Users Configuration
Introduction
The Infinite Scale User extension provides …
Extensions are under development because of the  stage of Infinite Scale. Their service, environment variables and configuration may change. Forgive us if there are mistakes or information is missing. Feel free to report issues and we’ll take care of them as soon as possible on github. You want to fix them yourself? We’d appreciate that even more.
|
Configuration
Environment Variables
The users extension is configured via the following environment variables:
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
The sampler type: remote, const, probabilistic, ratelimiting (default remote). See also https://www.jaegertracing.io/docs/latest/sampling/. |
|
|
string |
The endpoint to the tracing collector. |
|
|
string |
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. If specified, the tracing endpoint is ignored. |
|
|
string |
The log level. |
|
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
The target log file. |
|
|
string |
127.0.0.1:9145 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
Token to secure the metrics endpoint |
|
|
bool |
false |
Enables pprof, which can be used for profiling |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing traces in-me |
|
string |
127.0.0.1:9144 |
The address of the grpc service. |
|
string |
tcp |
The transport protocol of the grpc service. |
|
string |
||
|
string |
127.0.0.1:9142 |
|
|
bool |
false |
Disables the encoding of the user’s groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups. |
|
string |
ldaps://localhost:9235 |
URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' |
|
string |
~/.ocis/idm/ldap.crt |
Path to a CA certificate file for validating the LDAP server’s TLS certificate. If empty the system default CA bundle will be used. |
|
bool |
false |
Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. |
|
string |
uid=reva,ou=sysusers,o=libregraph-idm |
LDAP DN to use for simple bind authentication with the target LDAP server. |
|
string |
Password to use for authenticating the 'bind_dn'. |
|
|
string |
ou=users,o=libregraph-idm |
Search base DN for looking up LDAP users. |
|
string |
ou=groups,o=libregraph-idm |
Search base DN for looking up LDAP groups. |
|
string |
sub |
LDAP search scope to use when looking up users ('base', 'one', 'sub'). |
|
string |
sub |
LDAP search scope to use when looking up gruops ('base', 'one', 'sub'). |
|
string |
LDAP filter to add to the default filters for user search (e.g. '(objectclass=ownCloud)'). |
|
|
string |
LDAP filter to add to the default filters for group searches. |
|
|
string |
inetOrgPerson |
The object class to use for users in the default user search filter ('inetOrgPerson'). |
|
string |
groupOfNames |
The object class to use for groups in the default group search filter ('groupOfNames'). |
|
string |
https://localhost:9200 |
The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. |
|
string |
ownclouduuid |
LDAP Attribute to use as the unique id for users. This should be a stable globally unique id (e.g. a UUID). |
|
bool |
false |
Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ids. |
|
string |
LDAP Attribute to use for the email address of users. |
|
|
string |
displayname |
LDAP Attribute to use for the displayname of users. |
|
string |
uid |
LDAP Attribute to use for username of users. |
|
string |
ownclouduuid |
LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID). |
|
bool |
false |
Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ids. |
|
string |
LDAP Attribute to use for the email address of groups (can be empty). |
|
|
string |
cn |
LDAP Attribute to use for the displayname of groups (often the same as groupname attribute) |
|
string |
cn |
LDAP Attribute to use for the name of groups |
|
string |
member |
LDAP Attribute that is used for group members. |
|
string |
owncloud |
Database user to use for authenticating with the owncloud database. |
|
string |
secret |
Password for the database user. |
|
string |
mysql |
Hostname of the database server. |
|
int |
3306 |
Network port to use for the database connection. |
|
string |
owncloud |
Name of the owncloud database. |
|
string |
https://localhost:9200 |
The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. |
|
int64 |
90 |
|
|
bool |
false |
Join the user properties table to read usernames |
|
bool |
false |
Join the user properties table to read user ids (boolean). |
|
bool |
false |
Allow 'medial search' when searching for users instead of just doing a prefix search. (Allows finding 'Alice' when searching for 'lic'.) |
Since Version: + added, - deprecated
YAML Example
# Autogenerated
# Filename: users-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9145
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9144
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: 127.0.0.1:9142
skip_user_groups_in_token: false
driver: ldap
drivers:
ldap:
uri: ldaps://localhost:9235
ca_cert: ~/.ocis/idm/ldap.crt
insecure: false
bind_dn: uid=reva,ou=sysusers,o=libregraph-idm
bind_password: ""
user_base_dn: ou=users,o=libregraph-idm
group_base_dn: ou=groups,o=libregraph-idm
user_scope: sub
group_scope: sub
user_filter: ""
group_filter: ""
user_object_class: inetOrgPerson
group_object_class: groupOfNames
idp: https://localhost:9200
user_schema:
id: ownclouduuid
id_is_octet_string: false
mail: mail
display_name: displayname
user_name: uid
group_schema:
id: ownclouduuid
id_is_octet_string: false
mail: mail
display_name: cn
group_name: cn
member: member
owncloudsql:
db_username: owncloud
db_password: secret
db_host: mysql
db_port: 3306
db_name: owncloud
idp: https://localhost:9200
nobody: 90
join_username: false
join_owncloud_uuid: false
enable_medial_search: false