ownCloud
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
Edit page

Service Configuration

Example YAML Config

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Autogenerated
# Filename: groups-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9161
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9160
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
skip_user_groups_in_token: false
driver: ldap
drivers:
  ldap:
    uri: ldaps://localhost:9235
    ca_cert: ~/.ocis/idm/ldap.crt
    insecure: false
    bind_dn: uid=reva,ou=sysusers,o=libregraph-idm
    bind_password: ""
    user_base_dn: ou=users,o=libregraph-idm
    group_base_dn: ou=groups,o=libregraph-idm
    user_scope: sub
    group_scope: sub
    user_filter: ""
    group_filter: ""
    user_object_class: inetOrgPerson
    group_object_class: groupOfNames
    idp: https://localhost:9200
    user_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: displayname
      user_name: uid
    group_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: cn
      group_name: cn
      member: member
  owncloudsql:
    db_username: owncloud
    db_password: ""
    db_host: mysql
    db_port: 3306
    db_name: owncloud
    idp: https://localhost:9200
    nobody: 90
    join_username: false
    join_owncloud_uuid: false
    enable_medial_search: false

Environment Variables

Name Type Default Value Description
OCIS_TRACING_ENABLED
GROUPS_TRACING_ENABLED
bool false Activates tracing.
OCIS_TRACING_TYPE
GROUPS_TRACING_TYPE
string The sampler type: remote, const, probabilistic, ratelimiting (default remote). See also https://www.jaegertracing.io/docs/latest/sampling/.
OCIS_TRACING_ENDPOINT
GROUPS_TRACING_ENDPOINT
string The endpoint to the tracing collector.
OCIS_TRACING_COLLECTOR
GROUPS_TRACING_COLLECTOR
string The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. If specified, the tracing endpoint is ignored.
OCIS_LOG_LEVEL
GROUPS_LOG_LEVEL
string The log level.
OCIS_LOG_PRETTY
GROUPS_LOG_PRETTY
bool false Activates pretty log output.
OCIS_LOG_COLOR
GROUPS_LOG_COLOR
bool false Activates colorized log output.
OCIS_LOG_FILE
GROUPS_LOG_FILE
string The target log file.
GROUPS_DEBUG_ADDR string 127.0.0.1:9161 Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
GROUPS_DEBUG_TOKEN string Token to secure the metrics endpoint
GROUPS_DEBUG_PPROF bool false Enables pprof, which can be used for profiling
GROUPS_DEBUG_ZPAGES bool false Enables zpages, which can be used for collecting and viewing traces in-me
GROUPS_GRPC_ADDR string 127.0.0.1:9160 The address of the grpc service.
GROUPS_GRPC_PROTOCOL string tcp The transport protocol of the grpc service.
OCIS_JWT_SECRET
GROUPS_JWT_SECRET
string
REVA_GATEWAY string 127.0.0.1:9142
GROUPS_SKIP_USER_GROUPS_IN_TOKEN bool false Disables the encoding of the user’s groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups.
LDAP_URI
GROUPS_LDAP_URI
string ldaps://localhost:9235 URI of the LDAP Server to connect to. Supported URI schemes are ‘ldaps://’ and ‘ldap://’
LDAP_CACERT
GROUPS_LDAP_CACERT
string ~/.ocis/idm/ldap.crt Path to a CA certificate file for validating the LDAP server’s TLS certificate. If empty the system default CA bundle will be used.
LDAP_INSECURE
GROUPS_LDAP_INSECURE
bool false Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
LDAP_BIND_DN
GROUPS_LDAP_BIND_DN
string uid=reva,ou=sysusers,o=libregraph-idm LDAP DN to use for simple bind authentication with the target LDAP server.
LDAP_BIND_PASSWORD
GROUPS_LDAP_BIND_PASSWORD
string Password to use for authenticating the ‘bind_dn’.
LDAP_USER_BASE_DN
GROUPS_LDAP_USER_BASE_DN
string ou=users,o=libregraph-idm Search base DN for looking up LDAP users.
LDAP_GROUP_BASE_DN
