eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix group creation in multi-instance ocis

Browse Source 
Signed-off-by: Julian Koberg <julian.koberg@kiteworks.com>
This commit is contained in:
Julian Koberg
2026-01-22 13:54:38 +01:00
parent a62ad99903
commit 563bbf28c0
10 changed files with 285 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
deployments/examples/ocis_multi/docker-compose.yml
View File

@@ -89,7 +89,8 @@ services:
OCIS_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
OCIS_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
OCIS_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
OCIS_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
GRAPH_LDAP_GROUP_CREATE_BASE_DN: "ou=groups-ec730a6c-1b63-4b45-b83b-9e2311afdf85,ou=groups,dc=owncloud,dc=com"
OCIS_LDAP_GROUP_OBJECTCLASS: "owncloudGroup"
OCIS_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
OCIS_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
LDAP_LOGIN_ATTRIBUTES: "uid"
@@ -106,6 +107,7 @@ services:
OCIS_LDAP_GROUP_FILTER: "(&(objectclass=owncloud)(ownCloudMemberOf=ec730a6c-1b63-4b45-b83b-9e2311afdf85))"
OCIS_LDAP_USER_MEMBER_ATTRIBUTE: "owncloudMemberOf"
OCIS_LDAP_USER_GUEST_ATTRIBUTE: "ownCloudGuestOf"
OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE: "owncloudMemberOf"
OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE: "cn"
OCIS_LDAP_INSTANCE_MAPPER_ENABLED: true
OCIS_LDAP_INSTANCE_MAPPER_BASE_DN: "dc=owncloud,dc=com"
@@ -117,8 +119,9 @@ services:
OCIS_MULTI_INSTANCE_GUEST_ROLE: "user-light"
OCIS_LDAP_CROSS_INSTANCE_REFERENCE_TEMPLATE: "{{.Username}}@{{.Instancename}}.owncloud.test"
OCIS_LDAP_INSTANCE_URL_TEMPLATE: "https://{{.Instancename}}.owncloud.test"
# Workaround needed to show external users - can be removed once fixed
OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES: mail
# FIXME: sync groups properly to keycloak and remove the next line
PROXY_AUTOPROVISION_CLAIM_GROUPS: ""
# specific for deployment example
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: ownCloudRole
volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt

