name: OCIS_INSECURE;SHARING_EVENTS_TLS_INSECURE
defaultValue: "false"
type: bool
description: Whether to verify the server TLS certificates.
@@ -8320,11 +8316,11 @@ OCIS_INSECURE:
removalVersion: ""
deprecationInfo: ""
OCIS_JWT_SECRET:
name: OCIS_JWT_SECRET;AUTH_APP_JWT_SECRET
name: OCIS_JWT_SECRET;SHARING_JWT_SECRET
defaultValue: ""
type: string
description: The secret to mint and validate jwt tokens.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8384,8 +8380,8 @@ OCIS_KEYCLOAK_USER_REALM:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_DN:
name: OCIS_LDAP_BIND_DN;GRAPH_LDAP_BIND_DN
defaultValue: uid=libregraph,ou=sysusers,o=libregraph-idm
name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN
defaultValue: uid=reva,ou=sysusers,o=libregraph-idm
type: string
description: LDAP DN to use for simple bind authentication with the target LDAP
server.
@@ -8394,7 +8390,7 @@ OCIS_LDAP_BIND_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_PASSWORD:
name: OCIS_LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD
name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD
defaultValue: ""
type: string
description: Password to use for authenticating the 'bind_dn'.
@@ -8403,7 +8399,7 @@ OCIS_LDAP_BIND_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_CACERT:
name: OCIS_LDAP_CACERT;GRAPH_LDAP_CACERT
name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT
defaultValue: /var/lib/ocis/idm/ldap.crt
type: string
description: Path/File name for the root CA certificate (in PEM format) used to
@@ -8424,20 +8420,20 @@ OCIS_LDAP_CROSS_INSTANCE_REFERENCE_TEMPLATE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLE_USER_MECHANISM:
name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM
name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM
defaultValue: attribute
type: string
description: An option to control the behavior for disabling users. Supported options
description: An option to control the behavior for disabling users. Valid options
are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API
will add the user to the configured group for disabled users, if set to 'attribute'
this will be done in the ldap user entry, if set to 'none' the disable request
is not processed. Default is 'attribute'.
is not processed.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLED_USERS_GROUP_DN:
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN
defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm
type: string
description: The distinguished name of the group to which added users will be classified
@@ -8457,7 +8453,7 @@ OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_BASE_DN:
name: OCIS_LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN
name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN
defaultValue: ou=groups,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP groups.
@@ -8466,7 +8462,7 @@ OCIS_LDAP_GROUP_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_FILTER:
name: OCIS_LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER
name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for group searches.
@@ -8475,7 +8471,7 @@ OCIS_LDAP_GROUP_FILTER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_OBJECTCLASS:
name: OCIS_LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS
name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS
defaultValue: groupOfNames
type: string
description: The object class to use for groups in the default group search filter
@@ -8485,7 +8481,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the displayname of groups (often the same
@@ -8495,7 +8491,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GRAPH_LDAP_GROUP_NAME_ATTRIBUTE
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the name of groups.
@@ -8504,28 +8500,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID:
name: OCIS_LDAP_GROUP_SCHEMA_ID;GRAPH_LDAP_GROUP_ID_ATTRIBUTE
defaultValue: owncloudUUID
name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP Attribute to use as the unique id for groups. This should be a
stable globally unique ID like a UUID.
stable globally unique id (e.g. a UUID).
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GRAPH_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'ID' attribute for groups is of the
'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of
Active Directory for the group ID's.
description: Set this to true if the defined 'id' attribute for groups is of the
'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute
of Active Directory for the group IDs.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MAIL:
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP Attribute to use for the email address of groups (can be empty).
@@ -8534,7 +8530,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MEMBER:
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GRAPH_LDAP_GROUP_MEMBER_ATTRIBUTE
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER
defaultValue: member
type: string
description: LDAP Attribute that is used for group members.
