diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index e792a17f2b8..e52973781d1 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -66,22 +66,23 @@ type Drivers struct { } type LDAPDriver struct { - URI string `yaml:"uri" env:"LDAP_URI;GROUPS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"` - CACert string `yaml:"ca_cert" env:"LDAP_CACERT;GROUPS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."` - Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."` - BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."` - BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."` - UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."` - GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."` - UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'."` - GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'."` - UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."` - GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."` - UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')."` - GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')."` - IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL" desc:"The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider."` - UserSchema LDAPUserSchema `yaml:"user_schema"` - GroupSchema LDAPGroupSchema `yaml:"group_schema"` + URI string `yaml:"uri" env:"LDAP_URI;GROUPS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"` + CACert string `yaml:"ca_cert" env:"LDAP_CACERT;GROUPS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."` + Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."` + BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."` + UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."` + GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."` + UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'."` + GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'."` + GroupSubstringFilterType string `yaml:"group_substring_filter_type" env:"LDAP_GROUP_SUBSTRING_FILTER_TYPE;GROUP_LDAP_GROUP_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for groups. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches"` + UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."` + GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."` + UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')."` + GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')."` + IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL" desc:"The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider."` + UserSchema LDAPUserSchema `yaml:"user_schema"` + GroupSchema LDAPGroupSchema `yaml:"group_schema"` } type LDAPUserSchema struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 4f65742b895..ec5cedf544e 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -36,19 +36,20 @@ func DefaultConfig() *config.Config { Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ - URI: "ldaps://localhost:9235", - CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), - Insecure: false, - UserBaseDN: "ou=users,o=libregraph-idm", - GroupBaseDN: "ou=groups,o=libregraph-idm", - UserScope: "sub", - GroupScope: "sub", - UserFilter: "", - GroupFilter: "", - UserObjectClass: "inetOrgPerson", - GroupObjectClass: "groupOfNames", - BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - IDP: "https://localhost:9200", + URI: "ldaps://localhost:9235", + CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), + Insecure: false, + UserBaseDN: "ou=users,o=libregraph-idm", + GroupBaseDN: "ou=groups,o=libregraph-idm", + UserScope: "sub", + GroupScope: "sub", + GroupSubstringFilterType: "initial", + UserFilter: "", + GroupFilter: "", + UserObjectClass: "inetOrgPerson", + GroupObjectClass: "groupOfNames", + BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", + IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", Mail: "mail", diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 7e6d7fc4306..e5d048abf22 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -50,20 +50,21 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} { return map[string]interface{}{ - "uri": cfg.URI, - "cacert": cfg.CACert, - "insecure": cfg.Insecure, - "bind_username": cfg.BindDN, - "bind_password": cfg.BindPassword, - "user_base_dn": cfg.UserBaseDN, - "group_base_dn": cfg.GroupBaseDN, - "user_scope": cfg.UserScope, - "group_scope": cfg.GroupScope, - "user_filter": cfg.UserFilter, - "group_filter": cfg.GroupFilter, - "user_objectclass": cfg.UserObjectClass, - "group_objectclass": cfg.GroupObjectClass, - "idp": cfg.IDP, + "uri": cfg.URI, + "cacert": cfg.CACert, + "insecure": cfg.Insecure, + "bind_username": cfg.BindDN, + "bind_password": cfg.BindPassword, + "user_base_dn": cfg.UserBaseDN, + "group_base_dn": cfg.GroupBaseDN, + "user_scope": cfg.UserScope, + "group_scope": cfg.GroupScope, + "group_substring_filter_type": cfg.GroupSubstringFilterType, + "user_filter": cfg.UserFilter, + "group_filter": cfg.GroupFilter, + "user_objectclass": cfg.UserObjectClass, + "group_objectclass": cfg.GroupObjectClass, + "idp": cfg.IDP, "user_schema": map[string]interface{}{ "id": cfg.UserSchema.ID, "idIsOctetString": cfg.UserSchema.IDIsOctetString, diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 38da71eccd3..84eeeea1839 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -69,22 +69,23 @@ type JSONDriver struct { File string `yaml:"file"` } type LDAPDriver struct { - URI string `yaml:"uri" env:"LDAP_URI;USERS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"` - CACert string `yaml:"ca_cert" env:"LDAP_CACERT;USERS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."` - Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;USERS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."` - BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."` - BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."` - UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."` - GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."` - UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'."` - GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'."` - UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."` - GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."` - UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter like 'inetOrgPerson'."` - GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter like 'groupOfNames'. "` - IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;USERS_IDP_URL" desc:"The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider."` - UserSchema LDAPUserSchema `yaml:"user_schema"` - GroupSchema LDAPGroupSchema `yaml:"group_schema"` + URI string `yaml:"uri" env:"LDAP_URI;USERS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"` + CACert string `yaml:"ca_cert" env:"LDAP_CACERT;USERS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."` + Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;USERS_LDAP_INSECURE" desc:"Disable TLS certificate validation for the LDAP connections. Do not set this in production environments."` + BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."` + UserBaseDN string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users."` + GroupBaseDN string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups."` + UserScope string `yaml:"user_scope" env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'."` + GroupScope string `yaml:"group_scope" env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'."` + UserSubstringFilterType string `yaml:"user_substring_filter_type" env:"LDAP_USER_SUBSTRING_FILTER_TYPE;USERS_LDAP_USER_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for users. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches"` + UserFilter string `yaml:"user_filter" env:"LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'."` + GroupFilter string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches."` + UserObjectClass string `yaml:"user_object_class" env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter like 'inetOrgPerson'."` + GroupObjectClass string `yaml:"group_object_class" env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter like 'groupOfNames'. "` + IDP string `yaml:"idp" env:"OCIS_URL;OCIS_OIDC_ISSUER;USERS_IDP_URL" desc:"The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider."` + UserSchema LDAPUserSchema `yaml:"user_schema"` + GroupSchema LDAPGroupSchema `yaml:"group_schema"` } type LDAPUserSchema struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 9353387d166..b6f43113d56 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -36,19 +36,20 @@ func DefaultConfig() *config.Config { Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ - URI: "ldaps://localhost:9235", - CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), - Insecure: false, - UserBaseDN: "ou=users,o=libregraph-idm", - GroupBaseDN: "ou=groups,o=libregraph-idm", - UserScope: "sub", - GroupScope: "sub", - UserFilter: "", - GroupFilter: "", - UserObjectClass: "inetOrgPerson", - GroupObjectClass: "groupOfNames", - BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - IDP: "https://localhost:9200", + URI: "ldaps://localhost:9235", + CACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), + Insecure: false, + UserBaseDN: "ou=users,o=libregraph-idm", + GroupBaseDN: "ou=groups,o=libregraph-idm", + UserScope: "sub", + GroupScope: "sub", + UserSubstringFilterType: "initial", + UserFilter: "", + GroupFilter: "", + UserObjectClass: "inetOrgPerson", + GroupObjectClass: "groupOfNames", + BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", + IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", Mail: "mail", diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index 434daf23d37..187381c020f 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -52,20 +52,21 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} { return map[string]interface{}{ - "uri": cfg.URI, - "cacert": cfg.CACert, - "insecure": cfg.Insecure, - "bind_username": cfg.BindDN, - "bind_password": cfg.BindPassword, - "user_base_dn": cfg.UserBaseDN, - "group_base_dn": cfg.GroupBaseDN, - "user_scope": cfg.UserScope, - "group_scope": cfg.GroupScope, - "user_filter": cfg.UserFilter, - "group_filter": cfg.GroupFilter, - "user_objectclass": cfg.UserObjectClass, - "group_objectclass": cfg.GroupObjectClass, - "idp": cfg.IDP, + "uri": cfg.URI, + "cacert": cfg.CACert, + "insecure": cfg.Insecure, + "bind_username": cfg.BindDN, + "bind_password": cfg.BindPassword, + "user_base_dn": cfg.UserBaseDN, + "group_base_dn": cfg.GroupBaseDN, + "user_scope": cfg.UserScope, + "group_scope": cfg.GroupScope, + "user_substring_filter_type": cfg.UserSubstringFilterType, + "user_filter": cfg.UserFilter, + "group_filter": cfg.GroupFilter, + "user_objectclass": cfg.UserObjectClass, + "group_objectclass": cfg.GroupObjectClass, + "idp": cfg.IDP, "user_schema": map[string]interface{}{ "id": cfg.UserSchema.ID, "idIsOctetString": cfg.UserSchema.IDIsOctetString,