328
docs/helpers/env_vars.yaml
View File

@@ -7882,12 +7882,12 @@ OCDAV_WEBDAV_NAMESPACE:
removalVersion: ""
deprecationInfo: ""
OCIS_ADMIN_USER_ID:
name: OCIS_ADMIN_USER_ID;IDM_ADMIN_USER_ID
name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID
defaultValue: ""
type: string
description: ID of the user that should receive admin privileges. Consider that
the UUID can be encoded in some LDAP deployment configurations like in .ldif files.
These need to be decoded beforehand.
description: ID of the user who collects all necessary information for deletion.
Consider that the UUID can be encoded in some LDAP deployment configurations like
in .ldif files. These need to be decoded beforehand.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -7903,7 +7903,7 @@ OCIS_ASSET_THEMES_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_ASYNC_UPLOADS:
name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS
name: OCIS_ASYNC_UPLOADS
defaultValue: "true"
type: bool
description: Enable asynchronous file uploads.
@@ -7912,28 +7912,28 @@ OCIS_ASYNC_UPLOADS:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_PASSWORD:
name: OCIS_CACHE_AUTH_PASSWORD;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD
name: OCIS_CACHE_AUTH_PASSWORD;STORAGE_USERS_ID_CACHE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the store. Only applies when store
type 'nats-js-kv' is configured.
description: The password to authenticate with the cache store. Only applies when
store type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_USERNAME:
name: OCIS_CACHE_AUTH_USERNAME;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME
name: OCIS_CACHE_AUTH_USERNAME;STORAGE_USERS_ID_CACHE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the store. Only applies when store
type 'nats-js-kv' is configured.
description: The username to authenticate with the cache store. Only applies when
store type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_DATABASE:
name: OCIS_CACHE_DATABASE
defaultValue: cache-userinfo
defaultValue: ids-storage-users
type: string
description: The database name the configured store should use.
introductionVersion: pre5.0
@@ -7941,43 +7941,46 @@ OCIS_CACHE_DATABASE:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_DISABLE_PERSISTENCE:
name: OCIS_CACHE_DISABLE_PERSISTENCE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE
defaultValue: "true"
name: OCIS_CACHE_DISABLE_PERSISTENCE;STORAGE_USERS_ID_CACHE_DISABLE_PERSISTENCE
defaultValue: "false"
type: bool
description: Disables persistence of the store. Only applies when store type 'nats-js-kv'
is configured. Defaults to true.
description: Disables persistence of the cache. Only applies when store type 'nats-js-kv'
is configured. Defaults to false.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE:
name: OCIS_CACHE_STORE;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE
defaultValue: nats-js-kv
name: OCIS_CACHE_STORE;STORAGE_USERS_ID_CACHE_STORE
defaultValue: memory
type: string
description: 'The type of the signing key store. Supported values are: ''redis-sentinel''
and ''nats-js-kv''. See the text description for details.'
introductionVersion: "5.0"
description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'',
''nats-js-kv'', ''noop''. See the text description for details.'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE_NODES:
name: OCIS_CACHE_STORE_NODES;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES
name: OCIS_CACHE_STORE_NODES;STORAGE_USERS_ID_CACHE_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
type: '[]string'
description: A list of nodes to access the configured store. Note that the behaviour
how nodes are used is dependent on the library of the configured store. See the
Environment Variable Types description for more details.
introductionVersion: "5.0"
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
is dependent on the library of the configured store. See the Environment Variable
Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_TTL:
name: OCIS_CACHE_TTL;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL
defaultValue: 12h0m0s
name: OCIS_CACHE_TTL;STORAGE_USERS_ID_CACHE_TTL
defaultValue: 24m0s
type: Duration
description: Default time to live for signing keys. See the Environment Variable
Types description for more details.
introductionVersion: "5.0"
description: Default time to live for user info in the user info cache. Only applied
when access tokens have no expiration. Defaults to 300s which is derived from
the underlaying package though not explicitly set as default. See the Environment
Variable Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8019,8 +8022,8 @@ OCIS_CLAIM_MANAGED_SPACES_REGEXP:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_CREDENTIALS:
name: OCIS_CORS_ALLOW_CREDENTIALS;WEBDAV_CORS_ALLOW_CREDENTIALS
defaultValue: "true"
name: OCIS_CORS_ALLOW_CREDENTIALS;STORAGE_USERS_CORS_ALLOW_CREDENTIALS
defaultValue: "false"
type: bool
description: 'Allow credentials for CORS.See following chapter for more details:
*Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.'
@@ -8029,9 +8032,10 @@ OCIS_CORS_ALLOW_CREDENTIALS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_HEADERS:
name: OCIS_CORS_ALLOW_HEADERS;WEBDAV_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id
Cache-Control]'
name: OCIS_CORS_ALLOW_HEADERS;STORAGE_USERS_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin X-Requested-With X-Request-Id X-HTTP-Method-Override
Content-Type Upload-Length Upload-Offset Tus-Resumable Upload-Metadata Upload-Defer-Length
Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]'
type: '[]string'
description: 'A list of allowed CORS headers. See following chapter for more details:
*Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
@@ -8041,8 +8045,8 @@ OCIS_CORS_ALLOW_HEADERS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_METHODS:
name: OCIS_CORS_ALLOW_METHODS;WEBDAV_CORS_ALLOW_METHODS
defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]'
name: OCIS_CORS_ALLOW_METHODS;STORAGE_USERS_CORS_ALLOW_METHODS
defaultValue: '[POST HEAD PATCH OPTIONS GET DELETE]'
type: '[]string'
description: 'A list of allowed CORS methods. See following chapter for more details:
*Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method.
@@ -8052,8 +8056,8 @@ OCIS_CORS_ALLOW_METHODS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_ORIGINS:
name: OCIS_CORS_ALLOW_ORIGINS;WEBDAV_CORS_ALLOW_ORIGINS
defaultValue: '[*]'
name: OCIS_CORS_ALLOW_ORIGINS;STORAGE_USERS_CORS_ALLOW_ORIGINS
defaultValue: '[https://localhost:9200]'
type: '[]string'
description: 'A list of allowed CORS origins. See following chapter for more details:
*Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin.
@@ -8148,7 +8152,7 @@ OCIS_DISABLE_VERSIONING:
removalVersion: ""
deprecationInfo: ""
OCIS_EDITION:
name: OCIS_EDITION;FRONTEND_EDITION
name: OCIS_EDITION;OCDAV_EDITION
defaultValue: Community
type: string
description: Edition of oCIS. Used for branding purposes.
@@ -8166,36 +8170,34 @@ OCIS_EMAIL_TEMPLATE_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_ENABLE_OCM:
name: OCIS_ENABLE_OCM
name: OCIS_ENABLE_OCM;GRAPH_INCLUDE_OCM_SHAREES
defaultValue: "false"
type: bool
description: Include OCM sharees when listing sharees.
description: Include OCM sharees when listing users.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_PASSWORD:
name: OCIS_EVENTS_AUTH_PASSWORD;POSTPROCESSING_EVENTS_AUTH_PASSWORD
name: OCIS_EVENTS_AUTH_PASSWORD;SHARING_EVENTS_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the events broker. The events broker
is the ocis service which receives and delivers events between the services.
description: Password for the events broker.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_USERNAME:
name: OCIS_EVENTS_AUTH_USERNAME;POSTPROCESSING_EVENTS_AUTH_USERNAME
name: OCIS_EVENTS_AUTH_USERNAME;SHARING_EVENTS_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the events broker. The events broker
is the ocis service which receives and delivers events between the services.
description: Username for the events broker.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_CLUSTER:
name: OCIS_EVENTS_CLUSTER;POSTPROCESSING_EVENTS_CLUSTER
name: OCIS_EVENTS_CLUSTER;SHARING_EVENTS_CLUSTER
defaultValue: ocis-cluster
type: string
description: The clusterID of the event system. The event system is the message
@@ -8206,7 +8208,7 @@ OCIS_EVENTS_CLUSTER:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENABLE_TLS:
name: OCIS_EVENTS_ENABLE_TLS;POSTPROCESSING_EVENTS_ENABLE_TLS
name: OCIS_EVENTS_ENABLE_TLS;SHARING_EVENTS_ENABLE_TLS
defaultValue: "false"
type: bool
description: Enable TLS for the connection to the events broker. The events broker
@@ -8216,7 +8218,7 @@ OCIS_EVENTS_ENABLE_TLS:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENDPOINT:
name: OCIS_EVENTS_ENDPOINT;POSTPROCESSING_EVENTS_ENDPOINT
name: OCIS_EVENTS_ENDPOINT;SHARING_EVENTS_ENDPOINT
defaultValue: 127.0.0.1:9233
type: string
description: The address of the event system. The event system is the message queuing
@@ -8226,11 +8228,11 @@ OCIS_EVENTS_ENDPOINT:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE:
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE
defaultValue: ""
type: string
description: The root CA certificate used to validate the server's TLS certificate.
If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false.
If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -8268,7 +8270,7 @@ OCIS_GRPC_CLIENT_TLS_MODE:
removalVersion: ""
deprecationInfo: ""
OCIS_GRPC_PROTOCOL:
name: OCIS_GRPC_PROTOCOL;AUTH_BEARER_GRPC_PROTOCOL
name: OCIS_GRPC_PROTOCOL;SHARING_GRPC_PROTOCOL
defaultValue: ""
type: string
description: The transport protocol of the GRPC service.
@@ -8308,17 +8310,16 @@ OCIS_HTTP_TLS_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_INSECURE:
name: OCIS_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE
name: OCIS_INSECURE;SHARING_EVENTS_TLS_INSECURE