@@ -8543,17 +8539,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCOPE:
name: OCIS_LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE
name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up groups. Supported scopes are
description: LDAP search scope to use when looking up groups. Supported values are
'base', 'one' and 'sub'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_INSECURE:
name: OCIS_LDAP_INSECURE;GRAPH_LDAP_INSECURE
name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE
defaultValue: "false"
type: bool
description: Disable TLS certificate validation for the LDAP connections. Do not
@@ -8633,7 +8629,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_URI:
name: OCIS_LDAP_URI;GRAPH_LDAP_URI
name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI
defaultValue: ldaps://localhost:9235
type: string
description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://'
@@ -8643,7 +8639,7 @@ OCIS_LDAP_URI:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_BASE_DN:
name: OCIS_LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN
name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN
defaultValue: ou=users,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP users.
@@ -8652,16 +8648,16 @@ OCIS_LDAP_USER_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_ENABLED_ATTRIBUTE:
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE
defaultValue: ownCloudUserEnabled
type: string
description: LDAP Attribute to use as a flag telling if the user is enabled or disabled.
description: LDAP attribute to use as a flag telling if the user is enabled or disabled.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_FILTER:
name: OCIS_LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER
name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
@@ -8690,7 +8686,7 @@ OCIS_LDAP_USER_MEMBER_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_OBJECTCLASS:
name: OCIS_LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS
name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS
defaultValue: inetOrgPerson
type: string
description: The object class to use for users in the default user search filter
@@ -8700,14 +8696,14 @@ OCIS_LDAP_USER_OBJECTCLASS:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE
defaultValue: displayName
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME
defaultValue: displayname
type: string
description: LDAP Attribute to use for the display name of users.
description: LDAP Attribute to use for the displayname of users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
name: OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID;GRAPH_LDAP_EXTERNAL_ID_ATTRIBUTE
defaultValue: owncloudExternalID
@@ -8720,8 +8716,8 @@ OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID:
name: OCIS_LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE
defaultValue: owncloudUUID
name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP Attribute to use as the unique ID for users. This should be a
stable globally unique ID like a UUID.
@@ -8730,18 +8726,18 @@ OCIS_LDAP_USER_SCHEMA_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GRAPH_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'ID' attribute for users is of the
'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of
Active Directory for the user ID's.
'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute
of Active Directory for the user IDs.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_MAIL:
name: OCIS_LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP Attribute to use for the email address of users.
@@ -8760,7 +8756,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USERNAME:
name: OCIS_LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME
defaultValue: uid
type: string
description: LDAP Attribute to use for username of users.
@@ -8769,70 +8765,70 @@ OCIS_LDAP_USER_SCHEMA_USERNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCOPE:
name: OCIS_LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE
name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up users. Supported scopes are
description: LDAP search scope to use when looking up users. Supported values are
'base', 'one' and 'sub'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_COLOR:
name: OCIS_LOG_COLOR;AUTH_APP_LOG_COLOR
name: OCIS_LOG_COLOR;SHARING_LOG_COLOR
defaultValue: "false"
type: bool
description: Activates colorized log output.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_FILE:
name: OCIS_LOG_FILE;AUTH_APP_LOG_FILE
name: OCIS_LOG_FILE;SHARING_LOG_FILE
defaultValue: ""
type: string
description: The path to the log file. Activates logging to this file if set.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_LEVEL:
name: OCIS_LOG_LEVEL;AUTH_APP_LOG_LEVEL
name: OCIS_LOG_LEVEL;SHARING_LOG_LEVEL
defaultValue: ""
type: string
description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'',
''warn'', ''info'', ''debug'', ''trace''.'
