diff --git a/deployments/examples/shared/config/ldap/schemas/10_opencloud_schema.ldif b/deployments/examples/shared/config/ldap/schemas/10_opencloud_schema.ldif new file mode 100644 index 0000000000..faf2404077 --- /dev/null +++ b/deployments/examples/shared/config/ldap/schemas/10_opencloud_schema.ldif @@ -0,0 +1,39 @@ +# This LDIF files describes the OpenCloud schema +dn: cn=opencloud,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: opencloud +olcObjectIdentifier: openCloudOid 1.3.6.1.4.1.63016 +# We'll use openCloudOid:1 subarc for LDAP related stuff +# openCloudOid:1.1 for AttributeTypes and openCloudOid:1.2 for ObjectClasses +olcAttributeTypes: ( openCloudOid:1.1.1 NAME 'openCloudUUID' + DESC 'A non-reassignable and persistent account ID)' + EQUALITY uuidMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) +olcAttributeTypes: ( openCloudOid:1.1.2 NAME 'openCloudExternalIdentity' + DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( openCloudOid:1.1.3 NAME 'openCloudUserEnabled' + DESC 'A boolean value indicating if the user is enabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE) +olcAttributeTypes: ( openCloudOid:1.1.4 NAME 'openCloudUserType' + DESC 'User type (e.g. Member or Guest)' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: ( openCloudOid:1.1.5 NAME 'openCloudLastSignInTimestamp' + DESC 'The timestamp of the last sign-in' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +olcObjectClasses: ( openCloudOid:1.2.1 NAME 'openCloudObject' + DESC 'OpenCloud base objectclass' + AUXILIARY + MAY ( openCloudUUID ) ) +olcObjectClasses: ( openCloudOid:1.2.2 NAME 'openCloudUser' + DESC 'OpenCloud User objectclass' + SUP openCloudObject + AUXILIARY + MAY ( openCloudExternalIdentity $ openCloudUserEnabled $ openCloudUserType $ openCloudLastSignInTimestamp) ) diff --git a/pkg/oidc/claims.go b/pkg/oidc/claims.go index e9050d56ff..3a5221ec96 100644 --- a/pkg/oidc/claims.go +++ b/pkg/oidc/claims.go @@ -14,7 +14,7 @@ const ( UIDNumber = "uidnumber" GIDNumber = "gidnumber" Groups = "groups" - OwncloudUUID = "ownclouduuid" + OpenCloudUUID = "openclouduuid" OpenCloudRoutingPolicy = "opencloud.routing.policy" ) diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index 61d7c6f5de..1d4d421076 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -70,7 +70,7 @@ type LDAPProvider struct { GroupBaseDN string `yaml:"group_base_dn" env:"OC_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN" desc:"Search base DN for looking up LDAP groups." introductionVersion:"pre5.0"` UserScope string `yaml:"user_scope" env:"OC_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` GroupScope string `yaml:"group_scope" env:"OC_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` - UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'." introductionVersion:"pre5.0"` + UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'." introductionVersion:"pre5.0"` GroupFilter string `yaml:"group_filter" env:"OC_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches." introductionVersion:"pre5.0"` UserObjectClass string `yaml:"user_object_class" env:"OC_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')." introductionVersion:"pre5.0"` GroupObjectClass string `yaml:"group_object_class" env:"OC_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')." introductionVersion:"pre5.0"` diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index b5828bd715..65b805c2bd 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -55,14 +55,14 @@ func DefaultConfig() *config.Config { LdapDisabledUsersGroupDN: "cn=DisabledUsersGroup,ou=groups,o=libregraph-idm", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ - ID: "ownclouduuid", + ID: "openCloudUUID", Mail: "mail", DisplayName: "displayname", Username: "uid", - Enabled: "ownCloudUserEnabled", + Enabled: "openCloudUserEnabled", }, GroupSchema: config.LDAPGroupSchema{ - ID: "ownclouduuid", + ID: "openCloudUUID", Mail: "mail", DisplayName: "cn", Groupname: "cn", diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 6a628581fd..fabc51b998 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -64,14 +64,14 @@ type LDAP struct { UserBaseDN string `yaml:"user_base_dn" env:"OC_LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN" desc:"Search base DN for looking up LDAP users." introductionVersion:"pre5.0"` UserSearchScope string `yaml:"user_search_scope" env:"OC_LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` - UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'." introductionVersion:"pre5.0"` + UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'." introductionVersion:"pre5.0"` UserObjectClass string `yaml:"user_objectclass" env:"OC_LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')." introductionVersion:"pre5.0"` UserEmailAttribute string `yaml:"user_mail_attribute" env:"OC_LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE" desc:"LDAP Attribute to use for the email address of users." introductionVersion:"pre5.0"` UserDisplayNameAttribute string `yaml:"user_displayname_attribute" env:"OC_LDAP_USER_SCHEMA_DISPLAYNAME;LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE" desc:"LDAP Attribute to use for the display name of users." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency" deprecationReplacement:"OC_LDAP_USER_SCHEMA_DISPLAYNAME"` UserNameAttribute string `yaml:"user_name_attribute" env:"OC_LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE" desc:"LDAP Attribute to use for username of users." introductionVersion:"pre5.0"` UserIDAttribute string `yaml:"user_id_attribute" env:"OC_LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE" desc:"LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID." introductionVersion:"pre5.0"` UserIDIsOctetString bool `yaml:"user_id_is_octet_string" env:"OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GRAPH_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING" desc:"Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID's." introductionVersion:"pre5.0"` - UserTypeAttribute string `yaml:"user_type_attribute" env:"OC_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE" desc:"LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'." introductionVersion:"pre5.0"` + UserTypeAttribute string `yaml:"user_type_attribute" env:"OC_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE" desc:"LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'." introductionVersion:"pre5.0"` UserEnabledAttribute string `yaml:"user_enabled_attribute" env:"OC_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE" desc:"LDAP Attribute to use as a flag telling if the user is enabled or disabled." introductionVersion:"pre5.0"` DisableUserMechanism string `yaml:"disable_user_mechanism" env:"OC_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM" desc:"An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'." introductionVersion:"pre5.0"` LdapDisabledUsersGroupDN string `yaml:"ldap_disabled_users_group_dn" env:"OC_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN" desc:"The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'." introductionVersion:"pre5.0"` diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 31b4d8db81..62985ccbe0 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -95,9 +95,9 @@ func DefaultConfig() *config.Config { UserNameAttribute: "uid", // FIXME: switch this to some more widely available attribute by default // ideally this needs to be constant for the lifetime of a users - UserIDAttribute: "owncloudUUID", - UserTypeAttribute: "ownCloudUserType", - UserEnabledAttribute: "ownCloudUserEnabled", + UserIDAttribute: "openCloudUUID", + UserTypeAttribute: "openCloudUserType", + UserEnabledAttribute: "openCloudUserEnabled", DisableUserMechanism: "attribute", LdapDisabledUsersGroupDN: "cn=DisabledUsersGroup,ou=groups,o=libregraph-idm", GroupBaseDN: "ou=groups,o=libregraph-idm", @@ -106,7 +106,7 @@ func DefaultConfig() *config.Config { GroupObjectClass: "groupOfNames", GroupNameAttribute: "cn", GroupMemberAttribute: "member", - GroupIDAttribute: "owncloudUUID", + GroupIDAttribute: "openCloudUUID", EducationResourcesEnabled: false, }, }, diff --git a/services/graph/pkg/identity/ldap.go b/services/graph/pkg/identity/ldap.go index 490d4ca426..7656dcf2a2 100644 --- a/services/graph/pkg/identity/ldap.go +++ b/services/graph/pkg/identity/ldap.go @@ -24,8 +24,8 @@ import ( const ( givenNameAttribute = "givenname" surNameAttribute = "sn" - identitiesAttribute = "oCExternalIdentity" - lastSignAttribute = "oCLastSignInTimestamp" + identitiesAttribute = "openCloudExternalIdentity" + lastSignAttribute = "openCloudLastSignInTimestamp" ldapDateFormat = "20060102150405Z0700" ) @@ -884,7 +884,7 @@ func (i *LDAP) userToLDAPAttrValues(user libregraph.User) (map[string][]string, i.userAttributeMap.displayName: {user.GetDisplayName()}, i.userAttributeMap.userName: {user.GetOnPremisesSamAccountName()}, i.userAttributeMap.mail: {user.GetMail()}, - "objectClass": {"inetOrgPerson", "organizationalPerson", "person", "top", "ownCloudUser"}, + "objectClass": {"inetOrgPerson", "organizationalPerson", "person", "top", "openCloudUser"}, "cn": {user.GetOnPremisesSamAccountName()}, i.userAttributeMap.userType: {user.GetUserType()}, } diff --git a/services/graph/pkg/identity/ldap_education_user_test.go b/services/graph/pkg/identity/ldap_education_user_test.go index b2cf112228..169837c42b 100644 --- a/services/graph/pkg/identity/ldap_education_user_test.go +++ b/services/graph/pkg/identity/ldap_education_user_test.go @@ -5,8 +5,8 @@ import ( "testing" "github.com/go-ldap/ldap/v3" - libregraph "github.com/owncloud/libre-graph-api-go" "github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks" + libregraph "github.com/owncloud/libre-graph-api-go" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" ) @@ -20,7 +20,7 @@ var eduUserAttrs = []string{ "givenname", "userEnabledAttribute", "userTypeAttribute", - "oCExternalIdentity", + "openCloudExternalIdentity", "userClass", "ocMemberOfSchool", } @@ -32,7 +32,7 @@ var eduUserEntry = ldap.NewEntry("uid=user,ou=people,dc=test", "mail": {"user@example"}, "entryuuid": {"abcd-defg"}, "userClass": {"student"}, - "oCExternalIdentity": { + "openCloudExternalIdentity": { "$ http://idp $ testuser", "xxx $ http://idpnew $ xxxxx-xxxxx-xxxxx", }, @@ -46,7 +46,7 @@ var renamedEduUserEntry = ldap.NewEntry("uid=newtestuser,ou=people,dc=test", "mail": {"user@example"}, "entryuuid": {"abcd-defg"}, "userClass": {"student"}, - "oCExternalIdentity": { + "openCloudExternalIdentity": { "$ http://idp $ testuser", "xxx $ http://idpnew $ xxxxx-xxxxx-xxxxx", }, @@ -61,7 +61,7 @@ var eduUserEntryWithSchool = ldap.NewEntry("uid=user,ou=people,dc=test", "entryuuid": {"abcd-defg"}, "userClass": {"student"}, "ocMemberOfSchool": {"abcd-defg"}, - "oCExternalIdentity": { + "openCloudExternalIdentity": { "$ http://idp $ testuser", "xxx $ http://idpnew $ xxxxx-xxxxx-xxxxx", }, diff --git a/services/graph/pkg/identity/ldap_group.go b/services/graph/pkg/identity/ldap_group.go index 0322e6f87e..4a1191caa5 100644 --- a/services/graph/pkg/identity/ldap_group.go +++ b/services/graph/pkg/identity/ldap_group.go @@ -448,8 +448,8 @@ func (i *LDAP) groupToLDAPAttrValues(group libregraph.Group) (map[string][]strin } if !i.useServerUUID { - attrs["owncloudUUID"] = []string{uuid.Must(uuid.NewV4()).String()} - attrs["objectClass"] = append(attrs["objectClass"], "owncloud") + attrs["openCloudUUID"] = []string{uuid.Must(uuid.NewV4()).String()} + attrs["objectClass"] = append(attrs["objectClass"], "openCloudObject") } return attrs, nil } diff --git a/services/graph/pkg/identity/ldap_test.go b/services/graph/pkg/identity/ldap_test.go index 911b354f4d..031e97a304 100644 --- a/services/graph/pkg/identity/ldap_test.go +++ b/services/graph/pkg/identity/ldap_test.go @@ -72,7 +72,7 @@ var invalidUserEntry = ldap.NewEntry("uid=user", var logger = log.NewLogger(log.Level("debug")) -var ldapUserAttributes = []string{"displayname", "entryUUID", "mail", "uid", "sn", "givenname", "userEnabledAttribute", "userTypeAttribute", "oCExternalIdentity", "oCLastSignInTimestamp"} +var ldapUserAttributes = []string{"displayname", "entryUUID", "mail", "uid", "sn", "givenname", "userEnabledAttribute", "userTypeAttribute", "openCloudExternalIdentity", "openCloudLastSignInTimestamp"} func TestNewLDAPBackend(t *testing.T) { l := &mocks.Client{} @@ -123,7 +123,7 @@ func TestCreateUser(t *testing.T) { ar.Attribute(lconfig.UserEnabledAttribute, []string{"TRUE"}) ar.Attribute(lconfig.UserTypeAttribute, []string{"Member"}) ar.Attribute("cn", []string{userName}) - ar.Attribute("objectClass", []string{"inetOrgPerson", "organizationalPerson", "person", "top", "ownCloudUser"}) + ar.Attribute("objectClass", []string{"inetOrgPerson", "organizationalPerson", "person", "top", "openCloudUser"}) l := &mocks.Client{} l.On("Search", mock.Anything). diff --git a/services/graph/pkg/service/v0/password_test.go b/services/graph/pkg/service/v0/password_test.go index 64b90e0362..2212d2ceaf 100644 --- a/services/graph/pkg/service/v0/password_test.go +++ b/services/graph/pkg/service/v0/password_test.go @@ -68,10 +68,10 @@ var _ = Describe("Users changing their own password", func() { UserDisplayNameAttribute: "displayName", UserNameAttribute: "uid", UserEmailAttribute: "mail", - UserIDAttribute: "ownclouduuid", + UserIDAttribute: "openCloudUUID", UserSearchScope: "sub", GroupNameAttribute: "cn", - GroupIDAttribute: "ownclouduuid", + GroupIDAttribute: "openCloudUUID", GroupSearchScope: "sub", } loggger := log.NewLogger() diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 84406ca60e..eebd6b0433 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -70,7 +70,7 @@ type LDAPDriver struct { UserScope string `yaml:"user_scope" env:"OC_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` GroupScope string `yaml:"group_scope" env:"OC_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` GroupSubstringFilterType string `yaml:"group_substring_filter_type" env:"LDAP_GROUP_SUBSTRING_FILTER_TYPE;GROUPS_LDAP_GROUP_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for groups. Supported values are 'initial', 'final' and 'any'. The value 'initial' is used for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches" introductionVersion:"pre5.0"` - UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'." introductionVersion:"pre5.0"` + UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'." introductionVersion:"pre5.0"` GroupFilter