switch default config to idm

- The accounts and glauth service are turned off by default
- proxy is switch from "accounts" to "cs3" for the account backend
- The LDAP configuration (graph, idp, storage) of all services now
  points to idm instead of glauth

go.mod

@@ -41,7 +41,7 @@ require (
  github.com/grpc-ecosystem/grpc-gateway/v2 v2.8.0
  github.com/iancoleman/strcase v0.2.0
  github.com/justinas/alice v1.2.0
- github.com/libregraph/idm v0.3.1-0.20220309072604-7a05922a056f
+ github.com/libregraph/idm v0.3.1-0.20220315094434-e9a5cff3dd05
  github.com/libregraph/lico v0.54.0
  github.com/mennanov/fieldmask-utils v0.5.0
  github.com/mitchellh/mapstructure v1.4.3

graph/pkg/config/defaults/defaultconfig.go

@@ -33,15 +33,15 @@ func DefaultConfig() *config.Config {
  Insecure: false,
  },
  Identity: config.Identity{
- Backend: "cs3",
+ Backend: "ldap",
  LDAP: config.LDAP{
- URI: "ldap://localhost:9125",
- Insecure: false,
- BindDN: "",
- BindPassword: "",
+ URI: "ldaps://localhost:9235",
+ Insecure: true,
+ BindDN: "uid=libregraph,ou=sysusers,o=libregraph-idm",
+ BindPassword: "idm",
  UseServerUUID: false,
- WriteEnabled: false,
- UserBaseDN: "ou=users,dc=ocis,dc=test",
+ WriteEnabled: true,
+ UserBaseDN: "ou=users,o=libregraph-idm",
  UserSearchScope: "sub",
  UserFilter: "(objectClass=inetOrgPerson)",
  UserEmailAttribute: "mail",
@@ -50,7 +50,7 @@ func DefaultConfig() *config.Config {
  // FIXME: switch this to some more widely available attribute by default
  // ideally this needs to be constant for the lifetime of a users
  UserIDAttribute: "owncloudUUID",
- GroupBaseDN: "ou=groups,dc=ocis,dc=test",
+ GroupBaseDN: "ou=groups,o=libregraph-idm",
  GroupSearchScope: "sub",
  GroupFilter: "(objectclass=groupOfNames)",
  GroupNameAttribute: "cn",

idp/pkg/config/defaults/defaultconfig.go

@@ -42,7 +42,7 @@ func DefaultConfig() *config.Config {
  SignedOutURI: "",
  AuthorizationEndpointURI: "",
  EndsessionEndpointURI: "",
- Insecure: false,
+ Insecure: true,
  TrustedProxy: nil,
  AllowScope: nil,
  AllowClientGuests: false,
@@ -68,17 +68,17 @@ func DefaultConfig() *config.Config {
  DyamicClientSecretDurationSeconds: 0,
  },
  Ldap: config.Ldap{
- URI: "ldap://localhost:9125",
- BindDN: "cn=idp,ou=sysusers,dc=ocis,dc=test",
+ URI: "ldaps://localhost:9235",
+ BindDN: "uid=idp,ou=sysusers,o=libregraph-idm",
  BindPassword: "idp",
- BaseDN: "ou=users,dc=ocis,dc=test",
+ BaseDN: "ou=users,o=libregraph-idm",
  Scope: "sub",
- LoginAttribute: "cn",
+ LoginAttribute: "uid",
  EmailAttribute: "mail",
  NameAttribute: "sn",
  UUIDAttribute: "uid",
  UUIDAttributeType: "text",
- Filter: "(objectClass=posixaccount)",
+ Filter: "(objectClass=inetOrgPerson)",
  },
  }
 }

ocis/pkg/runtime/service/service.go

@@ -19,8 +19,6 @@ import (
  "github.com/mohae/deepcopy"
  "github.com/olekukonko/tablewriter"
 
- accounts "github.com/owncloud/ocis/accounts/pkg/command"
- glauth "github.com/owncloud/ocis/glauth/pkg/command"
  graphExplorer "github.com/owncloud/ocis/graph-explorer/pkg/command"
  graph "github.com/owncloud/ocis/graph/pkg/command"
  idm "github.com/owncloud/ocis/idm/pkg/command"
@@ -97,7 +95,6 @@ func NewService(options ...Option) (*Service, error) {
  s.ServicesRegistry["settings"] = settings.NewSutureService
  s.ServicesRegistry["nats"] = nats.NewSutureService
  s.ServicesRegistry["storage-metadata"] = storage.NewStorageMetadata
- s.ServicesRegistry["glauth"] = glauth.NewSutureService
  s.ServicesRegistry["graph"] = graph.NewSutureService
  s.ServicesRegistry["graph-explorer"] = graphExplorer.NewSutureService
  s.ServicesRegistry["idp"] = idp.NewSutureService
@@ -122,7 +119,6 @@ func NewService(options ...Option) (*Service, error) {
 
