Service Configuration

Example YAML Config

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67


# Autogenerated
# Filename: groups-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9161
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9160
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
skip_user_groups_in_token: false
driver: ldap
drivers:
  ldap:
    uri: ldaps://localhost:9235
    ca_cert: ~/.ocis/idm/ldap.crt
    insecure: false
    bind_dn: uid=reva,ou=sysusers,o=libregraph-idm
    bind_password: ""
    user_base_dn: ou=users,o=libregraph-idm
    group_base_dn: ou=groups,o=libregraph-idm
    user_scope: sub
    group_scope: sub
    user_filter: ""
    group_filter: ""
    user_object_class: inetOrgPerson
    group_object_class: groupOfNames
    idp: https://localhost:9200
    user_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: displayname
      user_name: uid
    group_schema:
      id: ownclouduuid
      id_is_octet_string: false
      mail: mail
      display_name: cn
      group_name: cn
      member: member
  owncloudsql:
    db_username: owncloud
    db_password: ""
    db_host: mysql
    db_port: 3306
    db_name: owncloud
    idp: https://localhost:9200
    nobody: 90
    join_username: false
    join_owncloud_uuid: false
    enable_medial_search: false

Environment Variables

Name	Type	Default Value	Description
OCIS_TRACING_ENABLED GROUPS_TRACING_ENABLED	bool	false	Activates tracing.
OCIS_TRACING_TYPE GROUPS_TRACING_TYPE	string		The sampler type: remote, const, probabilistic, ratelimiting (default remote). See also https://www.jaegertracing.io/docs/latest/sampling/.
OCIS_TRACING_ENDPOINT GROUPS_TRACING_ENDPOINT	string		The endpoint to the tracing collector.
OCIS_TRACING_COLLECTOR GROUPS_TRACING_COLLECTOR	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. If specified, the tracing endpoint is ignored.
OCIS_LOG_LEVEL GROUPS_LOG_LEVEL	string		The log level.
OCIS_LOG_PRETTY GROUPS_LOG_PRETTY	bool	false	Activates pretty log output.
OCIS_LOG_COLOR GROUPS_LOG_COLOR	bool	false	Activates colorized log output.
OCIS_LOG_FILE GROUPS_LOG_FILE	string		The target log file.
GROUPS_DEBUG_ADDR	string	127.0.0.1:9161	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
GROUPS_DEBUG_TOKEN	string		Token to secure the metrics endpoint
GROUPS_DEBUG_PPROF	bool	false	Enables pprof, which can be used for profiling
GROUPS_DEBUG_ZPAGES	bool	false	Enables zpages, which can be used for collecting and viewing traces in-me
GROUPS_GRPC_ADDR	string	127.0.0.1:9160	The address of the grpc service.
GROUPS_GRPC_PROTOCOL	string	tcp	The transport protocol of the grpc service.
OCIS_JWT_SECRET GROUPS_JWT_SECRET	string
REVA_GATEWAY	string	127.0.0.1:9142
GROUPS_SKIP_USER_GROUPS_IN_TOKEN	bool	false	Disables the encoding of the user’s groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups.
LDAP_URI GROUPS_LDAP_URI	string	ldaps://localhost:9235	URI of the LDAP Server to connect to. Supported URI schemes are ‘ldaps://’ and ‘ldap://’
LDAP_CACERT GROUPS_LDAP_CACERT	string	~/.ocis/idm/ldap.crt	Path to a CA certificate file for validating the LDAP server’s TLS certificate. If empty the system default CA bundle will be used.
LDAP_INSECURE GROUPS_LDAP_INSECURE	bool	false	Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
LDAP_BIND_DN GROUPS_LDAP_BIND_DN	string	uid=reva,ou=sysusers,o=libregraph-idm	LDAP DN to use for simple bind authentication with the target LDAP server.
LDAP_BIND_PASSWORD GROUPS_LDAP_BIND_PASSWORD	string		Password to use for authenticating the ‘bind_dn’.
LDAP_USER_BASE_DN GROUPS_LDAP_USER_BASE_DN	string	ou=users,o=libregraph-idm	Search base DN for looking up LDAP users.
LDAP_GROUP_BASE_DN GROUPS_LDAP_GROUP_BASE_DN	string	ou=groups,o=libregraph-idm	Search base DN for looking up LDAP groups.