string `yaml:"group_filter" env:"OC_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches." introductionVersion:"pre5.0"` UserObjectClass string `yaml:"user_object_class" env:"OC_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter ('inetOrgPerson')." introductionVersion:"pre5.0"` GroupObjectClass string `yaml:"group_object_class" env:"OC_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter ('groupOfNames')." introductionVersion:"pre5.0"` diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index db39598762..71c099fdf7 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -53,13 +53,13 @@ func DefaultConfig() *config.Config { BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ - ID: "ownclouduuid", + ID: "openCloudUUID", Mail: "mail", DisplayName: "displayname", Username: "uid", }, GroupSchema: config.LDAPGroupSchema{ - ID: "ownclouduuid", + ID: "openCloudUUID", Mail: "mail", DisplayName: "cn", Groupname: "cn", diff --git a/services/idm/ldif/base.ldif.tmpl b/services/idm/ldif/base.ldif.tmpl index 5f9aa38863..b70c284acb 100644 --- a/services/idm/ldif/base.ldif.tmpl +++ b/services/idm/ldif/base.ldif.tmpl @@ -19,8 +19,8 @@ ou: groups dn: uid=admin,ou=users,o=libregraph-idm objectClass: inetOrgPerson objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: ownCloud +objectClass: openCloudUser +objectClass: openCloudObject objectClass: person objectClass: top uid: admin @@ -30,8 +30,8 @@ cn: admin displayName: Admin description: An admin for this OpenCloud instance. mail: admin@example.org -ownCloudUUID: {{ .ID }} -oCExternalIdentity: $ {{ .Issuer }} $ {{ .ID }} +openCloudUUID: {{ .ID }} +openCloudExternalIdentity: $ {{ .Issuer }} $ {{ .ID }} {{ else -}} dn: uid={{ .Name }},ou=sysusers,o=libregraph-idm objectClass: account diff --git a/services/idm/ldif/demousers.ldif.tmpl b/services/idm/ldif/demousers.ldif.tmpl index bb79972701..ccca0f46b2 100644 --- a/services/idm/ldif/demousers.ldif.tmpl +++ b/services/idm/ldif/demousers.ldif.tmpl @@ -1,8 +1,8 @@ dn: uid=alan,ou=users,o=libregraph-idm objectClass: inetOrgPerson objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: ownCloud +objectClass: openCloudUser +objectClass: openCloudObject objectClass: person objectClass: top uid: alan @@ -12,16 +12,16 @@ cn: alan displayName: Alan Turing description: An English mathematician, computer scientist, logician, cryptanalyst, philosopher and theoretical biologist. He was highly influential in the development of theoretical computer science, providing a formalisation of the concepts of algorithm and computation with the Turing machine. mail: alan@example.org -ownCloudUserEnabled: TRUE -ownCloudUUID: b1f74ec4-dd7e-11ef-a543-03775734d0f7 -oCExternalIdentity: $ {{.}} $ b1f74ec4-dd7e-11ef-a543-03775734d0f7 +openCloudUserEnabled: TRUE +openCloudUUID: b1f74ec4-dd7e-11ef-a543-03775734d0f7 +openCloudExternalIdentity: $ {{.}} $ b1f74ec4-dd7e-11ef-a543-03775734d0f7 userPassword:: e0FSR09OMn0kYXJnb24yaWQkdj0xOSRtPTY1NTM2LHQ9MSxwPTE2JGg1NUxqckhWVjdEdXVzTkxjbXRoa0EkMzZ3aGZSMjdyTDFOYXQxa0xTajdrVGFubTBnb3VKRGZ0ck9DTStuRHo5cw== dn: uid=mary,ou=users,o=libregraph-idm objectClass: inetOrgPerson objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: ownCloud +objectClass: openCloudUser +objectClass: openCloudObject objectClass: person objectClass: top uid: mary @@ -31,16 +31,16 @@ cn: mary displayName: Mary Kenneth Keller description: Mary Kenneth Keller of the Sisters of Charity of the Blessed Virgin Mary was a pioneer in computer science. mail: mary@example.org -ownCloudUserEnabled: TRUE -ownCloudUUID: 056fc874-dd7f-11ef-ba84-af6fca4b7289 -oCExternalIdentity: $ {{.