  // populate delayed services
  s.Delayed["storage-sharing"] = storage.NewSharing
- s.Delayed["accounts"] = accounts.NewSutureService
  s.Delayed["proxy"] = proxy.NewSutureService
 
  return s, nil

ocs/pkg/config/defaults/defaultconfig.go

@@ -41,7 +41,7 @@ func DefaultConfig() *config.Config {
  TokenManager: config.TokenManager{
  JWTSecret: "Pive-Fumkiu4",
  },
- AccountBackend: "accounts",
+ AccountBackend: "cs3",
  Reva: config.Reva{
  Address: "127.0.0.1:9142",
  },

ocs/pkg/service/v0/users.go

@@ -230,7 +230,9 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) {
  Account: newAccount,
  })
  case "cs3":
- o.logger.Fatal().Msg("cs3 backend doesn't support adding users")
+ o.logger.Error().Msg("cs3 backend doesn't support adding users")
+ o.mustRender(w, r, response.ErrRender(data.MetaServerError.StatusCode, "cs3 backend doesn't support adding users"))
+ return
  default:
  o.logger.Fatal().Msgf("Invalid accounts backend type '%s'", o.config.AccountBackend)
  }
@@ -293,7 +295,9 @@ func (o Ocs) EditUser(w http.ResponseWriter, r *http.Request) {
  case "accounts":
  account, err = o.fetchAccountByUsername(r.Context(), userid)
  case "cs3":
- o.logger.Fatal().Msg("cs3 backend doesn't support editing users")
+ o.mustRender(w, r, response.ErrRender(data.MetaServerError.StatusCode, "cs3 backend doesn't support editing users"))
+ o.logger.Error().Msg("cs3 backend doesn't support editing users")
+ return
  default:
  o.logger.Fatal().Msgf("Invalid accounts backend type '%s'", o.config.AccountBackend)
  }

proxy/pkg/config/defaults/defaultconfig.go

@@ -45,7 +45,7 @@ func DefaultConfig() *config.Config {
  AllowedHTTPMethods: []string{"GET"},
  Enabled: true,
  },
- AccountBackend: "accounts",
+ AccountBackend: "cs3",
  UserOIDCClaim: "email",
  UserCS3Claim: "mail",
  MachineAuthAPIKey: "change-me-please",

storage/pkg/config/defaults/defaultconfig.go

@@ -42,33 +42,33 @@ func DefaultConfig() *config.Config {
  IDClaim: "preferred_username",
  },
  LDAP: config.LDAP{
- Hostname: "localhost",
- Port: 9126,
- CACert: path.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
+ Hostname: "127.0.0.1",
+ Port: 9235,
+ CACert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
  Insecure: false,
- BaseDN: "dc=ocis,dc=test",
- LoginFilter: "(&(objectclass=posixAccount)(|(cn={{login}})(mail={{login}})))",
- UserFilter: "(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))",
- UserAttributeFilter: "(&(objectclass=posixAccount)({{attr}}={{value}}))",
- UserFindFilter: "(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))",
+ BaseDN: "o=libregraph-idm",
+ LoginFilter: "(&(objectclass=inetOrgPerson)(|(uid={{login}})(mail={{login}})))",
+ UserFilter: "(&(objectclass=inetOrgPerson)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))",
+ UserAttributeFilter: "(&(objectclass=inetOrgPerson)({{attr}}={{value}}))",
+ UserFindFilter: "(&(objectclass=inetOrgPerson)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))",
  UserGroupFilter: "(&(objectclass=posixGroup)(cn={{query}}*))",
  GroupFilter: "(&(objectclass=posixGroup)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))",
  GroupAttributeFilter: "(&(objectclass=posixGroup)({{attr}}={{value}}))",
  GroupFindFilter: "(&(objectclass=posixGroup)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))",
- GroupMemberFilter: "(&(objectclass=posixAccount)(ownclouduuid={{.OpaqueId}}*))",
- BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test",
+ GroupMemberFilter: "(&(objectclass=inetOrgPerson)(ownclouduuid={{.OpaqueId}}*))",
+ BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
  BindPassword: "reva",
  IDP: defaultPublicURL,
  UserSchema: config.LDAPUserSchema{
  UID: "ownclouduuid",
  Mail: "mail",
  DisplayName: "displayname",
- CN: "cn",
+ CN: "uid",
  UIDNumber: "uidnumber",
  GIDNumber: "gidnumber",
  },
  GroupSchema: config.LDAPGroupSchema{
- GID: "cn",
+ GID: "ownclouduuid",
  Mail: "mail",
  DisplayName: "cn",
  CN: "cn",