Graph Service Configuration

Introduction

The Infinite Scale Graph service provides a simple graph world API which can be used by clients or other services or extensions.

Default Values

  • Graph listens on port 9120 by default.

Manual Filters

Using the API, you can manually filter like for users. See the Libre Graph API for examples in the developer documentation. Note that you can use and and or to refine results.

Sequence Diagram

The following image gives an overview of the scenario when a client requests to list available spaces the user has access to. To do so, the client is directed with his request automatically via the proxy service to the graph service.

mermaid graph

Configuration

Environment Variables

The graph service is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the graph service
Name Type Default Value Description

OCIS_TRACING_ENABLED
GRAPH_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
GRAPH_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
GRAPH_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
GRAPH_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
GRAPH_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
GRAPH_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
GRAPH_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
GRAPH_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCIS_CACHE_STORE
GRAPH_CACHE_STORE
OCIS_CACHE_STORE_TYPE
GRAPH_CACHE_STORE_TYPE

string

memory

The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.

OCIS_CACHE_STORE_NODES
GRAPH_CACHE_STORE_NODES
OCIS_CACHE_STORE_ADDRESSES
GRAPH_CACHE_STORE_ADDRESSES

[]string

[]

A comma-separated list of nodes to connect to. This has no effect when 'in-memory' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.

GRAPH_CACHE_STORE_DATABASE

string

graph

The database name the configured store should use.

GRAPH_CACHE_STORE_TABLE

string

roles

The database table the store should use.

OCIS_CACHE_STORE_TTL
GRAPH_CACHE_STORE_TTL

Duration

336h0m0s

Time to live for cache records in the graph. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '336h' (2 weeks).

OCIS_CACHE_STORE_SIZE
GRAPH_CACHE_STORE_SIZE

int

0

The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512.

GRAPH_DEBUG_ADDR

string

127.0.0.1:9124

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

GRAPH_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

GRAPH_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

GRAPH_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

GRAPH_HTTP_ADDR

string

127.0.0.1:9120

The bind address of the HTTP service.

GRAPH_HTTP_ROOT

string

/graph

Subdirectory that serves as the root for this HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

GRAPH_HTTP_API_TOKEN

string

An optional API bearer token

GRAPH_GROUP_MEMBERS_PATCH_LIMIT

int

20

The amount of group members allowed to be added with a single patch request.

GRAPH_USERNAME_MATCH

string

default

Option to allow legacy usernames. Supported options are 'default' and 'none'.

GRAPH_ASSIGN_DEFAULT_USER_ROLE

bool

true

Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_JWT_SECRET
GRAPH_JWT_SECRET

string

The secret to mint and validate jwt tokens.

GRAPH_APPLICATION_ID

string

The ocis application id shown in the graph. All app roles are tied to this.

GRAPH_APPLICATION_DISPLAYNAME

string

ownCloud Infinite Scale

The oCIS application name

OCIS_URL
GRAPH_SPACES_WEBDAV_BASE

string

https://localhost:9200

The public facing URL of WebDAV.

GRAPH_SPACES_WEBDAV_PATH

string

/dav/spaces/

The WebDAV subpath for spaces.

GRAPH_SPACES_DEFAULT_QUOTA

string

1000000000

The default quota in bytes.

GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL

int

0

Max TTL in seconds for the spaces property cache.

GRAPH_SPACES_USERS_CACHE_TTL

int

1800000000000

Max TTL in seconds for the spaces users cache.

GRAPH_SPACES_GROUPS_CACHE_TTL

int

1800000000000

Max TTL in seconds for the spaces groups cache.

GRAPH_IDENTITY_BACKEND

string

ldap

The user identity backend to use. Supported backend types are 'ldap' and 'cs3'.

LDAP_URI
GRAPH_LDAP_URI

string

ldaps://localhost:9235

URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'

LDAP_CACERT
GRAPH_LDAP_CACERT

string

~/.ocis/idm/ldap.crt

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm.

LDAP_INSECURE
GRAPH_LDAP_INSECURE

bool

false

Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.

LDAP_BIND_DN
GRAPH_LDAP_BIND_DN

string

uid=libregraph,ou=sysusers,o=libregraph-idm

LDAP DN to use for simple bind authentication with the target LDAP server.

LDAP_BIND_PASSWORD
GRAPH_LDAP_BIND_PASSWORD

string

Password to use for authenticating the 'bind_dn'.

GRAPH_LDAP_SERVER_UUID

bool

false

If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.

GRAPH_LDAP_SERVER_USE_PASSWORD_MODIFY_EXOP

bool

true

User the Password Modify Extended Operation for updating user passwords.

GRAPH_LDAP_SERVER_WRITE_ENABLED

bool

true

Allow to create, modify and delete LDAP users via GRAPH API. This is only works when the default Schema is used.