}} $ 056fc874-dd7f-11ef-ba84-af6fca4b7289 +openCloudUserEnabled: TRUE +openCloudUUID: 056fc874-dd7f-11ef-ba84-af6fca4b7289 +openCloudExternalIdentity: $ {{.}} $ 056fc874-dd7f-11ef-ba84-af6fca4b7289 userPassword:: e0FSR09OMn0kYXJnb24yaWQkdj0xOSRtPTY1NTM2LHQ9MSxwPTE2JGg1NUxqckhWVjdEdXVzTkxjbXRoa0EkMzZ3aGZSMjdyTDFOYXQxa0xTajdrVGFubTBnb3VKRGZ0ck9DTStuRHo5cw== dn: uid=margaret,ou=users,o=libregraph-idm objectClass: inetOrgPerson objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: ownCloud +objectClass: openCloudUser +objectClass: openCloudObject objectClass: person objectClass: top uid: margaret @@ -50,16 +50,16 @@ cn: margaret displayName: Margaret Hamilton description: A director of the Software Engineering Division of the MIT Instrumentation Laboratory, which developed on-board flight software for NASA's Apollo program. mail: margaret@example.org -ownCloudUserEnabled: TRUE -ownCloudUUID: 801abee4-dd7f-11ef-a324-83f55a754b62 -oCExternalIdentity: $ {{.}} $ 801abee4-dd7f-11ef-a324-83f55a754b62 +openCloudUserEnabled: TRUE +openCloudUUID: 801abee4-dd7f-11ef-a324-83f55a754b62 +openCloudExternalIdentity: $ {{.}} $ 801abee4-dd7f-11ef-a324-83f55a754b62 userPassword:: e0FSR09OMn0kYXJnb24yaWQkdj0xOSRtPTY1NTM2LHQ9MSxwPTE2JGg1NUxqckhWVjdEdXVzTkxjbXRoa0EkMzZ3aGZSMjdyTDFOYXQxa0xTajdrVGFubTBnb3VKRGZ0ck9DTStuRHo5cw== dn: uid=dennis,ou=users,o=libregraph-idm objectClass: inetOrgPerson objectClass: organizationalPerson -objectClass: ownCloudUser -objectClass: ownCloud +objectClass: openCloudUser +objectClass: openCloudObject objectClass: person objectClass: top uid: dennis @@ -69,18 +69,18 @@ cn: dennis displayName: Dennis Ritchie description: American computer scientist. He created the C programming language and the Unix operating system and B language with long-time colleague Ken Thompson. mail: dennis@example.org -ownCloudUserEnabled: TRUE -ownCloudUUID: cd88bf9a-dd7f-11ef-a609-7f78deb2345f -oCExternalIdentity: $ {{.}} $ cd88bf9a-dd7f-11ef-a609-7f78deb2345f +openCloudUserEnabled: TRUE +openCloudUUID: cd88bf9a-dd7f-11ef-a609-7f78deb2345f +openCloudExternalIdentity: $ {{.}} $ cd88bf9a-dd7f-11ef-a609-7f78deb2345f userPassword:: e0FSR09OMn0kYXJnb24yaWQkdj0xOSRtPTY1NTM2LHQ9MSxwPTE2JGg1NUxqckhWVjdEdXVzTkxjbXRoa0EkMzZ3aGZSMjdyTDFOYXQxa0xTajdrVGFubTBnb3VKRGZ0ck9DTStuRHo5cw== dn: cn=users,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: users description: Users -ownCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa +openCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa member: uid=alan,ou=users,o=libregraph-idm member: uid=mary,ou=users,o=libregraph-idm member: uid=margaret,ou=users,o=libregraph-idm @@ -89,65 +89,65 @@ member: uid=admin,ou=users,o=libregraph-idm dn: cn=chess-lovers,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: sailing-lovers description: Chess lovers -ownCloudUUID: 9d31ec04-dd80-11ef-ac47-a38ba68cc36d +openCloudUUID: 9d31ec04-dd80-11ef-ac47-a38ba68cc36d member: uid=alan,ou=users,o=libregraph-idm dn: cn=violin-haters,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: violin-haters description: Violin haters -ownCloudUUID: d901562a-dd80-11ef-a510-fba1ed43fb21 +openCloudUUID: d901562a-dd80-11ef-a510-fba1ed43fb21 member: uid=alan,ou=users,o=libregraph-idm dn: cn=bible-readers,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: bible-readers description: Bible readers -ownCloudUUID: 2fc6ba22-dd81-11ef-89e6-e3eff494a998 +openCloudUUID: 2fc6ba22-dd81-11ef-89e6-e3eff494a998 member: uid=mary,ou=users,o=libregraph-idm dn: cn=apollos,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: apollos description: Contributors