defaultValue: "false"
type: bool
description: Whether the ocis server should skip the client certificate verification
during the TLS handshake.
description: Whether to verify the server TLS certificates.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_JWT_SECRET:
name: OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET
name: OCIS_JWT_SECRET;SHARING_JWT_SECRET
defaultValue: ""
type: string
description: The secret to mint and validate jwt tokens.
@@ -8382,8 +8383,8 @@ OCIS_KEYCLOAK_USER_REALM:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_DN:
name: OCIS_LDAP_BIND_DN;IDP_LDAP_BIND_DN
defaultValue: uid=idp,ou=sysusers,o=libregraph-idm
name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN
defaultValue: uid=reva,ou=sysusers,o=libregraph-idm
type: string
description: LDAP DN to use for simple bind authentication with the target LDAP
server.
@@ -8392,7 +8393,7 @@ OCIS_LDAP_BIND_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_PASSWORD:
name: OCIS_LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD
name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD
defaultValue: ""
type: string
description: Password to use for authenticating the 'bind_dn'.
@@ -8401,12 +8402,12 @@ OCIS_LDAP_BIND_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_CACERT:
name: OCIS_LDAP_CACERT;IDP_LDAP_TLS_CACERT
name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT
defaultValue: /var/lib/ocis/idm/ldap.crt
type: string
description: Path/File name for the root CA certificate (in PEM format) used to
validate TLS server certificates of the LDAP service. If not defined, the root
directory derives from $OCIS_BASE_DATA_PATH/idp.
directory derives from $OCIS_BASE_DATA_PATH/idm.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -8422,7 +8423,7 @@ OCIS_LDAP_CROSS_INSTANCE_REFERENCE_TEMPLATE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLE_USER_MECHANISM:
name: OCIS_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM
name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM
defaultValue: attribute
type: string
description: An option to control the behavior for disabling users. Valid options
@@ -8435,7 +8436,7 @@ OCIS_LDAP_DISABLE_USER_MECHANISM:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLED_USERS_GROUP_DN:
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN
defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm
type: string
description: The distinguished name of the group to which added users will be classified
@@ -8444,8 +8445,18 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN:
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE:
name: OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE
defaultValue: ""
type: string
description: LDAP Attribute to signal which instance the group is belonging to.
Requires OCIS_MULTI_INSTANCE_ENABLED.
introductionVersion: 8.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_BASE_DN:
name: OCIS_LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN
name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN
defaultValue: ou=groups,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP groups.
@@ -8454,7 +8465,7 @@ OCIS_LDAP_GROUP_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_FILTER:
name: OCIS_LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER
name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for group searches.
@@ -8463,17 +8474,17 @@ OCIS_LDAP_GROUP_FILTER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_OBJECTCLASS:
name: OCIS_LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS
name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS
defaultValue: groupOfNames
type: string
description: The object class to use for groups in the default group search filter
like 'groupOfNames'.
('groupOfNames').
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the displayname of groups (often the same
@@ -8483,7 +8494,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the name of groups.
@@ -8492,28 +8503,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID:
name: OCIS_LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID
name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP Attribute to use as the unique ID for groups. This should be a
stable globally unique ID like a UUID.
description: LDAP Attribute to use as the unique id for groups. This should be a
stable globally unique id (e.g. a UUID).
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'id' attribute for groups is of the
'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute
of Active Directory for the group ID's.
of Active Directory for the group IDs.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MAIL:
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP Attribute to use for the email address of groups (can be empty).
@@ -8522,7 +8533,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MEMBER:
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER
defaultValue: member
type: string
description: LDAP Attribute that is used for group members.
@@ -8531,7 +8542,7 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCOPE:
name: OCIS_LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE
name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up groups. Supported values are
@@ -8541,7 +8552,7 @@ OCIS_LDAP_GROUP_SCOPE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_INSECURE:
name: OCIS_LDAP_INSECURE;IDP_INSECURE
name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE
defaultValue: "false"
type: bool
description: Disable TLS certificate validation for the LDAP connections. Do not
@@ -8609,7 +8620,7 @@ OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_SERVER_WRITE_ENABLED:
name: OCIS_LDAP_SERVER_WRITE_ENABLED;FRONTEND_LDAP_SERVER_WRITE_ENABLED
name: OCIS_LDAP_SERVER_WRITE_ENABLED;GRAPH_LDAP_SERVER_WRITE_ENABLED
defaultValue: "true"
type: bool
description: Allow creating, modifying and deleting LDAP users via the GRAPH API.
@@ -8621,16 +8632,17 @@ OCIS_LDAP_SERVER_WRITE_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_URI:
name: OCIS_LDAP_URI;IDP_LDAP_URI
name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI
defaultValue: ldaps://localhost:9235
type: string
description: Url of the LDAP service to use as IDP.
description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://'
and 'ldap://'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_BASE_DN:
name: OCIS_LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN
name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN
defaultValue: ou=users,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP users.
@@ -8639,16 +8651,16 @@ OCIS_LDAP_USER_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_ENABLED_ATTRIBUTE:
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE
defaultValue: ownCloudUserEnabled
type: string
description: LDAP Attribute to use as a flag telling if the user is enabled or disabled.
description: LDAP attribute to use as a flag telling if the user is enabled or disabled.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_FILTER:
name: OCIS_LDAP_USER_FILTER;IDP_LDAP_FILTER
name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
@@ -8677,23 +8689,24 @@ OCIS_LDAP_USER_MEMBER_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_OBJECTCLASS:
name: OCIS_LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS
name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS
defaultValue: inetOrgPerson
type: string
description: LDAP User ObjectClass like 'inetOrgPerson'.
description: The object class to use for users in the default user search filter
('inetOrgPerson').
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME
defaultValue: displayname
type: string
description: LDAP Attribute to use for the displayname of users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
name: OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID;GRAPH_LDAP_EXTERNAL_ID_ATTRIBUTE
defaultValue: owncloudExternalID
@@ -8706,36 +8719,37 @@ OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID:
name: OCIS_LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE
defaultValue: ownCloudUUID
name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP User UUID attribute like 'uid'.
description: LDAP Attribute to use as the unique ID for users. This should be a
stable globally unique ID like a UUID.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'ID' attribute for users is of the
'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute
of Active Directory for the user ID's.
of Active Directory for the user IDs.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_MAIL:
name: OCIS_LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP User email attribute like 'mail'.
description: LDAP Attribute to use for the email address of users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USER_TYPE:
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE
defaultValue: ownCloudUserType
type: string
description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default
@@ -8745,26 +8759,26 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USERNAME:
name: OCIS_LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE
defaultValue: displayName
name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME
defaultValue: uid
type: string
description: LDAP User name attribute like 'displayName'.
description: LDAP Attribute to use for username of users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCOPE:
name: OCIS_LDAP_USER_SCOPE;IDP_LDAP_SCOPE
name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up users. Supported scopes are
description: LDAP search scope to use when looking up users. Supported values are
'base', 'one' and 'sub'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_COLOR:
name: OCIS_LOG_COLOR;WEBDAV_LOG_COLOR
name: OCIS_LOG_COLOR;SHARING_LOG_COLOR
defaultValue: "false"
type: bool
description: Activates colorized log output.
@@ -8773,7 +8787,7 @@ OCIS_LOG_COLOR:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_FILE:
name: OCIS_LOG_FILE;WEBDAV_LOG_FILE
name: OCIS_LOG_FILE;SHARING_LOG_FILE
defaultValue: ""
type: string
description: The path to the log file. Activates logging to this file if set.
@@ -8782,7 +8796,7 @@ OCIS_LOG_FILE:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_LEVEL:
name: OCIS_LOG_LEVEL;WEBDAV_LOG_LEVEL
name: OCIS_LOG_LEVEL;SHARING_LOG_LEVEL
defaultValue: ""
type: string
description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'',
@@ -8792,7 +8806,7 @@ OCIS_LOG_LEVEL:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_PRETTY:
name: OCIS_LOG_PRETTY;WEBDAV_LOG_PRETTY
name: OCIS_LOG_PRETTY;SHARING_LOG_PRETTY
defaultValue: "false"
type: bool
description: Activates pretty log output.
@@ -8801,17 +8815,17 @@ OCIS_LOG_PRETTY:
removalVersion: ""
deprecationInfo: ""
OCIS_MACHINE_AUTH_API_KEY:
name: OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY
name: OCIS_MACHINE_AUTH_API_KEY;STORAGE_USERS_MACHINE_AUTH_API_KEY
defaultValue: ""
type: string
description: Machine auth API key used to validate internal requests necessary for
the access to resources from other services.
introductionVersion: pre5.0
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_MAX_CONCURRENCY:
name: OCIS_MAX_CONCURRENCY;FRONTEND_MAX_CONCURRENCY
name: OCIS_MAX_CONCURRENCY;SHARING_USER_JSONCS3_MAX_CONCURRENCY
defaultValue: "1"
type: int
description: Maximum number of concurrent go-routines. Higher values can potentially
@@ -8921,16 +8935,17 @@ OCIS_OIDC_CLIENT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_OIDC_ISSUER:
name: OCIS_URL;OCIS_OIDC_ISSUER;IDP_ISS
name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL
defaultValue: https://localhost:9200
type: string
description: The OIDC issuer URL to use.
description: The identity provider value to set in the userids of the CS3 user objects
for users returned by this user provider.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
defaultValue: ""
type: string
description: Path to the 'banned passwords list' file. This only impacts public
@@ -8940,7 +8955,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_DISABLED:
name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED
name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED
defaultValue: "false"
type: bool
description: Disable the password policy. Defaults to false if not set.
@@ -8949,7 +8964,7 @@ OCIS_PASSWORD_POLICY_DISABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS
defaultValue: "8"
type: int
description: Define the minimum password length. Defaults to 8 if not set.
@@ -8958,7 +8973,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_DIGITS:
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS
defaultValue: "1"
type: int
description: Define the minimum number of digits. Defaults to 1 if not set.
@@ -8967,7 +8982,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of uppercase letters. Defaults to 1 if not
@@ -8977,7 +8992,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of characters from the special characters
@@ -8987,7 +9002,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of lowercase letters. Defaults to 1 if not
@@ -8997,17 +9012,17 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE:
name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE
defaultValue: nats-js-kv
name: OCIS_PERSISTENT_STORE;USERLOG_STORE
defaultValue: memory
type: string
description: 'The type of the store. Supported values are: ''memory'', ''redis-sentinel'',
''nats-js-kv'', ''noop''. See the text description for details.'
description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'',
''redis-sentinel'', ''noop''. See the text description for details.'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_PASSWORD:
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the store. Only applies when store
@@ -9017,7 +9032,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_USERNAME:
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the store. Only applies when store
@@ -9027,8 +9042,8 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_NODES:
name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES
defaultValue: '[]'
type: '[]string'
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
@@ -9039,11 +9054,11 @@ OCIS_PERSISTENT_STORE_NODES:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_TTL:
name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL
defaultValue: 0s
name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL
defaultValue: 336h0m0s
type: Duration
description: Time to live for events in the store. See the Environment Variable
Types description for more details.
description: Time to live for events in the store. Defaults to '336h' (2 weeks).
See the Environment Variable Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9061,7 +9076,7 @@ OCIS_REVA_GATEWAY:
name: OCIS_REVA_GATEWAY
defaultValue: com.owncloud.api.gateway
type: string
description: CS3 gateway used to look up user metadata
description: The CS3 gateway endpoint.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9089,7 +9104,7 @@ OCIS_REVA_GATEWAY_TLS_MODE:
removalVersion: ""
deprecationInfo: ""
OCIS_SERVICE_ACCOUNT_ID:
name: OCIS_SERVICE_ACCOUNT_ID;NOTIFICATIONS_SERVICE_ACCOUNT_ID
name: OCIS_SERVICE_ACCOUNT_ID;STORAGE_USERS_SERVICE_ACCOUNT_ID
defaultValue: ""
type: string
description: The ID of the service account the service should use. See the 'auth-service'
@@ -9099,7 +9114,7 @@ OCIS_SERVICE_ACCOUNT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_SERVICE_ACCOUNT_SECRET:
name: OCIS_SERVICE_ACCOUNT_SECRET;NOTIFICATIONS_SERVICE_ACCOUNT_SECRET
name: OCIS_SERVICE_ACCOUNT_SECRET;STORAGE_USERS_SERVICE_ACCOUNT_SECRET
defaultValue: ""
type: string
description: The service account secret.
@@ -9108,7 +9123,7 @@ OCIS_SERVICE_ACCOUNT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
defaultValue: "true"
type: bool
description: Set this to true if you want to enforce passwords on all public shares.
@@ -9117,27 +9132,28 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
defaultValue: "false"
type: bool
description: Set this to true if you want to enforce passwords for writable shares.
Only effective if the setting for 'passwords on all public shares' is set to false.
description: Set this to true if you want to enforce passwords on Uploader, Editor
or Contributor shares.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_SPACES_MAX_QUOTA:
name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA
name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA
defaultValue: "0"
type: uint64
description: Set the global max quota value in bytes. A value of 0 equals unlimited.
The value is provided via capabilities.
description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited.
If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA
in the frontend service.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_API_KEY:
name: OCIS_SYSTEM_USER_API_KEY
name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY
defaultValue: ""
type: string
description: API key for the STORAGE-SYSTEM system user.
@@ -9146,10 +9162,10 @@ OCIS_SYSTEM_USER_API_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_ID:
name: OCIS_SYSTEM_USER_ID
name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID
defaultValue: ""
type: string
description: ID of the oCIS storage-system system user. Admins need to set the ID
description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID
for the STORAGE-SYSTEM system user in this config option which is then used to
reference the user. Any reasonable long string is possible, preferably this would
be an UUIDv4 format.
@@ -9167,7 +9183,7 @@ OCIS_SYSTEM_USER_IDP:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_COLLECTOR:
name: OCIS_TRACING_COLLECTOR;WEBDAV_TRACING_COLLECTOR
name: OCIS_TRACING_COLLECTOR;SHARING_TRACING_COLLECTOR
defaultValue: ""
type: string
description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces.
@@ -9177,7 +9193,7 @@ OCIS_TRACING_COLLECTOR:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENABLED:
name: OCIS_TRACING_ENABLED;WEBDAV_TRACING_ENABLED
name: OCIS_TRACING_ENABLED;SHARING_TRACING_ENABLED
defaultValue: "false"
type: bool
description: Activates tracing.
@@ -9186,7 +9202,7 @@ OCIS_TRACING_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENDPOINT:
name: OCIS_TRACING_ENDPOINT;WEBDAV_TRACING_ENDPOINT
name: OCIS_TRACING_ENDPOINT;SHARING_TRACING_ENDPOINT
defaultValue: ""
type: string
description: The endpoint of the tracing agent.
@@ -9195,7 +9211,7 @@ OCIS_TRACING_ENDPOINT:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_TYPE:
name: OCIS_TRACING_TYPE;WEBDAV_TRACING_TYPE
name: OCIS_TRACING_TYPE;SHARING_TRACING_TYPE
defaultValue: ""
type: string
description: The type of tracing. Defaults to '', which is the same as 'jaeger'.
@@ -9214,7 +9230,7 @@ OCIS_TRANSFER_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_TRANSLATION_PATH:
name: OCIS_TRANSLATION_PATH;NOTIFICATIONS_TRANSLATION_PATH
name: OCIS_TRANSLATION_PATH;USERLOG_TRANSLATION_PATH
defaultValue: ""
type: string
description: (optional) Set this to a path with custom translations to overwrite
@@ -9225,19 +9241,19 @@ OCIS_TRANSLATION_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_URL:
name: OCIS_URL;OCIS_PUBLIC_URL
defaultValue: https://127.0.0.1:9200
name: OCIS_URL;OCDAV_PUBLIC_URL
defaultValue: https://localhost:9200
type: string
description: URL, where oCIS is reachable for users.
description: URL where oCIS is reachable for users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES:
name: OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES;FRONTEND_USER_SEARCH_DISPLAYED_ATTRIBUTES
name: OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES
defaultValue: '[]'
type: '[]string'
description: A list of user attributes to display in the user search results.
description: The attributes to display in the user search results.
introductionVersion: 7.3.0
deprecationVersion: ""
removalVersion: ""