GRAPH_LDAP_REFINT_ENABLED

bool

false

Signals that the server has the refint plugin enabled, which makes some actions not needed.

LDAP_USER_BASE_DN
GRAPH_LDAP_USER_BASE_DN

string

ou=users,o=libregraph-idm

Search base DN for looking up LDAP users.

LDAP_USER_SCOPE
GRAPH_LDAP_USER_SCOPE

string

sub

LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.

LDAP_USER_FILTER
GRAPH_LDAP_USER_FILTER

string

LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.

LDAP_USER_OBJECTCLASS
GRAPH_LDAP_USER_OBJECTCLASS

string

inetOrgPerson

The object class to use for users in the default user search filter ('inetOrgPerson').

LDAP_USER_SCHEMA_MAIL
GRAPH_LDAP_USER_EMAIL_ATTRIBUTE

string

mail

LDAP Attribute to use for the email address of users.

LDAP_USER_SCHEMA_DISPLAY_NAME
GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE

string

displayName

LDAP Attribute to use for the displayname of users.

LDAP_USER_SCHEMA_USERNAME
GRAPH_LDAP_USER_NAME_ATTRIBUTE

string

uid

LDAP Attribute to use for username of users.

LDAP_USER_SCHEMA_ID
GRAPH_LDAP_USER_UID_ATTRIBUTE

string

owncloudUUID

LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.

LDAP_USER_SCHEMA_USER_TYPE
GRAPH_LDAP_USER_TYPE_ATTRIBUTE

string

ownCloudUserType

LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'.

LDAP_USER_ENABLED_ATTRIBUTE
GRAPH_USER_ENABLED_ATTRIBUTE

string

ownCloudUserEnabled

LDAP Attribute to use as a flag telling if the user is enabled or disabled.

LDAP_DISABLE_USER_MECHANISM
GRAPH_DISABLE_USER_MECHANISM

string

attribute

An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.

LDAP_DISABLED_USERS_GROUP_DN
GRAPH_DISABLED_USERS_GROUP_DN

string

cn=DisabledUsersGroup,ou=groups,o=libregraph-idm

The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.

LDAP_GROUP_BASE_DN
GRAPH_LDAP_GROUP_BASE_DN

string

ou=groups,o=libregraph-idm

Search base DN for looking up LDAP groups.

LDAP_GROUP_SCOPE
GRAPH_LDAP_GROUP_SEARCH_SCOPE

string

sub

LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.

LDAP_GROUP_FILTER
GRAPH_LDAP_GROUP_FILTER

string

LDAP filter to add to the default filters for group searches.

LDAP_GROUP_OBJECTCLASS
GRAPH_LDAP_GROUP_OBJECTCLASS

string

groupOfNames

The object class to use for groups in the default group search filter ('groupOfNames').

LDAP_GROUP_SCHEMA_GROUPNAME
GRAPH_LDAP_GROUP_NAME_ATTRIBUTE

string

cn

LDAP Attribute to use for the name of groups.

LDAP_GROUP_SCHEMA_ID
GRAPH_LDAP_GROUP_ID_ATTRIBUTE

string

owncloudUUID

LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.

LDAP_EDUCATION_RESOURCES_ENABLED
GRAPH_LDAP_EDUCATION_RESOURCES_ENABLED

bool

false

Enable LDAP support for managing education related resources

LDAP_SCHOOL_BASE_DN
GRAPH_LDAP_SCHOOL_BASE_DN

string

Search base DN for looking up LDAP schools.

LDAP_SCHOOL_SCOPE
GRAPH_LDAP_SCHOOL_SEARCH_SCOPE

string

LDAP search scope to use when looking up schools. Supported scopes are 'base', 'one' and 'sub'.

LDAP_SCHOOL_FILTER
GRAPH_LDAP_SCHOOL_FILTER

string

LDAP filter to add to the default filters for school searches.

LDAP_SCHOOL_OBJECTCLASS
GRAPH_LDAP_SCHOOL_OBJECTCLASS

string

The object class to use for schools in the default school search filter.

LDAP_SCHOOL_SCHEMA_SCHOOL_NAME
GRAPH_LDAP_SCHOOL_NAME_ATTRIBUTE

string

LDAP Attribute to use for the name of a school.

LDAP_SCHOOL_SCHEMA_SCHOOL_NUMBER
GRAPH_LDAP_SCHOOL_NUMBER_ATTRIBUTE

string

LDAP Attribute to use for the number of a school.

LDAP_SCHOOL_SCHEMA_ID
GRAPH_LDAP_SCHOOL_ID_ATTRIBUTE

string

LDAP Attribute to use as the unique id for schools. This should be a stable globally unique ID like a UUID.