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_PRETTY:
name: OCIS_LOG_PRETTY;AUTH_APP_LOG_PRETTY
name: OCIS_LOG_PRETTY;SHARING_LOG_PRETTY
defaultValue: "false"
type: bool
description: Activates pretty log output.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_MACHINE_AUTH_API_KEY:
name: OCIS_MACHINE_AUTH_API_KEY;AUTH_APP_MACHINE_AUTH_API_KEY
name: OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY
defaultValue: ""
type: string
description: The machine auth API key used to validate internal requests necessary
to access resources from other services.
introductionVersion: 7.0.0
description: Machine auth API key used to validate internal requests necessary for
the access to resources from other services.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_MAX_CONCURRENCY:
name: OCIS_MAX_CONCURRENCY;STORAGE_USERS_S3NG_MAX_CONCURRENCY
defaultValue: "5"
name: OCIS_MAX_CONCURRENCY;SHARING_USER_JSONCS3_MAX_CONCURRENCY
defaultValue: "1"
type: int
description: Maximum number of concurrent go-routines. Higher values can potentially
get work done faster but will also cause more load on the system. Values of 0
or below will be ignored and the default value of 100 will be used.
introductionVersion: pre5.0
or below will be ignored and the default value will be used.
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8936,16 +8932,17 @@ OCIS_OIDC_CLIENT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_OIDC_ISSUER:
name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER
name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL
defaultValue: https://localhost:9200
type: string
description: URL of the OIDC issuer. It defaults to URL of the builtin IDP.
description: The identity provider value to set in the userids of the CS3 user objects
for users returned by this user provider.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
defaultValue: ""
type: string
description: Path to the 'banned passwords list' file. This only impacts public
@@ -8955,7 +8952,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_DISABLED:
name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED
name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED
defaultValue: "false"
type: bool
description: Disable the password policy. Defaults to false if not set.
@@ -8964,7 +8961,7 @@ OCIS_PASSWORD_POLICY_DISABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS
defaultValue: "8"
type: int
description: Define the minimum password length. Defaults to 8 if not set.
@@ -8973,7 +8970,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_DIGITS:
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS
defaultValue: "1"
type: int
description: Define the minimum number of digits. Defaults to 1 if not set.
@@ -8982,7 +8979,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of uppercase letters. Defaults to 1 if not
@@ -8992,7 +8989,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of characters from the special characters
@@ -9002,7 +8999,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of lowercase letters. Defaults to 1 if not
@@ -9012,54 +9009,54 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE:
name: OCIS_PERSISTENT_STORE;NOTIFICATIONS_STORE
name: OCIS_PERSISTENT_STORE;COLLABORATION_STORE
defaultValue: nats-js-kv
type: string
description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'',
''redis-sentinel'', ''noop''. See the text description for details.'
introductionVersion: 7.1.0
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_PASSWORD:
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;NOTIFICATIONS_STORE_AUTH_PASSWORD
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;COLLABORATION_STORE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the store. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: 7.1.0
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_USERNAME:
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;NOTIFICATIONS_STORE_AUTH_USERNAME
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;COLLABORATION_STORE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the store. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: 7.1.0
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_NODES:
name: OCIS_PERSISTENT_STORE_NODES;NOTIFICATIONS_STORE_NODES
name: OCIS_PERSISTENT_STORE_NODES;COLLABORATION_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
type: '[]string'
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
is dependent on the library of the configured store. See the Environment Variable
Types description for more details.
introductionVersion: 7.1.0
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_TTL:
name: OCIS_PERSISTENT_STORE_TTL;NOTIFICATIONS_STORE_TTL
defaultValue: 336h0m0s
name: OCIS_PERSISTENT_STORE_TTL;COLLABORATION_STORE_TTL
defaultValue: 30m0s
type: Duration
description: Time to live for notifications in the store. Defaults to '336h' (2
weeks). See the Environment Variable Types description for more details.
introductionVersion: 7.1.0
description: Time to live for events in the store. Defaults to '30m' (30 minutes).
See the Environment Variable Types description for more details.
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -9104,7 +9101,7 @@ OCIS_REVA_GATEWAY_TLS_MODE:
removalVersion: ""
deprecationInfo: ""
OCIS_SERVICE_ACCOUNT_ID:
name: OCIS_SERVICE_ACCOUNT_ID;OCM_SERVICE_ACCOUNT_ID
name: OCIS_SERVICE_ACCOUNT_ID;GRAPH_SERVICE_ACCOUNT_ID
defaultValue: ""
type: string
description: The ID of the service account the service should use. See the 'auth-service'
@@ -9114,7 +9111,7 @@ OCIS_SERVICE_ACCOUNT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_SERVICE_ACCOUNT_SECRET:
name: OCIS_SERVICE_ACCOUNT_SECRET;OCM_SERVICE_ACCOUNT_SECRET
name: OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET
defaultValue: ""
type: string
description: The service account secret.
