Skip to content

Commit

Permalink
Readme for Auth-Basic (#4919)
Browse files Browse the repository at this point in the history
* readme for the auth-basic service

Signed-off-by: jkoberg <[email protected]>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Jörn Friedrich Dreyer <[email protected]>

* Update services/auth-basic/README.md

Co-authored-by: Martin <[email protected]>

Signed-off-by: jkoberg <[email protected]>
Co-authored-by: Martin <[email protected]>
Co-authored-by: Jörn Friedrich Dreyer <[email protected]>
  • Loading branch information
3 people authored Nov 3, 2022
1 parent 036829e commit 92d3f77
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions services/auth-basic/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Auth-Basic Service

The `auth-basic` service is responsible for validating authentication of incoming requests. To do so, it will use the configured `auth manager`, see the `Auth Managers` section. Only HTTP basic auth requests to ocis will involve the `auth-basic` service.

## Auth Managers

Since the `auth-basic` service does not do any validation itself, it needs to be configured with an authentication manager. One can use the `AUTH_BASIC_AUTH_PROVIDER` environment variable to configure this.

### LDAP Auth Manager

Setting `AUTH_BASIC_AUTH_PROVIDER` to `"ldap"` will configure the `auth-basic` service to use LDAP as auth manager. This is the recommended option for running in a production and testing environment. More details on how to configure LDAP with ocis can be found in the admin docs.

### Other Auth Managers

The possible auth mangers which can be selected are `"ldap"` and `"owncloudsql"`. Those are tested and usable though `"ldap"` is the recommend manager. Refer to the admin docs for additional information about those.

## Scalability

Scalability, just like memory and CPU consumption, are highly dependent on the configured auth manager. When using the recommended one which is `"ldap"`, there is no persistance as requests will just be forwarded to the LDAP server. Therefore, multiple instances of the `auth-basic` service can be started without further configuration. Be aware, that other auth managers might not allow that.

0 comments on commit 92d3f77

Please sign in to comment.