5
docs/services/general-info/envvars/env-var-deltas/7.3.0-8.0.0-added.adoc
View File

@@ -58,6 +58,11 @@
| Template for the instance URL. Requires OCIS_MULTI_INSTANCE_ENABLED.
|
|
| OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE
| LDAP Attribute to signal which instance the group is belonging to. Requires OCIS_MULTI_INSTANCE_ENABLED.
|
|
| OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE
| LDAP Attribute to be used for searching users on other instances. Requires OCIS_MULTI_INSTANCE_ENABLED.

1
docs/services/general-info/envvars/env-var-deltas/7.3.0-8.0.0-added.md
View File

@@ -10,6 +10,7 @@
| | OCIS_LDAP_INSTANCE_MAPPER_NAME_ATTRIBUTE | LDAP Attribute of the instance name. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_CROSS_INSTANCE_REFERENCE_TEMPLATE | Template for the users unique reference across oCIS instances. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_INSTANCE_URL_TEMPLATE | Template for the instance URL. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE | LDAP Attribute to signal which instance the group is belonging to. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE | LDAP Attribute to be used for searching users on other instances. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_USER_GUEST_ATTRIBUTE | LDAP Attribute to signal the user is guest of an instance. Requires OCIS_MULTI_INSTANCE_ENABLED. | |
| | OCIS_LDAP_USER_MEMBER_ATTRIBUTE | LDAP Attribute to signal the user is member of an instance. Requires OCIS_MULTI_INSTANCE_ENABLED. | |