@@ -9123,7 +9120,7 @@ OCIS_SERVICE_ACCOUNT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
defaultValue: "true"
type: bool
description: Set this to true if you want to enforce passwords on all public shares.
@@ -9132,11 +9129,11 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
defaultValue: "false"
type: bool
description: Set this to true if you want to enforce passwords for writable shares.
Only effective if the setting for 'passwords on all public shares' is set to false.
description: Set this to true if you want to enforce passwords on Uploader, Editor
or Contributor shares.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
@@ -9153,7 +9150,7 @@ OCIS_SPACES_MAX_QUOTA:
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_API_KEY:
name: OCIS_SYSTEM_USER_API_KEY
name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY
defaultValue: ""
type: string
description: API key for the STORAGE-SYSTEM system user.
@@ -9162,10 +9159,10 @@ OCIS_SYSTEM_USER_API_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_ID:
name: OCIS_SYSTEM_USER_ID
name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID
defaultValue: ""
type: string
description: ID of the oCIS storage-system system user. Admins need to set the ID
description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID
for the STORAGE-SYSTEM system user in this config option which is then used to
reference the user. Any reasonable long string is possible, preferably this would
be an UUIDv4 format.
@@ -9183,40 +9180,40 @@ OCIS_SYSTEM_USER_IDP:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_COLLECTOR:
name: OCIS_TRACING_COLLECTOR;AUTH_APP_TRACING_COLLECTOR
name: OCIS_TRACING_COLLECTOR;SHARING_TRACING_COLLECTOR
defaultValue: ""
type: string
description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces.
Only used if the tracing endpoint is unset.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENABLED:
name: OCIS_TRACING_ENABLED;AUTH_APP_TRACING_ENABLED
name: OCIS_TRACING_ENABLED;SHARING_TRACING_ENABLED
defaultValue: "false"
type: bool
description: Activates tracing.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENDPOINT:
name: OCIS_TRACING_ENDPOINT;AUTH_APP_TRACING_ENDPOINT
name: OCIS_TRACING_ENDPOINT;SHARING_TRACING_ENDPOINT
defaultValue: ""
type: string
description: The endpoint of the tracing agent.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_TYPE:
name: OCIS_TRACING_TYPE;AUTH_APP_TRACING_TYPE
name: OCIS_TRACING_TYPE;SHARING_TRACING_TYPE
defaultValue: ""
type: string
description: The type of tracing. Defaults to '', which is the same as 'jaeger'.
Allowed tracing types are 'jaeger', 'otlp' and '' as of now.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -9241,10 +9238,11 @@ OCIS_TRANSLATION_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_URL:
name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER
name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL
defaultValue: https://localhost:9200
type: string
description: URL of the OIDC issuer. It defaults to URL of the builtin IDP.
description: The identity provider value to set in the userids of the CS3 user objects
for users returned by this user provider.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9259,11 +9257,12 @@ OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES:
removalVersion: ""
deprecationInfo: ""
OCIS_WOPI_DISABLE_CHAT:
name: APP_PROVIDER_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
defaultValue: "false"
type: bool
description: Disable the chat functionality of the office app.
introductionVersion: pre5.0
description: Disable chat in the office web frontend. This feature applies to OnlyOffice
and Microsoft.
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""

8
ocis/pkg/runtime/service/service.go
View File

@@ -27,6 +27,7 @@ import (
"github.com/thejerf/suture/v4"
ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
@@ -370,6 +371,13 @@ func Start(ctx context.Context, o ...Option) error {
return err
}
// Log the effective data and config paths at startup so operators can
// verify that data is written to the expected location.
s.Log.Info().
