From 8a9f02531380453e1490db7ddc2f7d2843eddbbd Mon Sep 17 00:00:00 2001 From: mmattel Date: Wed, 3 May 2023 12:07:20 +0200 Subject: [PATCH] [docs-only] Adding a Identity Provider section in owncloud.dev --- docs/ocis/identity-provider/_index.md | 13 ++++++ .../ldap-active-directory.md | 42 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 docs/ocis/identity-provider/_index.md create mode 100644 docs/ocis/identity-provider/ldap-active-directory.md diff --git a/docs/ocis/identity-provider/_index.md b/docs/ocis/identity-provider/_index.md new file mode 100644 index 00000000000..8e8567e1978 --- /dev/null +++ b/docs/ocis/identity-provider/_index.md @@ -0,0 +1,13 @@ +--- +title: "Identity Provider" +date: 2023-05-03T00:00:00+00:00 +weight: 20 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/identity-provider +geekdocFilePath: _index.md +geekdocCollapseSection: true +--- + +## Overview + +oCIS provides an internal identity provider which can be configured via the [IDP service](../../services/idp/), or connect to an external identity provider like Keycloak or Microsoft Active Directory. diff --git a/docs/ocis/identity-provider/ldap-active-directory.md b/docs/ocis/identity-provider/ldap-active-directory.md new file mode 100644 index 00000000000..bfc7351eb20 --- /dev/null +++ b/docs/ocis/identity-provider/ldap-active-directory.md @@ -0,0 +1,42 @@ +--- +title: "LDAP - Active Directory" +date: 2023-05-03T00:00:00+00:00 +weight: 20 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/identity-provider +geekdocFilePath: ldap-active-directory.md +geekdocCollapseSection: true +--- + +## Overview + +oCIS can be configured using Active Directory as identity provider. + +## Configuration Example + +This configuration is an _example_ for using Samba4 AD as well as a Windows Server 2022 as the LDAP backend for oCIS. It is intended as guideline and first starting point. + +```text +OCIS_LDAP_URI=ldaps://xxxxxxxxx +OCIS_LDAP_INSECURE="true" +OCIS_LDAP_BIND_DN="cn=administrator,cn=users,xxxxxxxxxx" +OCIS_LDAP_BIND_PASSWORD=xxxxxxx +OCIS_LDAP_GROUP_BASE_DN="dc=owncloud,dc=test" +OCIS_LDAP_GROUP_OBJECTCLASS="group" +OCIS_LDAP_GROUP_SCHEMA_ID="objectGUID" +OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING="true" +OCIS_LDAP_GROUP_SCHEMA_GROUPNAME="cn" +OCIS_LDAP_USER_BASE_DN="dc=owncloud,dc=test" +OCIS_LDAP_USER_OBJECTCLASS="user" +OCIS_LDAP_USER_SCHEMA_ID="objectGUID" +OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING="true" +OCIS_LDAP_USER_SCHEMA_USERNAME="sAMAccountName" +OCIS_LDAP_USER_ENABLED_ATTRIBUTE="" +OCIS_LDAP_LOGIN_ATTRIBUTES="sAMAccountName" +IDP_LDAP_LOGIN_ATTRIBUTE="sAMAccountName" +IDP_LDAP_UUID_ATTRIBUTE="objectGUID" +IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary +GRAPH_LDAP_SERVER_WRITE_ENABLED="false" +OCIS_EXCLUDE_RUN_SERVICES=idm +OCIS_ADMIN_USER_ID="" +```