Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

idm: Allow to create demo and service users on startup #3260

Merged
merged 2 commits into from
Mar 9, 2022
Merged

idm: Allow to create demo and service users on startup #3260

merged 2 commits into from
Mar 9, 2022

Conversation

rhafer
Copy link
Contributor

@rhafer rhafer commented Mar 3, 2022
edited
Loading

Description

Uses go:embed to include the demo and service users from LDIF.
Using a template file for the service users to be able to set
custom passwords via config/env.

In order to switch ocis to use idm instead of accounts/glauth it
currently needs to be started with this env (the idea is to clean switch the defaults towards idm in a followup PR):

GRAPH_IDENTITY_BACKEND=ldap
GRAPH_LDAP_URI=ldaps://localhost:9235
GRAPH_LDAP_BIND_DN="uid=libregraph,ou=sysusers,o=libregraph-idm"
GRAPH_LDAP_BIND_PASSWORD=idm
GRAPH_LDAP_USER_EMAIL_ATTRIBUTE=mail
GRAPH_LDAP_USER_NAME_ATTRIBUTE=uid
GRAPH_LDAP_USER_BASE_DN="ou=users,o=libregraph-idm"
GRAPH_LDAP_GROUP_BASE_DN="ou=groups,o=libregraph-idm"
GRAPH_LDAP_SERVER_WRITE_ENABLED="true"
IDP_INSECURE="true"
IDP_LDAP_FILTER="(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
IDP_LDAP_URI=ldaps://localhost:9235
IDP_LDAP_BIND_DN="uid=idp,ou=sysusers,o=libregraph-idm"
IDP_LDAP_BIND_PASSWORD="idp"
IDP_LDAP_BASE_DN="ou=users,o=libregraph-idm"
IDP_LDAP_LOGIN_ATTRIBUTE=uid
IDP_LDAP_UUID_ATTRIBUTE="ownclouduuid"
IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary
PROXY_ACCOUNT_BACKEND_TYPE=cs3
OCS_ACCOUNT_BACKEND_TYPE=cs3
STORAGE_LDAP_HOSTNAME=localhost
STORAGE_LDAP_PORT=9235
STORAGE_LDAP_INSECURE="true"
STORAGE_LDAP_BASE_DN="o=libregraph-idm"
STORAGE_LDAP_BIND_DN="uid=reva,ou=sysusers,o=libregraph-idm"
STORAGE_LDAP_BIND_PASSWORD=reva
STORAGE_LDAP_LOGINFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
STORAGE_LDAP_USERFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
STORAGE_LDAP_USERATTRIBUTEFILTER='(&(objectclass=owncloud)({{attr}}={{value}}))'
STORAGE_LDAP_USERFINDFILTER='(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
STORAGE_LDAP_GROUPFILTER='(&(objectclass=groupOfNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
OCIS_INSECURE=true

How Has This Been Tested?

Manually. Test automation will be possible with #3167

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

@rhafer rhafer self-assigned this Mar 3, 2022
@update-docs
Copy link

update-docs bot commented Mar 3, 2022

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@rhafer rhafer requested review from wkloucek and C0rby March 7, 2022 07:30
kobergj
kobergj requested changes Mar 9, 2022
View reviewed changes
Copy link
Collaborator

@kobergj kobergj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG in general. But as always some picky minors...

idm/pkg/command/server.go Outdated Show resolved Hide resolved
idm/pkg/config/config.go Show resolved Hide resolved
micbar
micbar reviewed Mar 9, 2022
View reviewed changes
idm/ldif/demousers.ldif Outdated Show resolved Hide resolved
rhafer added 2 commits March 9, 2022 15:18
@rhafer
idm: Allow to create demo and service users on startup
436399e 
Uses go:embed to include the demo and service users from LDIF.
Using a template file for the service users to be able to set
custom passwords via config/env.

In order to switch ocis to use idm instead of accounts/glauth it
currently needs to be started with this env:

GRAPH_IDENTITY_BACKEND=ldap
GRAPH_LDAP_URI=ldaps://localhost:9235
GRAPH_LDAP_BIND_DN="uid=libregraph,ou=sysusers,o=libregraph-idm"
GRAPH_LDAP_BIND_PASSWORD=idm
GRAPH_LDAP_USER_EMAIL_ATTRIBUTE=mail
GRAPH_LDAP_USER_NAME_ATTRIBUTE=uid
GRAPH_LDAP_USER_BASE_DN="ou=users,o=libregraph-idm"
GRAPH_LDAP_GROUP_BASE_DN="ou=groups,o=libregraph-idm"
GRAPH_LDAP_SERVER_WRITE_ENABLED="true"
IDP_LDAP_FILTER="(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
IDP_LDAP_URI=ldaps://localhost:9235
IDP_LDAP_BIND_DN="uid=idp,ou=sysusers,o=libregraph-idm"
IDP_LDAP_BIND_PASSWORD="idp"
IDP_LDAP_BASE_DN="ou=users,o=libregraph-idm"
IDP_LDAP_LOGIN_ATTRIBUTE=uid
IDP_LDAP_UUID_ATTRIBUTE="ownclouduuid"
IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary
PROXY_ACCOUNT_BACKEND_TYPE=cs3
OCS_ACCOUNT_BACKEND_TYPE=cs3
STORAGE_LDAP_HOSTNAME=localhost
STORAGE_LDAP_PORT=9235
STORAGE_LDAP_INSECURE="true"
STORAGE_LDAP_BASE_DN="o=libregraph-idm"
STORAGE_LDAP_BIND_DN="uid=reva,ou=sysusers,o=libregraph-idm"
STORAGE_LDAP_BIND_PASSWORD=reva
STORAGE_LDAP_LOGINFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
STORAGE_LDAP_USERFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
STORAGE_LDAP_USERATTRIBUTEFILTER='(&(objectclass=owncloud)({{attr}}={{value}}))'
STORAGE_LDAP_USERFINDFILTER='(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
STORAGE_LDAP_GROUPFILTER='(&(objectclass=groupOfNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
OCIS_INSECURE=true
@rhafer
bump libregraph/idm to lastest master
26abb63
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 9, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

0.0% 0.0% Coverage
1.4% 1.4% Duplication

@rhafer rhafer merged commit f0954b2 into owncloud:master Mar 9, 2022
ownclouders pushed a commit that referenced this pull request Mar 9, 2022
@rhafer
commit f0954b2
4c02194 
Merge: dc324b2 26abb63
Author: Ralf Haferkamp <[email protected]>
Date:   Wed Mar 9 18:20:12 2022 +0100

    Merge pull request #3260 from rhafer/idm-demousers

    idm: Allow to create demo and service users on startup
ownclouders pushed a commit that referenced this pull request Mar 10, 2022
@rhafer
commit f0954b2
9c6eb1e 
Merge: dc324b2 26abb63
Author: Ralf Haferkamp <[email protected]>
Date:   Wed Mar 9 18:20:12 2022 +0100

    Merge pull request #3260 from rhafer/idm-demousers

    idm: Allow to create demo and service users on startup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kobergj kobergj kobergj approved these changes

@micbar micbar micbar approved these changes

@wkloucek wkloucek Awaiting requested review from wkloucek

@C0rby C0rby Awaiting requested review from C0rby

Assignees

@rhafer rhafer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rhafer @micbar @kobergj