Str("data_path", defaults.BaseDataPath()).
Str("config_path", defaults.BaseConfigPath()).
Msg("effective data and config paths")
// cancel the context when a signal is received.
var cancel context.CancelFunc = func() {}
if ctx == nil {

7
services/search/pkg/search/service.go
View File

@@ -469,8 +469,11 @@ func (s *Service) IndexSpace(spaceID *provider.StorageSpaceId) error {
docMtime, parseErr := time.Parse(time.RFC3339Nano, r.Mtime)
if parseErr == nil && !docMtime.Before(fileMtime) {
if info.Type == provider.ResourceType_RESOURCE_TYPE_CONTAINER {
s.logger.Debug().Str("path", ref.Path).Msg("subtree hasn't changed. Skipping.")
return filepath.SkipDir
// Always descend into directories — a directory's
// mtime only reflects direct child add/remove, not
// whether all children were successfully indexed.
// With O(1) DocID lookups the cost is negligible.
return nil
}
s.logger.Debug().Str("path", ref.Path).Msg("element hasn't changed. Skipping.")
return nil

136
services/search/pkg/search/service_test.go
View File

@@ -3,6 +3,9 @@ package search_test
import (
"context"
"errors"
"fmt"
"sync/atomic"
"time"
gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
@@ -200,6 +203,139 @@ var _ = Describe("Searchprovider", func() {
err := s.IndexSpace(&sprovider.StorageSpaceId{OpaqueId: "storageid$spaceid!spaceid"})
Expect(err).ShouldNot(HaveOccurred())
})
It("descends into already-indexed directories to index unvisited children", func() {
// Simulate a large tree where all directories are already indexed
// (mtime matches) but each contains one unindexed file — e.g. after
// a Tika crash interrupted a previous reindex run. The fix ensures
// we never SkipDir for directories, so children are always visited.
//
// 10,000 directories: pessimistic-case benchmark confirming the walker
// scales linearly even when every directory is already indexed.
const numDirs = 10000
gatewayClient.On("GetUserByClaim", mock.Anything, mock.Anything).Return(&userv1beta1.GetUserByClaimResponse{
Status: status.NewOK(context.Background()),
User: user,
}, nil)
extractor.On("Extract", mock.Anything, mock.Anything, mock.Anything).Return(content.Document{}, nil)
// The indexed mtime that the engine returns for directories.
indexedMtime := time.Unix(5000, 0).UTC().Format(time.RFC3339Nano)
// Build root: a container that lists numDirs child directories.
rootInfo := &sprovider.ResourceInfo{
Id: &sprovider.ResourceId{StorageId: "storageid", SpaceId: "spaceid", OpaqueId: "spaceid"},
Type: sprovider.ResourceType_RESOURCE_TYPE_CONTAINER,
Path: ".",
Mtime: &typesv1beta1.Timestamp{Seconds: 5000},
}
dirInfos := make([]*sprovider.ResourceInfo, numDirs)
for i := 0; i < numDirs; i++ {
dirInfos[i] = &sprovider.ResourceInfo{
Id: &sprovider.ResourceId{StorageId: "storageid", SpaceId: "spaceid", OpaqueId: fmt.Sprintf("dir-%d", i)},
Type: sprovider.ResourceType_RESOURCE_TYPE_CONTAINER,
Path: fmt.Sprintf("dir-%d", i),
Mtime: &typesv1beta1.Timestamp{Seconds: 5000},
}
}
// Pre-build file infos for each directory (map for O(1) dispatch).
