mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00

Files

Paul Faure 1d9b6dd053 feat(idm): add --service-user flag to resetpassword command (#12118 )

* feat(idm): add --service-user flag to resetpassword command

The DN was hardcoded to ou=users, making it impossible to reset
passwords for service accounts (libregraph, idp, reva) which live
under ou=sysusers. The new --service-user flag selects the correct OU.

Fixes: #12106

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>

* docs: update changelog with PR number

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>

* refactor(idm): use --user-type flag instead of --service-user bool

Replace the --service-user boolean flag with a --user-type string flag
that accepts 'user' (default) or 'service'. This is more extensible
if additional user types are added in the future.

Addresses review feedback from mklos-kw.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>

---------

Signed-off-by: Paul Faure <paul@faure.ca>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-17 14:45:42 +02:00

cmd/idm

only register signal handling once

2024-07-29 16:28:13 +02:00

ldif

fix(idm): add oCExternalIdentity to demo users

2024-08-15 13:38:04 +02:00

pkg

feat(idm): add --service-user flag to resetpassword command (#12118 )

2026-04-17 14:45:42 +02:00

idm.go

fix(idm): add oCExternalIdentity to demo users

2024-08-15 13:38:04 +02:00

Makefile

rename folder extensions -> services

2022-06-27 14:05:36 +02:00

README.md

Fix idm default port typo in README

2023-06-22 11:09:59 +02:00

README.md

IDM

The IDM service provides a minimal LDAP Service, based on Libregraph idm, for oCIS. It is started as part of the default configuration and serves as a central place for storing user and group information.

It is mainly targeted at small oCIS installations. For larger setups it is recommended to replace IDM with a “real” LDAP server or to switch to an external identity management solution.

IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is o=libregraph-idm. IDM gives LDAP write permissions to a single user (DN: uid=libregraph,ou=sysusers,o=libregraph-idm). Any other authenticated user has read-only access. IDM stores its data in a boltdb file idm/ocis.boltdb inside the oCIS base data directory.

Note: IDM is limited in its functionality. It only supports a subset of the LDAP operations (namely BIND, SEARCH, ADD, MODIFY, DELETE). Also, IDM currently does not do any schema verification (like. structural vs. auxiliary object classes, require and option attributes, syntax checks, …). Therefore it is not meant as a general purpose LDAP server.