130
protogen/gen/ocis/messages/settings/v0/settings.pb.go
View File

@@ -627,13 +627,13 @@ type Bundle struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" yaml:"id"` // @gotags: yaml:"id"
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty" yaml:"name"` // @gotags: yaml:"name"
Type Bundle_Type `protobuf:"varint,3,opt,name=type,proto3,enum=ocis.messages.settings.v0.Bundle_Type" json:"type,omitempty" yaml:"type"` // @gotags: yaml:"type"
Extension string `protobuf:"bytes,4,opt,name=extension,proto3" json:"extension,omitempty" yaml:"extension"` // @gotags: yaml:"extension"
DisplayName string `protobuf:"bytes,5,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty" yaml:"display_name"` // @gotags: yaml:"display_name"
Settings []*Setting `protobuf:"bytes,6,rep,name=settings,proto3" json:"settings,omitempty" yaml:"settings"` // @gotags: yaml:"settings"
Resource *Resource `protobuf:"bytes,7,opt,name=resource,proto3" json:"resource,omitempty" yaml:"resource"` // @gotags: yaml:"resource"
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // @gotags: yaml:"id"
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // @gotags: yaml:"name"
Type Bundle_Type `protobuf:"varint,3,opt,name=type,proto3,enum=ocis.messages.settings.v0.Bundle_Type" json:"type,omitempty"` // @gotags: yaml:"type"
Extension string `protobuf:"bytes,4,opt,name=extension,proto3" json:"extension,omitempty"` // @gotags: yaml:"extension"
DisplayName string `protobuf:"bytes,5,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // @gotags: yaml:"display_name"
Settings []*Setting `protobuf:"bytes,6,rep,name=settings,proto3" json:"settings,omitempty"` // @gotags: yaml:"settings"
Resource *Resource `protobuf:"bytes,7,opt,name=resource,proto3" json:"resource,omitempty"` // @gotags: yaml:"resource"
}
func (x *Bundle) Reset() {
@@ -722,10 +722,10 @@ type Setting struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" yaml:"id"` // @gotags: yaml:"id"
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty" yaml:"name"` // @gotags: yaml:"name"
DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty" yaml:"display_name"` // @gotags: yaml:"display_name"
Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty" yaml:"description"` // @gotags: yaml:"description"
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // @gotags: yaml:"id"
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // @gotags: yaml:"name"
DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // @gotags: yaml:"display_name"
Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` // @gotags: yaml:"description"
// Types that are assignable to Value:
//
// *Setting_IntValue
@@ -736,7 +736,7 @@ type Setting struct {
// *Setting_PermissionValue
// *Setting_MultiChoiceCollectionValue
Value isSetting_Value `protobuf_oneof:"value"`
Resource *Resource `protobuf:"bytes,11,opt,name=resource,proto3" json:"resource,omitempty" yaml:"resource"` // @gotags: yaml:"resource"
Resource *Resource `protobuf:"bytes,11,opt,name=resource,proto3" json:"resource,omitempty"` // @gotags: yaml:"resource"
}
func (x *Setting) Reset() {
@@ -867,31 +867,31 @@ type isSetting_Value interface {
}
type Setting_IntValue struct {
IntValue *Int `protobuf:"bytes,5,opt,name=int_value,json=intValue,proto3,oneof" yaml:"int_value"` // @gotags: yaml:"int_value"
IntValue *Int `protobuf:"bytes,5,opt,name=int_value,json=intValue,proto3,oneof"` // @gotags: yaml:"int_value"
}
type Setting_StringValue struct {
StringValue *String `protobuf:"bytes,6,opt,name=string_value,json=stringValue,proto3,oneof" yaml:"string_value"` // @gotags: yaml:"string_value"
StringValue *String `protobuf:"bytes,6,opt,name=string_value,json=stringValue,proto3,oneof"` // @gotags: yaml:"string_value"
}
type Setting_BoolValue struct {
BoolValue *Bool `protobuf:"bytes,7,opt,name=bool_value,json=boolValue,proto3,oneof" yaml:"bool_value"` // @gotags: yaml:"bool_value"
BoolValue *Bool `protobuf:"bytes,7,opt,name=bool_value,json=boolValue,proto3,oneof"` // @gotags: yaml:"bool_value"
}
type Setting_SingleChoiceValue struct {
SingleChoiceValue *SingleChoiceList `protobuf:"bytes,8,opt,name=single_choice_value,json=singleChoiceValue,proto3,oneof" yaml:"single_choice_value"` // @gotags: yaml:"single_choice_value"
SingleChoiceValue *SingleChoiceList `protobuf:"bytes,8,opt,name=single_choice_value,json=singleChoiceValue,proto3,oneof"` // @gotags: yaml:"single_choice_value"
}
type Setting_MultiChoiceValue struct {
MultiChoiceValue *MultiChoiceList `protobuf:"bytes,9,opt,name=multi_choice_value,json=multiChoiceValue,proto3,oneof" yaml:"multi_choice_value"` // @gotags: yaml:"multi_choice_value"
MultiChoiceValue *MultiChoiceList `protobuf:"bytes,9,opt,name=multi_choice_value,json=multiChoiceValue,proto3,oneof"` // @gotags: yaml:"multi_choice_value"
}
type Setting_PermissionValue struct {
PermissionValue *Permission `protobuf:"bytes,10,opt,name=permission_value,json=permissionValue,proto3,oneof" yaml:"permission_value"` // @gotags: yaml:"permission_value"
PermissionValue *Permission `protobuf:"bytes,10,opt,name=permission_value,json=permissionValue,proto3,oneof"` // @gotags: yaml:"permission_value"
}
type Setting_MultiChoiceCollectionValue struct {
MultiChoiceCollectionValue *MultiChoiceCollection `protobuf:"bytes,12,opt,name=multi_choice_collection_value,json=multiChoiceCollectionValue,proto3,oneof" yaml:"multi_choice_collection_value"` // @gotags: yaml:"multi_choice_collection_value"
MultiChoiceCollectionValue *MultiChoiceCollection `protobuf:"bytes,12,opt,name=multi_choice_collection_value,json=multiChoiceCollectionValue,proto3,oneof"` // @gotags: yaml:"multi_choice_collection_value"
}
func (*Setting_IntValue) isSetting_Value() {}
@@ -913,11 +913,11 @@ type Int struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Default int64 `protobuf:"varint,1,opt,name=default,proto3" json:"default,omitempty" yaml:"default"` // @gotags: yaml:"default"
Min int64 `protobuf:"varint,2,opt,name=min,proto3" json:"min,omitempty" yaml:"min"` // @gotags: yaml:"min"
Max int64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty" yaml:"max"` // @gotags: yaml:"max"
Step int64 `protobuf:"varint,4,opt,name=step,proto3" json:"step,omitempty" yaml:"step"` // @gotags: yaml:"step"
Placeholder string `protobuf:"bytes,5,opt,name=placeholder,proto3" json:"placeholder,omitempty" yaml:"placeholder"` // @gotags: yaml:"placeholder"
Default int64 `protobuf:"varint,1,opt,name=default,proto3" json:"default,omitempty"` // @gotags: yaml:"default"
Min int64 `protobuf:"varint,2,opt,name=min,proto3" json:"min,omitempty"` // @gotags: yaml:"min"
Max int64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"` // @gotags: yaml:"max"
Step int64 `protobuf:"varint,4,opt,name=step,proto3" json:"step,omitempty"` // @gotags: yaml:"step"
Placeholder string `protobuf:"bytes,5,opt,name=placeholder,proto3" json:"placeholder,omitempty"` // @gotags: yaml:"placeholder"
}
func (x *Int) Reset() {
@@ -992,11 +992,11 @@ type String struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Default string `protobuf:"bytes,1,opt,name=default,proto3" json:"default,omitempty" yaml:"default"` // @gotags: yaml:"default"
Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty" yaml:"required"` // @gotags: yaml:"required"
MinLength int32 `protobuf:"varint,3,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty" yaml:"min_length"` // @gotags: yaml:"min_length"
MaxLength int32 `protobuf:"varint,4,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty" yaml:"max_length"` // @gotags: yaml:"max_length"
Placeholder string `protobuf:"bytes,5,opt,name=placeholder,proto3" json:"placeholder,omitempty" yaml:"placeholder"` // @gotags: yaml:"placeholder"
Default string `protobuf:"bytes,1,opt,name=default,proto3" json:"default,omitempty"` // @gotags: yaml:"default"
Required bool `protobuf:"varint,2,opt,name=required,proto3" json:"required,omitempty"` // @gotags: yaml:"required"
MinLength int32 `protobuf:"varint,3,opt,name=min_length,json=minLength,proto3" json:"min_length,omitempty"` // @gotags: yaml:"min_length"
MaxLength int32 `protobuf:"varint,4,opt,name=max_length,json=maxLength,proto3" json:"max_length,omitempty"` // @gotags: yaml:"max_length"
Placeholder string `protobuf:"bytes,5,opt,name=placeholder,proto3" json:"placeholder,omitempty"` // @gotags: yaml:"placeholder"
}
func (x *String) Reset() {
@@ -1071,8 +1071,8 @@ type Bool struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Default bool `protobuf:"varint,1,opt,name=default,proto3" json:"default,omitempty" yaml:"default"` // @gotags: yaml:"default"
Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty" yaml:"label"` // @gotags: yaml:"label"
Default bool `protobuf:"varint,1,opt,name=default,proto3" json:"default,omitempty"` // @gotags: yaml:"default"
Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty"` // @gotags: yaml:"label"
}
func (x *Bool) Reset() {
@@ -1126,7 +1126,7 @@ type SingleChoiceList struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Options []*ListOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty" yaml:"options"` // @gotags: yaml:"options"
Options []*ListOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty"` // @gotags: yaml:"options"
}
func (x *SingleChoiceList) Reset() {
@@ -1173,7 +1173,7 @@ type MultiChoiceList struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Options []*ListOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty" yaml:"options"` // @gotags: yaml:"options"
Options []*ListOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty"` // @gotags: yaml:"options"
}
func (x *MultiChoiceList) Reset() {
@@ -1220,9 +1220,9 @@ type ListOption struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Value *ListOptionValue `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty" yaml:"value"` // @gotags: yaml:"value"
Default bool `protobuf:"varint,2,opt,name=default,proto3" json:"default,omitempty" yaml:"default"` // @gotags: yaml:"default"
DisplayValue string `protobuf:"bytes,3,opt,name=display_value,json=displayValue,proto3" json:"display_value,omitempty" yaml:"display_value"` // @gotags: yaml:"display_value"
Value *ListOptionValue `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` // @gotags: yaml:"value"