fileInfoByDir := make(map[string]*sprovider.ResourceInfo, numDirs)
for i := 0; i < numDirs; i++ {
dirID := fmt.Sprintf("dir-%d", i)
fileInfoByDir[dirID] = &sprovider.ResourceInfo{
Id: &sprovider.ResourceId{StorageId: "storageid", SpaceId: "spaceid", OpaqueId: fmt.Sprintf("file-%d", i)},
ParentId: &sprovider.ResourceId{StorageId: "storageid", SpaceId: "spaceid", OpaqueId: dirID},
Type: sprovider.ResourceType_RESOURCE_TYPE_FILE,
Path: fmt.Sprintf("file-%d.pdf", i),
Size: 1024,
Mtime: &typesv1beta1.Timestamp{Seconds: 5000},
}
}
// Build path-to-fileInfo map for O(1) Stat dispatch.
fileInfoByPath := make(map[string]*sprovider.ResourceInfo, numDirs)
for dirID, fi := range fileInfoByDir {
fileInfoByPath["./"+dirID+"/"+fi.Path] = fi
}
// Single Stat mock dispatching via map — avoids 10k separate matchers.
gatewayClient.On("Stat", mock.Anything, mock.Anything).Return(
func(_ context.Context, sreq *sprovider.StatRequest, _ ...grpc.CallOption) *sprovider.StatResponse {
if sreq.Ref.ResourceId != nil && sreq.Ref.ResourceId.OpaqueId == "spaceid" {
return &sprovider.StatResponse{
Status: status.NewOK(context.Background()),
Info: rootInfo,
}
}
if fi, ok := fileInfoByPath[sreq.Ref.Path]; ok {
return &sprovider.StatResponse{
Status: status.NewOK(context.Background()),
Info: fi,
}
}
return &sprovider.StatResponse{Status: status.NewOK(context.Background()), Info: rootInfo}
},
func(_ context.Context, _ *sprovider.StatRequest, _ ...grpc.CallOption) error {
return nil
},
)
// Single ListContainer mock dispatching via map.
gatewayClient.On("ListContainer", mock.Anything, mock.Anything).Return(
func(_ context.Context, req *sprovider.ListContainerRequest, _ ...grpc.CallOption) *sprovider.ListContainerResponse {
opaqueID := req.Ref.ResourceId.OpaqueId
if opaqueID == "spaceid" {
return &sprovider.ListContainerResponse{
Status: status.NewOK(context.Background()),
Infos: dirInfos,
}
}
if fi, ok := fileInfoByDir[opaqueID]; ok {
return &sprovider.ListContainerResponse{
Status: status.NewOK(context.Background()),
Infos: []*sprovider.ResourceInfo{fi},
}
}
return &sprovider.ListContainerResponse{
Status: status.NewOK(context.Background()),
Infos: nil,
}
},
func(_ context.Context, _ *sprovider.ListContainerRequest, _ ...grpc.CallOption) error {
return nil
},
)
// Lookup: root and directories are already indexed with matching mtime.
// Use a map for O(1) lookup instead of linear scan (matters at 10k dirs).
indexedIDs := make(map[string]bool, numDirs+1)
indexedIDs["storageid$spaceid!spaceid"] = true
for i := 0; i < numDirs; i++ {
indexedIDs[fmt.Sprintf("storageid$spaceid!dir-%d", i)] = true
}
indexedResource := &engine.Resource{Document: content.Document{Mtime: indexedMtime}, Extracted: true}
indexClient.On("Lookup", mock.MatchedBy(func(id string) bool {
return indexedIDs[id] || len(id) > 18 // dir-N or file-N IDs
})).Return(func(id string) (*engine.Resource, error) {
if indexedIDs[id] {
return indexedResource, nil
}
// Files are not indexed.
return nil, engine.ErrResourceNotFound
})
// Track Upsert calls — each unindexed file should trigger one.
var upsertCount atomic.Int32
indexClient.On("Upsert", mock.Anything, mock.Anything).Run(func(_ mock.Arguments) {
upsertCount.Add(1)
}).Return(nil)
err := s.IndexSpace(&sprovider.StorageSpaceId{OpaqueId: "storageid$spaceid!spaceid"})
Expect(err).ShouldNot(HaveOccurred())
Expect(int(upsertCount.Load())).To(Equal(numDirs), "every unindexed file inside an already-indexed directory must be visited")
})
})
Describe("UpdateTags", func() {