LDAP_USER_SCOPE GROUPS_LDAP_USER_SCOPE	string	sub	LDAP search scope to use when looking up users (‘base’, ‘one’, ‘sub’).
LDAP_GROUP_SCOPE GROUPS_LDAP_GROUP_SCOPE	string	sub	LDAP search scope to use when looking up gruops (‘base’, ‘one’, ‘sub’).
LDAP_USERFILTER GROUPS_LDAP_USERFILTER	string		LDAP filter to add to the default filters for user search (e.g. ‘(objectclass=ownCloud)').
LDAP_GROUPFILTER GROUPS_LDAP_GROUPFILTER	string		LDAP filter to add to the default filters for group searches.
LDAP_USER_OBJECTCLASS GROUPS_LDAP_USER_OBJECTCLASS	string	inetOrgPerson	The object class to use for users in the default user search filter (‘inetOrgPerson’).
LDAP_GROUP_OBJECTCLASS GROUPS_LDAP_GROUP_OBJECTCLASS	string	groupOfNames	The object class to use for groups in the default group search filter (‘groupOfNames’).
OCIS_URL OCIS_OIDC_ISSUER GROUPS_IDP_URL	string	https://localhost:9200	The identity provider value to set in the groupids of the CS3 group objects for groups returned by this group provider.
LDAP_USER_SCHEMA_ID GROUPS_LDAP_USER_SCHEMA_ID	string	ownclouduuid	LDAP Attribute to use as the unique id for users. This should be a stable globally unique id (e.g. a UUID).
LDAP_USER_SCHEMA_ID_IS_OCTETSTRING GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING	bool	false	Set this to true if the defined ‘id’ attribute for users is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the user ids.
LDAP_USER_SCHEMA_MAIL GROUPS_LDAP_USER_SCHEMA_MAIL	string	mail	LDAP Attribute to use for the email address of users.
LDAP_USER_SCHEMA_DISPLAYNAME GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME	string	displayname	LDAP Attribute to use for the displayname of users.
LDAP_USER_SCHEMA_USERNAME GROUPS_LDAP_USER_SCHEMA_USERNAME	string	uid	LDAP Attribute to use for username of users.
LDAP_GROUP_SCHEMA_ID GROUPS_LDAP_GROUP_SCHEMA_ID	string	ownclouduuid	LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING	bool	false	Set this to true if the defined ‘id’ attribute for groups is of the ‘OCTETSTRING’ syntax. This is e.g. required when using the ‘objectGUID’ attribute of Active Directory for the group ids.
LDAP_GROUP_SCHEMA_MAIL GROUPS_LDAP_GROUP_SCHEMA_MAIL	string	mail	LDAP Attribute to use for the email address of groups (can be empty).
LDAP_GROUP_SCHEMA_DISPLAYNAME GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME	string	cn	LDAP Attribute to use for the displayname of groups (often the same as groupname attribute)
LDAP_GROUP_SCHEMA_GROUPNAME GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME	string	cn	LDAP Attribute to use for the name of groups
LDAP_GROUP_SCHEMA_MEMBER GROUPS_LDAP_GROUP_SCHEMA_MEMBER	string	member	LDAP Attribute that is used for group members.
GROUPS_OWNCLOUDSQL_DB_USERNAME	string	owncloud	Database user to use for authenticating with the owncloud database.
GROUPS_OWNCLOUDSQL_DB_PASSWORD	string		Password for the database user.
GROUPS_OWNCLOUDSQL_DB_HOST	string	mysql	Hostname of the database server.
GROUPS_OWNCLOUDSQL_DB_PORT	int	3306	Network port to use for the database connection.
GROUPS_OWNCLOUDSQL_DB_NAME	string	owncloud	Name of the owncloud database.
GROUPS_OWNCLOUDSQL_IDP	string	https://localhost:9200	The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
GROUPS_OWNCLOUDSQL_NOBODY	int64	90
GROUPS_OWNCLOUDSQL_JOIN_USERNAME	bool	false	Join the user properties table to read usernames (boolean)
GROUPS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID	bool	false	Join the user properties table to read user ids (boolean).
GROUPS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH	bool	false	Allow ‘medial search’ when searching for users instead of just doing a prefix search. (Allows finding ‘Alice’ when searching for ‘lic’.)