github.com/cs3org/reva/v2@v2.27.7/changelog/2.2.0_2022-04-12/ldap-config-rework.md

github.com/cs3org/reva/v2@v2.27.7/changelog/2.2.0_2022-04-12/ldap-config-rework.md (about)

     1  Enhancement: Rework LDAP configuration of user and group providers
     2  
     3  We reworked to LDAP configuration of the LDAP user and group provider to
     4  share a common configuration scheme. Additionally the LDAP configuration
     5  no longer relies on templating LDAP filters in the configuration which
     6  is error prone and can be confusing. Additionally the providers are now
     7  somewhat more flexible about the group membership schema. Instead of only
     8  supporting RFC2307 (posixGroup) style groups. It's now possible to also
     9  use standard LDAP groups (groupOfName/groupOfUniqueNames) which track
    10  group membership by DN instead of username (the behaviour is switched
    11  automatically depending on the group_objectclass setting).
    12  
    13  The new LDAP configuration basically looks this:
    14  
    15  ```ini
    16  [grpc.services.userprovider.drivers.ldap]
    17  uri="ldaps://localhost:636"
    18  insecure=true
    19  user_base_dn="ou=testusers,dc=owncloud,dc=com"
    20  group_base_dn="ou=testgroups,dc=owncloud,dc=com"
    21  user_filter=""
    22  user_objectclass="posixAccount"
    23  group_filter=""
    24  group_objectclass="posixGroup"
    25  bind_username="cn=admin,dc=owncloud,dc=com"
    26  bind_password="admin"
    27  idp="http://localhost:20080"
    28  
    29  [grpc.services.userprovider.drivers.ldap.user_schema]
    30  id="entryuuid"
    31  displayName="displayName"
    32  userName="cn"
    33  
    34  [grpc.services.userprovider.drivers.ldap.group_schema]
    35  id="entryuuid"
    36  displayName="cn"
    37  groupName="cn"
    38  member="memberUID"
    39  ```
    40  
    41  `uri` defines the LDAP URI of the destination Server
    42  
    43  `insecure` allows to disable TLS Certifictate Validation (for development setups)
    44  
    45  `user_base_dn`/`group_base_dn` define the search bases for users and groups
    46  
    47  `user_filter`/`group_filter` allow to define additional LDAP filter of users and groups.
    48  This could be e.g. `(objectclass=owncloud)` to match for an additional objectclass.
    49  
    50  `user_objectclass`/`group_objectclass` define the main objectclass of Users and Groups.
    51  These are used to construct the LDAP filters
    52  
    53  `bind_username`/`bind_password` contain the authentication information for the LDAP connections
    54  
    55  The `user_schema` and `group_schema` sections define the mapping from CS3
    56  user/group attributes to LDAP Attributes
    57  
    58  https://github.com/cs3org/reva/pull/2708
    59  https://github.com/cs3org/reva/issues/2122
    60  https://github.com/cs3org/reva/issues/2124