ownCloud
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
Edit page

Service Configuration

Example YAML Config

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Autogenerated
# Filename: auth-basic-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9147
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9146
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
skip_user_groups_in_token: false
auth_provider: ldap
auth_providers:
  ldap:
    uri: ldaps://localhost:9235
    ca_cert: ~/.ocis/idm/ldap.crt
    insecure: false
    bind_dn: uid=reva,ou=sysusers,o=libregraph-idm
    bind_password: ""
    user_base_dn: ou=users,o=libregraph-idm
    group_base_dn: ou=groups,o=libregraph-idm
    user_scope: sub
    group_scope: sub
    user_filter: ""
    group_filter: ""
    user_object_class: inetOrgPerson
    group_object_class: groupOfNames
    login_attributes:
    - uid
    - mail
    idp: https://localhost:9200
    user_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: displayname
      user_name: uid
    group_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: cn
      group_name: cn
      member: member
  owncloudsql:
    db_username: owncloud
    db_password: ""
    db_host: mysql
    db_port: 3306
    db_name: owncloud
    idp: https://localhost:9200
    nobody: 90
    join_username: false
    join_owncloud_uuid: false

Environment Variables

Name Type Default Value Description
OCIS_TRACING_ENABLED
AUTH_BASIC_TRACING_ENABLED
bool false Activates tracing.
OCIS_TRACING_TYPE
AUTH_BASIC_TRACING_TYPE
string The sampler type: remote, const, probabilistic, ratelimiting (default remote). See also https://www.jaegertracing.io/docs/latest/sampling/.
OCIS_TRACING_ENDPOINT
AUTH_BASIC_TRACING_ENDPOINT
string The endpoint to the tracing collector.
OCIS_TRACING_COLLECTOR
AUTH_BASIC_TRACING_COLLECTOR
string The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. If specified, the tracing endpoint is ignored.
OCIS_LOG_LEVEL
AUTH_BASIC_LOG_LEVEL
string The log level.
OCIS_LOG_PRETTY
AUTH_BASIC_LOG_PRETTY
bool false Activates pretty log output.
OCIS_LOG_COLOR
AUTH_BASIC_LOG_COLOR
bool false Activates colorized log output.
OCIS_LOG_FILE
AUTH_BASIC_LOG_FILE
string The target log file.
AUTH_BASIC_DEBUG_ADDR string 127.0.0.1:9147 Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
AUTH_BASIC_DEBUG_TOKEN string Token to secure the metrics endpoint
AUTH_BASIC_DEBUG_PPROF bool false Enables pprof, which can be used for profiling
AUTH_BASIC_DEBUG_ZPAGES bool false Enables zpages, which can be used for collecting and viewing traces in-me
AUTH_BASIC_GRPC_ADDR string 127.0.0.1:9146 The address of the grpc service.
AUTH_BASIC_GRPC_PROTOCOL string tcp The transport protocol of the grpc service.
OCIS_JWT_SECRET
AUTH_BASIC_JWT_SECRET
string
REVA_GATEWAY string 127.0.0.1:9142
AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN bool false Disables the encoding of the user’s groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups.
AUTH_BASIC_AUTH_PROVIDER string ldap The auth provider which should be used by the service (e.g. ‘ldap’).
LDAP_URI
AUTH_BASIC_LDAP_URI
string ldaps://localhost:9235 URI of the LDAP Server to connect to. Supported URI schemes are ‘ldaps://’ and ‘ldap://’
LDAP_CACERT
AUTH_BASIC_LDAP_CACERT
string ~/.ocis/idm/ldap.crt Path to a CA certificate file for validating the LDAP server’s TLS certificate. If empty the system default CA bundle will be used.
LDAP_INSECURE
AUTH_BASIC_LDAP_INSECURE
bool false Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
LDAP_BIND_DN
AUTH_BASIC_LDAP_BIND_DN
string uid=reva,ou=sysusers,o=libregraph-idm LDAP DN to use for simple bind authentication with the target LDAP server.
LDAP_BIND_PASSWORD
AUTH_BASIC_LDAP_BIND_PASSWORD
string Password to use for authenticating the ‘bind_dn’.
LDAP_USER_BASE_DN