GRAPH_EVENTS_ENDPOINT

string

127.0.0.1:9233

The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.

GRAPH_EVENTS_CLUSTER

string

ocis-cluster

The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.

OCIS_INSECURE
GRAPH_EVENTS_TLS_INSECURE

bool

false

Whether to verify the server TLS certificates.

GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE

string

The root CA certificate used to validate the server’s TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.

OCIS_EVENTS_ENABLE_TLS
GRAPH_EVENTS_ENABLE_TLS

bool

false

Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..

Environment variables for the graph service
Name Type Default Value Description

OCIS_TRACING_ENABLED
GRAPH_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
GRAPH_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
GRAPH_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
GRAPH_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
GRAPH_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
GRAPH_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
GRAPH_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
GRAPH_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCIS_CACHE_STORE_TYPE
GRAPH_CACHE_STORE_TYPE

string

The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory"

OCIS_CACHE_STORE_ADDRESS
GRAPH_CACHE_STORE_ADDRESS

string

A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd"

OCIS_CACHE_STORE_SIZE
GRAPH_CACHE_STORE_SIZE

int

0

Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely.

GRAPH_DEBUG_ADDR

string

127.0.0.1:9124

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

GRAPH_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

GRAPH_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

GRAPH_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

GRAPH_HTTP_ADDR

string

127.0.0.1:9120

The bind address of the HTTP service.

GRAPH_HTTP_ROOT

string

/graph

Subdirectory that serves as the root for this HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_JWT_SECRET
GRAPH_JWT_SECRET

string

The secret to mint and validate jwt tokens.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_URL
GRAPH_SPACES_WEBDAV_BASE

string

https://localhost:9200

The public facing URL of WebDAV.

GRAPH_SPACES_WEBDAV_PATH

string

/dav/spaces/

The WebDAV subpath for spaces.

GRAPH_SPACES_DEFAULT_QUOTA

string

1000000000

The default quota in bytes.

GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL

int

0

Max TTL in seconds for the spaces property cache.

GRAPH_IDENTITY_BACKEND

string

ldap

The user identity backend to use. Supported backend types are 'ldap' and 'cs3'.

LDAP_URI
GRAPH_LDAP_URI

string

ldaps://localhost:9235

URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'

LDAP_CACERT
GRAPH_LDAP_CACERT

string

~/.ocis/idm/ldap.crt

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm.

LDAP_INSECURE
GRAPH_LDAP_INSECURE

bool

false

Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.

LDAP_BIND_DN
GRAPH_LDAP_BIND_DN

string

uid=libregraph,ou=sysusers,o=libregraph-idm

LDAP DN to use for simple bind authentication with the target LDAP server.

LDAP_BIND_PASSWORD
GRAPH_LDAP_BIND_PASSWORD

string

Password to use for authenticating the 'bind_dn'.

GRAPH_LDAP_SERVER_UUID

bool

false

If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.

GRAPH_LDAP_SERVER_USE_PASSWORD_MODIFY_EXOP

bool

true

User the Password Modify Extended Operation for updating user passwords.

GRAPH_LDAP_SERVER_WRITE_ENABLED

bool

true

Allow to create, modify and delete LDAP users via GRAPH API. This is only works when the default Schema is used.

LDAP_USER_BASE_DN
GRAPH_LDAP_USER_BASE_DN

string

ou=users,o=libregraph-idm

Search base DN for looking up LDAP users.

LDAP_USER_SCOPE
GRAPH_LDAP_USER_SCOPE

string

sub

LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.

LDAP_USER_FILTER
GRAPH_LDAP_USER_FILTER

string

LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.

LDAP_USER_OBJECTCLASS
GRAPH_LDAP_USER_OBJECTCLASS

string

inetOrgPerson

The object class to use for users in the default user search filter ('inetOrgPerson').

LDAP_USER_SCHEMA_MAIL
GRAPH_LDAP_USER_EMAIL_ATTRIBUTE

string

mail

LDAP Attribute to use for the email address of users.

LDAP_USER_SCHEMA_DISPLAY_NAME
GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE

string

displayName

LDAP Attribute to use for the displayname of users.

LDAP_USER_SCHEMA_USERNAME
GRAPH_LDAP_USER_NAME_ATTRIBUTE

string

uid

LDAP Attribute to use for username of users.

LDAP_USER_SCHEMA_ID
GRAPH_LDAP_USER_UID_ATTRIBUTE

string

owncloudUUID

LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.

LDAP_GROUP_BASE_DN
GRAPH_LDAP_GROUP_BASE_DN

string

ou=groups,o=libregraph-idm

Search base DN for looking up LDAP groups.