Default bool `protobuf:"varint,2,opt,name=default,proto3" json:"default,omitempty"` // @gotags: yaml:"default"
DisplayValue string `protobuf:"bytes,3,opt,name=display_value,json=displayValue,proto3" json:"display_value,omitempty"` // @gotags: yaml:"display_value"
}
func (x *ListOption) Reset() {
@@ -1283,7 +1283,7 @@ type MultiChoiceCollection struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Options []*MultiChoiceCollectionOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty" yaml:"options"` // @gotags: yaml:"options"
Options []*MultiChoiceCollectionOption `protobuf:"bytes,1,rep,name=options,proto3" json:"options,omitempty"` // @gotags: yaml:"options"
}
func (x *MultiChoiceCollection) Reset() {
@@ -1330,10 +1330,10 @@ type MultiChoiceCollectionOption struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Value *MultiChoiceCollectionOptionValue `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty" yaml:"value"` // @gotags: yaml:"value"
Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty" yaml:"key"` // @gotags: yaml:"key"
Attribute string `protobuf:"bytes,3,opt,name=attribute,proto3" json:"attribute,omitempty" yaml:"attribute"` // @gotags: yaml:"attribute"
DisplayValue string `protobuf:"bytes,4,opt,name=display_value,json=displayValue,proto3" json:"display_value,omitempty" yaml:"display_value"` // @gotags: yaml:"display_value"
Value *MultiChoiceCollectionOptionValue `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` // @gotags: yaml:"value"
Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` // @gotags: yaml:"key"
Attribute string `protobuf:"bytes,3,opt,name=attribute,proto3" json:"attribute,omitempty"` // @gotags: yaml:"attribute"
DisplayValue string `protobuf:"bytes,4,opt,name=display_value,json=displayValue,proto3" json:"display_value,omitempty"` // @gotags: yaml:"display_value"
}
func (x *MultiChoiceCollectionOption) Reset() {
@@ -1474,15 +1474,15 @@ type isMultiChoiceCollectionOptionValue_Option interface {
}
type MultiChoiceCollectionOptionValue_IntValue struct {
IntValue *Int `protobuf:"bytes,1,opt,name=int_value,json=intValue,proto3,oneof" yaml:"int_value"` // @gotags: yaml:"int_value"
IntValue *Int `protobuf:"bytes,1,opt,name=int_value,json=intValue,proto3,oneof"` // @gotags: yaml:"int_value"
}
type MultiChoiceCollectionOptionValue_StringValue struct {
StringValue *String `protobuf:"bytes,2,opt,name=string_value,json=stringValue,proto3,oneof" yaml:"string_value"` // @gotags: yaml:"string_value"
StringValue *String `protobuf:"bytes,2,opt,name=string_value,json=stringValue,proto3,oneof"` // @gotags: yaml:"string_value"
}
type MultiChoiceCollectionOptionValue_BoolValue struct {
BoolValue *Bool `protobuf:"bytes,3,opt,name=bool_value,json=boolValue,proto3,oneof" yaml:"bool_value"` // @gotags: yaml:"bool_value"
BoolValue *Bool `protobuf:"bytes,3,opt,name=bool_value,json=boolValue,proto3,oneof"` // @gotags: yaml:"bool_value"
}
func (*MultiChoiceCollectionOptionValue_IntValue) isMultiChoiceCollectionOptionValue_Option() {}
@@ -1496,8 +1496,8 @@ type Permission struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Operation Permission_Operation `protobuf:"varint,1,opt,name=operation,proto3,enum=ocis.messages.settings.v0.Permission_Operation" json:"operation,omitempty" yaml:"operation"` // @gotags: yaml:"operation"
Constraint Permission_Constraint `protobuf:"varint,2,opt,name=constraint,proto3,enum=ocis.messages.settings.v0.Permission_Constraint" json:"constraint,omitempty" yaml:"constraint"` // @gotags: yaml:"constraint"
Operation Permission_Operation `protobuf:"varint,1,opt,name=operation,proto3,enum=ocis.messages.settings.v0.Permission_Operation" json:"operation,omitempty"` // @gotags: yaml:"operation"
Constraint Permission_Constraint `protobuf:"varint,2,opt,name=constraint,proto3,enum=ocis.messages.settings.v0.Permission_Constraint" json:"constraint,omitempty"` // @gotags: yaml:"constraint"
}
func (x *Permission) Reset() {
@@ -1552,12 +1552,12 @@ type Value struct {
unknownFields protoimpl.UnknownFields
// id is the id of the Value. It is generated on saving it.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" yaml:"id"` // @gotags: yaml:"id"
BundleId string `protobuf:"bytes,2,opt,name=bundle_id,json=bundleId,proto3" json:"bundle_id,omitempty" yaml:"bundle_id"` // @gotags: yaml:"bundle_id"
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // @gotags: yaml:"id"
BundleId string `protobuf:"bytes,2,opt,name=bundle_id,json=bundleId,proto3" json:"bundle_id,omitempty"` // @gotags: yaml:"bundle_id"
// setting_id is the id of the setting from within its bundle.
SettingId string `protobuf:"bytes,3,opt,name=setting_id,json=settingId,proto3" json:"setting_id,omitempty" yaml:"setting_id"` // @gotags: yaml:"setting_id"
AccountUuid string `protobuf:"bytes,4,opt,name=account_uuid,json=accountUuid,proto3" json:"account_uuid,omitempty" yaml:"account_uuid"` // @gotags: yaml:"account_uuid"
Resource *Resource `protobuf:"bytes,5,opt,name=resource,proto3" json:"resource,omitempty" yaml:"resource"` // @gotags: yaml:"resource"
SettingId string `protobuf:"bytes,3,opt,name=setting_id,json=settingId,proto3" json:"setting_id,omitempty"` // @gotags: yaml:"setting_id"
AccountUuid string `protobuf:"bytes,4,opt,name=account_uuid,json=accountUuid,proto3" json:"account_uuid,omitempty"` // @gotags: yaml:"account_uuid"
Resource *Resource `protobuf:"bytes,5,opt,name=resource,proto3" json:"resource,omitempty"` // @gotags: yaml:"resource"
// Types that are assignable to Value:
//
// *Value_BoolValue
@@ -1682,23 +1682,23 @@ type isValue_Value interface {
}
type Value_BoolValue struct {
BoolValue bool `protobuf:"varint,6,opt,name=bool_value,json=boolValue,proto3,oneof" yaml:"bool_value"` // @gotags: yaml:"bool_value"
BoolValue bool `protobuf:"varint,6,opt,name=bool_value,json=boolValue,proto3,oneof"` // @gotags: yaml:"bool_value"
}
type Value_IntValue struct {
IntValue int64 `protobuf:"varint,7,opt,name=int_value,json=intValue,proto3,oneof" yaml:"int_value"` // @gotags: yaml:"int_value"
IntValue int64 `protobuf:"varint,7,opt,name=int_value,json=intValue,proto3,oneof"` // @gotags: yaml:"int_value"
}
type Value_StringValue struct {
StringValue string `protobuf:"bytes,8,opt,name=string_value,json=stringValue,proto3,oneof" yaml:"string_value"` // @gotags: yaml:"string_value"
StringValue string `protobuf:"bytes,8,opt,name=string_value,json=stringValue,proto3,oneof"` // @gotags: yaml:"string_value"
}
type Value_ListValue struct {
ListValue *ListValue `protobuf:"bytes,9,opt,name=list_value,json=listValue,proto3,oneof" yaml:"list_value"` // @gotags: yaml:"list_value"
ListValue *ListValue `protobuf:"bytes,9,opt,name=list_value,json=listValue,proto3,oneof"` // @gotags: yaml:"list_value"
}
type Value_CollectionValue struct {
CollectionValue *CollectionValue `protobuf:"bytes,10,opt,name=collection_value,json=collectionValue,proto3,oneof" yaml:"collection_value"` // @gotags: yaml:"collection_value"
CollectionValue *CollectionValue `protobuf:"bytes,10,opt,name=collection_value,json=collectionValue,proto3,oneof"` // @gotags: yaml:"collection_value"
}
func (*Value_BoolValue) isValue_Value() {}
@@ -1716,7 +1716,7 @@ type ListValue struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Values []*ListOptionValue `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty" yaml:"values"` // @gotags: yaml:"values"
Values []*ListOptionValue `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` // @gotags: yaml:"values"
}
func (x *ListValue) Reset() {
@@ -1836,15 +1836,15 @@ type isListOptionValue_Option interface {
}
type ListOptionValue_StringValue struct {
StringValue string `protobuf:"bytes,1,opt,name=string_value,json=stringValue,proto3,oneof" yaml:"string_value"` // @gotags: yaml:"string_value"
StringValue string `protobuf:"bytes,1,opt,name=string_value,json=stringValue,proto3,oneof"` // @gotags: yaml:"string_value"
}
type ListOptionValue_IntValue struct {
IntValue int64 `protobuf:"varint,2,opt,name=int_value,json=intValue,proto3,oneof" yaml:"int_value"` // @gotags: yaml:"int_value"
IntValue int64 `protobuf:"varint,2,opt,name=int_value,json=intValue,proto3,oneof"` // @gotags: yaml:"int_value"
}
type ListOptionValue_BoolValue struct {
BoolValue bool `protobuf:"varint,3,opt,name=bool_value,json=boolValue,proto3,oneof" yaml:"bool_value"` // @gotags: yaml:"bool_value"
BoolValue bool `protobuf:"varint,3,opt,name=bool_value,json=boolValue,proto3,oneof"` // @gotags: yaml:"bool_value"
}
func (*ListOptionValue_StringValue) isListOptionValue_Option() {}
@@ -1858,7 +1858,7 @@ type CollectionValue struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Values []*CollectionOption `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty" yaml:"values"` // @gotags: yaml:"values"
Values []*CollectionOption `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"` // @gotags: yaml:"values"
}
func (x *CollectionValue) Reset() {
@@ -1906,7 +1906,7 @@ type CollectionOption struct {
unknownFields protoimpl.UnknownFields
// required
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty" yaml:"key"` // @gotags: yaml:"key"
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // @gotags: yaml:"key"
// Types that are assignable to Option:
//
// *CollectionOption_IntValue
@@ -1987,15 +1987,15 @@ type isCollectionOption_Option interface {
}
type CollectionOption_IntValue struct {
IntValue int64 `protobuf:"varint,2,opt,name=int_value,json=intValue,proto3,oneof" yaml:"int_value"` // @gotags: yaml:"int_value"
IntValue int64 `protobuf:"varint,2,opt,name=int_value,json=intValue,proto3,oneof"` // @gotags: yaml:"int_value"
}
type CollectionOption_StringValue struct {
StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof" yaml:"string_value"` // @gotags: yaml:"string_value"
StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"` // @gotags: yaml:"string_value"
}
type CollectionOption_BoolValue struct {
BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof" yaml:"bool_value"` // @gotags: yaml:"bool_value"
BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"` // @gotags: yaml:"bool_value"
}
func (*CollectionOption_IntValue) isCollectionOption_Option() {}

