diff --git a/services/idm/README.md b/services/idm/README.md index 07988dd868..486c487ea5 100644 --- a/services/idm/README.md +++ b/services/idm/README.md @@ -1,9 +1,9 @@ # IDM -The IDM service provides a minimal LDAP Service, based on [Libregraph idm](https://github.com/libregraph/idm), for oCIS. It is started as part of the default configuration and serves as a central place for storing user and group information. +The IDM service provides a minimal LDAP Service, based on [Libregraph idm](https://github.com/libregraph/idm), for OpenCloud. It is started as part of the default configuration and serves as a central place for storing user and group information. -It is mainly targeted at small oCIS installations. For larger setups it is recommended to replace IDM with a “real” LDAP server or to switch to an external identity management solution. +It is mainly targeted at small OpenCloud installations. For larger setups it is recommended to replace IDM with a “real” LDAP server or to switch to an external identity management solution. -IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is `o=libregraph-idm`. IDM gives LDAP write permissions to a single user (DN: `uid=libregraph,ou=sysusers,o=libregraph-idm`). Any other authenticated user has read-only access. IDM stores its data in a boltdb file `idm/ocis.boltdb` inside the oCIS base data directory. +IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is `o=libregraph-idm`. IDM gives LDAP write permissions to a single user (DN: `uid=libregraph,ou=sysusers,o=libregraph-idm`). Any other authenticated user has read-only access. IDM stores its data in a boltdb file `idm/idm.boltdb` inside the OpenCloud base data directory. Note: IDM is limited in its functionality. It only supports a subset of the LDAP operations (namely `BIND`, `SEARCH`, `ADD`, `MODIFY`, `DELETE`). Also, IDM currently does not do any schema verification (like. structural vs. auxiliary object classes, require and option attributes, syntax checks, …). Therefore it is not meant as a general purpose LDAP server. diff --git a/services/idm/ldif/base.ldif.tmpl b/services/idm/ldif/base.ldif.tmpl index 5d8fb57917..5f9aa38863 100644 --- a/services/idm/ldif/base.ldif.tmpl +++ b/services/idm/ldif/base.ldif.tmpl @@ -28,7 +28,7 @@ givenName: Admin sn: Admin cn: admin displayName: Admin -description: An admin for this oCIS instance. +description: An admin for this OpenCloud instance. mail: admin@example.org ownCloudUUID: {{ .ID }} oCExternalIdentity: $ {{ .Issuer }} $ {{ .ID }} diff --git a/services/idm/pkg/command/resetpw.go b/services/idm/pkg/command/resetpw.go index 920c0254ba..8674fbb664 100644 --- a/services/idm/pkg/command/resetpw.go +++ b/services/idm/pkg/command/resetpw.go @@ -76,7 +76,7 @@ func resetPassword(_ context.Context, logger log.Logger, cfg *config.Config, use Timeout: 1 * time.Millisecond, } if err := bdb.Configure(servercfg.Logger, servercfg.LDAPBaseDN, servercfg.BoltDBFile, &opts); err != nil { - fmt.Fprintf(os.Stderr, "Failed to open database: '%s'. Please stop any running ocis/idm instance, as this tool requires exclusive access to the database.\n", err) + fmt.Fprintf(os.Stderr, "Failed to open database: '%s'. Please stop any running OpenCloud idm instance, as this tool requires exclusive access to the database.\n", err) return err } defer bdb.Close() diff --git a/services/idm/pkg/command/root.go b/services/idm/pkg/command/root.go index 7e6b19f266..8a84bf814a 100644 --- a/services/idm/pkg/command/root.go +++ b/services/idm/pkg/command/root.go @@ -23,11 +23,11 @@ func GetCommands(cfg *config.Config) cli.Commands { } } -// Execute is the entry point for the ocis-idm command. +// Execute is the entry point for the opencloud idm command. func Execute(cfg *config.Config) error { app := clihelper.DefaultApp(&cli.App{ Name: "idm", - Usage: "Embedded LDAP service for oCIS", + Usage: "Embedded LDAP service for OpenCloud", Commands: GetCommands(cfg), }) diff --git a/services/idm/pkg/command/server.go b/services/idm/pkg/command/server.go index 678844214c..1789ce98f3 100644 --- a/services/idm/pkg/command/server.go +++ b/services/idm/pkg/command/server.go @@ -153,7 +153,7 @@ func bootstrap(logger log.Logger, cfg *config.Config, srvcfg server.Config) erro if cfg.AdminUserID != "" { serviceUsers = append(serviceUsers, svcUser{ Name: "admin", - Password: cfg.ServiceUserPasswords.OcisAdmin, + Password: cfg.ServiceUserPasswords.OCAdmin, ID: cfg.AdminUserID, Issuer: cfg.DemoUsersIssuerUrl, }) diff --git a/services/idm/pkg/config/config.go b/services/idm/pkg/config/config.go index 0c5ff4f88a..5c46886319 100644 --- a/services/idm/pkg/config/config.go +++ b/services/idm/pkg/config/config.go @@ -34,8 +34,8 @@ type Settings struct { } type ServiceUserPasswords struct { - OcisAdmin string `yaml:"admin_password" env:"IDM_ADMIN_PASSWORD" desc:"Password to set for the oCIS 'admin' user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` - Idm string `yaml:"idm_password" env:"IDM_SVC_PASSWORD" desc:"Password to set for the 'idm' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` - Reva string `yaml:"reva_password" env:"IDM_REVASVC_PASSWORD" desc:"Password to set for the 'reva' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` - Idp string `yaml:"idp_password" env:"IDM_IDPSVC_PASSWORD" desc:"Password to set for the 'idp' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` + OCAdmin string `yaml:"admin_password" env:"IDM_ADMIN_PASSWORD" desc:"Password to set for the OpenCloud 'admin' user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` + Idm string `yaml:"idm_password" env:"IDM_SVC_PASSWORD" desc:"Password to set for the 'idm' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` + Reva string `yaml:"reva_password" env:"IDM_REVASVC_PASSWORD" desc:"Password to set for the 'reva' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` + Idp string `yaml:"idp_password" env:"IDM_IDPSVC_PASSWORD" desc:"Password to set for the 'idp' service user. Either cleartext or an argon2id hash." introductionVersion:"pre5.0"` } diff --git a/services/idm/pkg/config/defaults/defaultconfig.go b/services/idm/pkg/config/defaults/defaultconfig.go index 572b6ec290..b85c83fce0 100644 --- a/services/idm/pkg/config/defaults/defaultconfig.go +++ b/services/idm/pkg/config/defaults/defaultconfig.go @@ -33,7 +33,7 @@ func DefaultConfig() *config.Config { LDAPSAddr: "127.0.0.1:9235", Cert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), Key: path.Join(defaults.BaseDataPath(), "idm", "ldap.key"), - DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "ocis.boltdb"), + DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "idm.boltdb"), }, } } diff --git a/services/idm/pkg/config/parser/parse.go b/services/idm/pkg/config/parser/parse.go index 11e5ff20ff..79d9f5284d 100644 --- a/services/idm/pkg/config/parser/parse.go +++ b/services/idm/pkg/config/parser/parse.go @@ -41,7 +41,7 @@ func Validate(cfg *config.Config) error { return shared.MissingServiceUserPassword(cfg.Service.Name, "IDM") } - if cfg.AdminUserID != "" && cfg.ServiceUserPasswords.OcisAdmin == "" { + if cfg.AdminUserID != "" && cfg.ServiceUserPasswords.OCAdmin == "" { return shared.MissingServiceUserPassword(cfg.Service.Name, "admin") }