LDAP_GROUP_SCOPE
GRAPH_LDAP_GROUP_SEARCH_SCOPE

string

sub

LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.

LDAP_GROUP_FILTER
GRAPH_LDAP_GROUP_FILTER

string

LDAP filter to add to the default filters for group searches.

LDAP_GROUP_OBJECTCLASS
GRAPH_LDAP_GROUP_OBJECTCLASS

string

groupOfNames

The object class to use for groups in the default group search filter ('groupOfNames').

LDAP_GROUP_SCHEMA_GROUPNAME
GRAPH_LDAP_GROUP_NAME_ATTRIBUTE

string

cn

LDAP Attribute to use for the name of groups.

LDAP_GROUP_SCHEMA_ID
GRAPH_LDAP_GROUP_ID_ATTRIBUTE

string

owncloudUUID

LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.

GRAPH_EVENTS_ENDPOINT

string

127.0.0.1:9233

The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.

GRAPH_EVENTS_CLUSTER

string

ocis-cluster

The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.

OCIS_INSECURE
GRAPH_EVENTS_TLS_INSECURE

bool

false

Whether to verify the server TLS certificates.

GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE

string

The root CA certificate used to validate the server’s TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.

OCIS_EVENTS_ENABLE_TLS
GRAPH_EVENTS_ENABLE_TLS

bool

false

Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

  • latest

  • 2.0.0

# Autogenerated
# Filename: graph-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
cache:
  store: memory
  nodes: []
  database: graph
  table: roles
  ttl: 336h0m0s
  size: 0
debug:
  addr: 127.0.0.1:9124
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9120
  root: /graph
  tls:
    enabled: false
    cert: ""
    key: ""
  apitoken: ""
api:
  group_members_patch_limit: 20
  graph_username_match: default
  graph_assign_default_user_role: true
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
token_manager:
  jwt_secret: ""
grpc_client_tls: null
application:
  id: ""
  displayname: ownCloud Infinite Scale
spaces:
  webdav_base: https://localhost:9200
  webdav_path: /dav/spaces/
  default_quota: "1000000000"
  extended_space_properties_cache_ttl: 0
  users_cache_ttl: 1800000000000
  groups_cache_ttl: 1800000000000
identity:
  backend: ldap
  ldap:
    uri: ldaps://localhost:9235
    cacert: ~/.ocis/idm/ldap.crt
    insecure: false
    bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm
    bind_password: ""
    use_server_uuid: false
    use_password_modify_exop: true
    write_enabled: true
    refint_enabled: false
    user_base_dn: ou=users,o=libregraph-idm
    user_search_scope: sub
    user_filter: ""
    user_objectclass: inetOrgPerson
    user_mail_attribute: mail
    user_displayname_attribute: displayName
    user_name_attribute: uid
    user_id_attribute: owncloudUUID
    user_type_attribute: ownCloudUserType
    user_enabled_attribute: ownCloudUserEnabled
    disable_user_mechanism: attribute
    ldap_disabled_users_group_dn: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm
    group_base_dn: ou=groups,o=libregraph-idm
    group_search_scope: sub
    group_filter: ""
    group_objectclass: groupOfNames
    group_name_attribute: cn
    group_id_attribute: owncloudUUID
    education_resources_enabled: false
    educationconfig:
      school_base_dn: ""
      school_search_scope: ""
      school_filter: ""
      school_objectclass: ""
      school_name_attribute: ""
      school_number_attribute: ""
      school_id_attribute: ""
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
# Autogenerated
# Filename: graph-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
cache_store:
  type: ""
  address: ""
  size: 0
debug:
  addr: 127.0.0.1:9124
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9120
  root: /graph
  tls:
    enabled: false
    cert: ""
    key: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
token_manager:
  jwt_secret: ""
grpc_client_tls:
  mode: ""
  cacert: ""
spaces:
  webdav_base: https://localhost:9200
  webdav_path: /dav/spaces/
  default_quota: "1000000000"
  extended_space_properties_cache_ttl: 0
identity:
  backend: ldap
  ldap:
    uri: ldaps://localhost:9235
    cacert: ~/.ocis/idm/ldap.crt
    insecure: false
    bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm
    bind_password: ""
    use_server_uuid: false
    use_password_modify_exop: true
    write_enabled: true
    user_base_dn: ou=users,o=libregraph-idm
    user_search_scope: sub
    user_filter: ""
    user_objectclass: inetOrgPerson
    user_mail_attribute: mail
    user_displayname_attribute: displayName
    user_name_attribute: uid
    user_id_attribute: owncloudUUID
    group_base_dn: ou=groups,o=libregraph-idm
    group_search_scope: sub
    group_filter: ""
    group_objectclass: groupOfNames
    group_name_attribute: cn
    group_id_attribute: owncloudUUID
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false