GROUPS_LDAP_GROUP_BASE_DN
string ou=groups,o=libregraph-idm Search base DN for looking up LDAP groups.
LDAP_USER_SCOPE
GROUPS_LDAP_USER_SCOPE
string sub LDAP search scope to use when looking up users (‘base’, ‘one’, ‘sub’).
LDAP_GROUP_SCOPE
GROUPS_LDAP_GROUP_SCOPE
string sub LDAP search scope to use when looking up gruops (‘base’, ‘one’, ‘sub’).
LDAP_USERFILTER
GROUPS_LDAP_USERFILTER
string LDAP filter to add to the default filters for user search (e.g. ‘(objectclass=ownCloud)').
LDAP_GROUPFILTER
GROUPS_LDAP_GROUPFILTER
string LDAP filter to add to the default filters for group searches.
LDAP_USER_OBJECTCLASS
GROUPS_LDAP_USER_OBJECTCLASS
string inetOrgPerson The object class to use for users in the default user search filter (‘inetOrgPerson’).
LDAP_GROUP_OBJECTCLASS
GROUPS_LDAP_GROUP_OBJECTCLASS
string groupOfNames The object class to use for groups in the default group search filter (‘groupOfNames’).
OCIS_URL
OCIS_OIDC_ISSUER
GROUPS_IDP_URL
string https://localhost:9200 The identity provider value to set in the groupids of the CS3 group objects for groups returned by this group provider.
LDAP_USER_SCHEMA_ID
GROUPS_LDAP_USER_SCHEMA_ID
string ownclouduuid LDAP Attribute to use as the unique id for users. This should be a stable globally unique id (e.g. a UUID).
LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
bool false Set this to true if the defined ‘id’ attribute for users is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the user ids.
LDAP_USER_SCHEMA_MAIL
GROUPS_LDAP_USER_SCHEMA_MAIL
string mail LDAP Attribute to use for the email address of users.
LDAP_USER_SCHEMA_DISPLAYNAME
GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME
string displayname LDAP Attribute to use for the displayname of users.
LDAP_USER_SCHEMA_USERNAME
GROUPS_LDAP_USER_SCHEMA_USERNAME
string uid LDAP Attribute to use for username of users.
LDAP_GROUP_SCHEMA_ID
GROUPS_LDAP_GROUP_SCHEMA_ID
string ownclouduuid LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
bool false Set this to true if the defined ‘id’ attribute for groups is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the group ids.
LDAP_GROUP_SCHEMA_MAIL
GROUPS_LDAP_GROUP_SCHEMA_MAIL
string mail LDAP Attribute to use for the email address of groups (can be empty).
LDAP_GROUP_SCHEMA_DISPLAYNAME
GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME
string cn LDAP Attribute to use for the displayname of groups (often the same as groupname attribute)
LDAP_GROUP_SCHEMA_GROUPNAME
GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME
string cn LDAP Attribute to use for the name of groups
LDAP_GROUP_SCHEMA_MEMBER
GROUPS_LDAP_GROUP_SCHEMA_MEMBER
string member LDAP Attribute that is used for group members.
GROUPS_OWNCLOUDSQL_DB_USERNAME string owncloud Database user to use for authenticating with the owncloud database.
GROUPS_OWNCLOUDSQL_DB_PASSWORD string Password for the database user.
GROUPS_OWNCLOUDSQL_DB_HOST string mysql Hostname of the database server.
GROUPS_OWNCLOUDSQL_DB_PORT int 3306 Network port to use for the database connection.
GROUPS_OWNCLOUDSQL_DB_NAME string owncloud Name of the owncloud database.
GROUPS_OWNCLOUDSQL_IDP string https://localhost:9200 The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
GROUPS_OWNCLOUDSQL_NOBODY int64 90
GROUPS_OWNCLOUDSQL_JOIN_USERNAME bool false Join the user properties table to read usernames (boolean)
GROUPS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID bool false Join the user properties table to read user ids (boolean).
GROUPS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH bool false Allow ‘medial search’ when searching for users instead of just doing a prefix search. (Allows finding ‘Alice’ when searching for ‘lic’.)