1
services/graph/pkg/config/config.go
View File

@@ -97,6 +97,7 @@ type LDAP struct {
// Multi-Instance Only
UserMemberAttribute string `yaml:"user_member_attribute" env:"OCIS_LDAP_USER_MEMBER_ATTRIBUTE" desc:"LDAP Attribute to signal the user is member of an instance. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`
UserGuestAttribute string `yaml:"user_guest_attribute" env:"OCIS_LDAP_USER_GUEST_ATTRIBUTE" desc:"LDAP Attribute to signal the user is guest of an instance. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`
GroupAffiliationAttribute string `yaml:"group_affiliation_attribute" env:"OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE" desc:"LDAP Attribute to signal which instance the group is belonging to. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`
PreciseSearchAttribute string `yaml:"precise_search_attribute" env:"OCIS_LDAP_PRECISE_SEARCH_ATTRIBUTE" desc:"LDAP Attribute to be used for searching users on other instances. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`
InstanceMapperEnabled bool `yaml:"instance_mapper_enabled" env:"OCIS_LDAP_INSTANCE_MAPPER_ENABLED" desc:"The InstanceMapper allows mapping instance names (user readable) to instance IDs (machine readable) based on an LDAP query. See other _INSTANCE_MAPPER_ env vars. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`
InstanceMapperBaseDN string `yaml:"instance_mapper_base_dn" env:"OCIS_LDAP_INSTANCE_MAPPER_BASE_DN" desc:"BaseDN of the 'instancename to instanceid' mapper in LDAP. Requires OCIS_MULTI_INSTANCE_ENABLED." introductionVersion:"8.0.0"`

9
services/graph/pkg/identity/ldap.go
View File

@@ -79,6 +79,7 @@ type LDAP struct {
conn ldap.Client
// multi instance only
instanceID string
preciseSearchAttribute string
instanceMapperEnabled bool
instanceMapperBaseDN string
@@ -146,9 +147,10 @@ func NewLDAPBackend(lc ldap.Client, config config.LDAP, logger *log.Logger, inst
return nil, errors.New("invalid group attribute mappings")
}
gam := groupAttributeMap{
name: config.GroupNameAttribute,
id: config.GroupIDAttribute,
member: config.GroupMemberAttribute,
name: config.GroupNameAttribute,
id: config.GroupIDAttribute,
member: config.GroupMemberAttribute,
affiliation: config.GroupAffiliationAttribute,
}
var userScope, groupScope int
@@ -211,6 +213,7 @@ func NewLDAPBackend(lc ldap.Client, config config.LDAP, logger *log.Logger, inst
writeEnabled: config.WriteEnabled,
refintEnabled: config.RefintEnabled,
useExternalID: config.RequireExternalID,
instanceID: instanceID,
preciseSearchAttribute: config.PreciseSearchAttribute,
instanceMapperEnabled: config.InstanceMapperEnabled,
instanceMapperBaseDN: config.InstanceMapperBaseDN,

29
services/graph/pkg/identity/ldap_group.go
View File

@@ -18,9 +18,10 @@ import (
)
type groupAttributeMap struct {
name string
id string
member string
name string
id string
member string
affiliation string
}
// GetGroup implements the Backend Interface for the LDAP Backend
@@ -199,13 +200,24 @@ func (i *LDAP) CreateGroup(ctx context.Context, group libregraph.Group) (*libreg
if err := i.conn.Add(ar); err != nil {
var lerr *ldap.Error
logger.Debug().Str("backend", "ldap").Str("dn", group.GetDisplayName()).Err(err).Msg("Failed to create group")
logger.Error().Str("backend", "ldap").Str("dn", group.GetDisplayName()).Err(err).Msg("Failed to create group")
if errors.As(err, &lerr) {
if lerr.ResultCode == ldap.LDAPResultEntryAlreadyExists {
err = errorcode.New(errorcode.NameAlreadyExists, "group already exists")
}
if lerr.ResultCode == ldap.LDAPResultNoSuchObject {
r := ldap.NewAddRequest(i.groupCreateBaseDN, nil)
r.Attribute("objectClass", []string{"organizationalUnit"})
e := i.conn.Add(r)
if e == nil {
err = i.conn.Add(ar)
}
}
}
if err != nil {
return nil, err
}
return nil, err
}
// Read back group from LDAP to get the generated UUID
@@ -436,7 +448,7 @@ func (i *LDAP) getGroupCreateLDAPDN(group libregraph.Group) string {
func (i *LDAP) groupToLDAPAttrValues(group libregraph.Group) (map[string][]string, error) {
attrs := map[string][]string{
i.groupAttributeMap.name: {group.GetDisplayName()},
"objectClass": {"groupOfNames", "top"},
"objectClass": {"groupOfNames", "top", i.groupObjectClass},
// This is a crutch to allow groups without members for LDAP servers
// that apply strict Schema checking. The RFCs define "member/uniqueMember"
// as required attribute for groupOfNames/groupOfUniqueNames. So we
@@ -451,6 +463,11 @@ func (i *LDAP) groupToLDAPAttrValues(group libregraph.Group) (map[string][]strin
attrs["owncloudUUID"] = []string{uuid.Must(uuid.NewV4()).String()}
attrs["objectClass"] = append(attrs["objectClass"], "owncloud")
}
if i.instanceID != "" {
attrs[i.groupAttributeMap.affiliation] = []string{i.instanceID}
}
return attrs, nil
}

2
services/graph/pkg/service/v0/groups.go
View File

@@ -126,7 +126,7 @@ func (g Graph) PostGroup(w http.ResponseWriter, r *http.Request) {
}
if grp, err = g.identityBackend.CreateGroup(r.Context(), *grp); err != nil {
logger.Debug().Err(err).Interface("group", grp).Msg("could not create group: backend error")
logger.Error().Err(err).Interface("group", grp).Msg("could not create group: backend error")
errorcode.RenderError(w, r, err)
return
}

5
services/proxy/pkg/user/backend/cs3.go
View File

@@ -261,6 +261,11 @@ func (c *cs3backend) UpdateUserIfNeeded(ctx context.Context, user *cs3.User, cla
// SyncGroupMemberships maintains a users group memberships based on an OIDC claim
func (c *cs3backend) SyncGroupMemberships(ctx context.Context, user *cs3.User, claims map[string]interface{}) error {
if c.autoProvisionClaims.Groups == "" {
// do not sync groups when claim is not set
return nil
}
gatewayClient, err := c.gatewaySelector.Next()
if err != nil {
c.logger.Error().Err(err).Msg("could not select next gateway client")