to the Appollo mission -ownCloudUUID: 6f9bab36-dd94-11ef-a252-dbbdd20299dd +openCloudUUID: 6f9bab36-dd94-11ef-a252-dbbdd20299dd member: uid=margaret,ou=users,o=libregraph-idm dn: cn=unix-lovers,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: unix-lovers description: Unix lovers -ownCloudUUID: 75bc3882-dd94-11ef-ad60-335f3df6cef3 +openCloudUUID: 75bc3882-dd94-11ef-ad60-335f3df6cef3 member: uid=dennis,ou=users,o=libregraph-idm dn: cn=basic-haters,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: basic-haters description: Haters of the Basic programming language -ownCloudUUID: a4eb2c12-dd94-11ef-9ebe-eb96f938d517 +openCloudUUID: a4eb2c12-dd94-11ef-9ebe-eb96f938d517 member: uid=dennis,ou=users,o=libregraph-idm dn: cn=programmers,ou=groups,o=libregraph-idm objectClass: groupOfNames -objectClass: ownCloud +objectClass: openCloudObject objectClass: top cn: programmers description: Computer Programmer -ownCloudUUID: ce4aa240-dd94-11ef-82b8-4f4828849072 +openCloudUUID: ce4aa240-dd94-11ef-82b8-4f4828849072 member: uid=alan,ou=users,o=libregraph-idm member: uid=margaret,ou=users,o=libregraph-idm member: uid=dennis,ou=users,o=libregraph-idm diff --git a/services/idp/pkg/backends/cs3/identifier/cs3.go b/services/idp/pkg/backends/cs3/identifier/cs3.go index a31b44e808..490b5e4570 100644 --- a/services/idp/pkg/backends/cs3/identifier/cs3.go +++ b/services/idp/pkg/backends/cs3/identifier/cs3.go @@ -210,7 +210,6 @@ func (b *CS3Backend) DestroySession(_ context.Context, sessionRef *string) error // for the user specified by the userID. func (b *CS3Backend) UserClaims(_ string, _ map[string]bool) map[string]interface{} { return nil - // TODO should we return the "ownclouduuid" as a claim? there is also "LibgreGraph.UUID" / lico.ScopeUniqueUserID } // ScopesSupported implements the Backend interface, providing supported scopes diff --git a/services/idp/pkg/config/config.go b/services/idp/pkg/config/config.go index 044e0d2d24..af6b05f5d5 100644 --- a/services/idp/pkg/config/config.go +++ b/services/idp/pkg/config/config.go @@ -49,7 +49,7 @@ type Ldap struct { UUIDAttributeType string `yaml:"uuid_attribute_type" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE" desc:"LDAP User uuid attribute type like 'text'." introductionVersion:"pre5.0"` UserEnabledAttribute string `yaml:"user_enabled_attribute" env:"OC_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE" desc:"LDAP Attribute to use as a flag telling if the user is enabled or disabled." introductionVersion:"pre5.0"` - Filter string `yaml:"filter" env:"OC_LDAP_USER_FILTER;IDP_LDAP_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'." introductionVersion:"pre5.0"` + Filter string `yaml:"filter" env:"OC_LDAP_USER_FILTER;IDP_LDAP_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'." introductionVersion:"pre5.0"` ObjectClass string `yaml:"objectclass" env:"OC_LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS" desc:"LDAP User ObjectClass like 'inetOrgPerson'." introductionVersion:"pre5.0"` } diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index be0b36a112..c96a2fe2c7 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -120,11 +120,11 @@ func DefaultConfig() *config.Config { LoginAttribute: "uid", EmailAttribute: "mail", NameAttribute: "displayName", - UUIDAttribute: "ownCloudUUID", + UUIDAttribute: "openCloudUUID", UUIDAttributeType: "text", Filter: "", ObjectClass: "inetOrgPerson", - UserEnabledAttribute: "ownCloudUserEnabled", + UserEnabledAttribute: "openCloudUserEnabled", }, } } diff --git a/services/proxy/pkg/middleware/authentication_test.go