AUTH_BASIC_LDAP_USER_BASE_DN
string ou=users,o=libregraph-idm Search base DN for looking up LDAP users.
LDAP_GROUP_BASE_DN
AUTH_BASIC_LDAP_GROUP_BASE_DN
string ou=groups,o=libregraph-idm Search base DN for looking up LDAP groups.
LDAP_USER_SCOPE
AUTH_BASIC_LDAP_USER_SCOPE
string sub LDAP search scope to use when looking up users (‘base’, ‘one’, ‘sub’).
LDAP_GROUP_SCOPE
AUTH_BASIC_LDAP_GROUP_SCOPE
string sub LDAP search scope to use when looking up gruops (‘base’, ‘one’, ‘sub’).
LDAP_USERFILTER
AUTH_BASIC_LDAP_USERFILTER
string LDAP filter to add to the default filters for user search (e.g. ‘(objectclass=ownCloud)').
LDAP_GROUPFILTER
AUTH_BASIC_LDAP_GROUPFILTER
string LDAP filter to add to the default filters for group searches.
LDAP_USER_OBJECTCLASS
AUTH_BASIC_LDAP_USER_OBJECTCLASS
string inetOrgPerson The object class to use for users in the default user search filter (‘inetOrgPerson’).
LDAP_GROUP_OBJECTCLASS
AUTH_BASIC_LDAP_GROUP_OBJECTCLASS
string groupOfNames The object class to use for groups in the default group search filter (‘groupOfNames’).
LDAP_LOGIN_ATTRIBUTES
AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES
[uid mail]
OCIS_URL
OCIS_OIDC_ISSUER
AUTH_BASIC_IDP_URL
string https://localhost:9200 The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
LDAP_USER_SCHEMA_ID
AUTH_BASIC_LDAP_USER_SCHEMA_ID
string ownclouduuid LDAP Attribute to use as the unique id for users. This should be a stable globally unique id (e.g. a UUID).
LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
bool false Set this to true if the defined ‘id’ attribute for users is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the user ids.
LDAP_USER_SCHEMA_MAIL
AUTH_BASIC_LDAP_USER_SCHEMA_MAIL
string mail LDAP Attribute to use for the email address of users.
LDAP_USER_SCHEMA_DISPLAYNAME
AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME
string displayname LDAP Attribute to use for the displayname of users.
LDAP_USER_SCHEMA_USERNAME
AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME
string uid LDAP Attribute to use for username of users.
LDAP_GROUP_SCHEMA_ID
AUTH_BASIC_LDAP_GROUP_SCHEMA_ID
string ownclouduuid LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
bool false Set this to true if the defined ‘id’ attribute for groups is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the group ids.
LDAP_GROUP_SCHEMA_MAIL
AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL
string mail LDAP Attribute to use for the email address of groups (can be empty).
LDAP_GROUP_SCHEMA_DISPLAYNAME
AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME
string cn LDAP Attribute to use for the displayname of groups (often the same as groupname attribute)
LDAP_GROUP_SCHEMA_GROUPNAME
AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME
string cn LDAP Attribute to use for the name of groups
LDAP_GROUP_SCHEMA_MEMBER
AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER
string member LDAP Attribute that is used for group members.
AUTH_BASIC_OWNCLOUDSQL_DB_USERNAME string owncloud Database user to use for authenticating with the owncloud database.
AUTH_BASIC_OWNCLOUDSQL_DB_PASSWORD string Password for the database user.
AUTH_BASIC_OWNCLOUDSQL_DB_HOST string mysql Hostname of the database server.
AUTH_BASIC_OWNCLOUDSQL_DB_PORT int 3306 Network port to use for the database connection.
AUTH_BASIC_OWNCLOUDSQL_DB_NAME string owncloud Name of the owncloud database.
AUTH_BASIC_OWNCLOUDSQL_IDP string https://localhost:9200 The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
AUTH_BASIC_OWNCLOUDSQL_NOBODY int64 90
AUTH_BASIC_OWNCLOUDSQL_JOIN_USERNAME bool false Join the user properties table to read usernames
AUTH_BASIC_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID bool false Join the user properties table to read user ids (boolean).