b/services/proxy/pkg/middleware/authentication_test.go index 0aa3101306..9426b370f8 100644 --- a/services/proxy/pkg/middleware/authentication_test.go +++ b/services/proxy/pkg/middleware/authentication_test.go @@ -146,7 +146,7 @@ var _ = Describe("Authenticating requests", Label("Authentication"), func() { testHandler := handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { Expect(oidc.FromContext(r.Context())).To(Equal(map[string]interface{}{ "email": "testuser@example.com", - "ownclouduuid": "OpaqueId", + "openclouduuid": "OpaqueId", "iss": "IdpId", "preferred_username": "testuser", })) diff --git a/services/proxy/pkg/middleware/basic_auth.go b/services/proxy/pkg/middleware/basic_auth.go index 36bbdfe84d..a2d8755ef6 100644 --- a/services/proxy/pkg/middleware/basic_auth.go +++ b/services/proxy/pkg/middleware/basic_auth.go @@ -45,7 +45,7 @@ func (m BasicAuthenticator) Authenticate(r *http.Request) (*http.Request, bool) oidc.Iss: user.Id.Idp, oidc.PreferredUsername: user.Username, oidc.Email: user.Mail, - oidc.OwncloudUUID: user.Id.OpaqueId, + oidc.OpenCloudUUID: user.Id.OpaqueId, } if m.UserCS3Claim == "userid" { diff --git a/services/proxy/pkg/middleware/basic_auth_test.go b/services/proxy/pkg/middleware/basic_auth_test.go index d8981a3be5..054c3e1362 100644 --- a/services/proxy/pkg/middleware/basic_auth_test.go +++ b/services/proxy/pkg/middleware/basic_auth_test.go @@ -61,7 +61,7 @@ var _ = Describe("Authenticating requests", Label("BasicAuthenticator"), func() Expect(claims[oidc.Iss]).To(Equal("IdpId")) Expect(claims[oidc.PreferredUsername]).To(Equal("testuser")) Expect(claims[oidc.Email]).To(Equal("testuser@example.com")) - Expect(claims[oidc.OwncloudUUID]).To(Equal("OpaqueId")) + Expect(claims[oidc.OpenCloudUUID]).To(Equal("OpaqueId")) }) }) }) diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 2b5695cc2d..0a2f63f8f5 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -72,13 +72,13 @@ type LDAPDriver struct { UserScope string `yaml:"user_scope" env:"OC_LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE" desc:"LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` GroupScope string `yaml:"group_scope" env:"OC_LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE" desc:"LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'." introductionVersion:"pre5.0"` UserSubstringFilterType string `yaml:"user_substring_filter_type" env:"LDAP_USER_SUBSTRING_FILTER_TYPE;USERS_LDAP_USER_SUBSTRING_FILTER_TYPE" desc:"Type of substring search filter to use for substring searches for users. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches" introductionVersion:"pre5.0"` - UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'." introductionVersion:"pre5.0"` + UserFilter string `yaml:"user_filter" env:"OC_LDAP_USER_FILTER;USERS_LDAP_USER_FILTER" desc:"LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'." introductionVersion:"pre5.0"` GroupFilter string `yaml:"group_filter" env:"OC_LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER" desc:"LDAP filter to add to the default filters for group searches." introductionVersion:"pre5.0"` UserObjectClass string `yaml:"user_object_class" env:"OC_LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS" desc:"The object class to use for users in the default user search filter like 'inetOrgPerson'." introductionVersion:"pre5.0"` GroupObjectClass string `yaml:"group_object_class" env:"OC_LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS" desc:"The object class to use for groups in the default group search filter like 'groupOfNames'." introductionVersion:"pre5.0"` IDP string `yaml:"idp" env:"OC_URL;OC_OIDC_ISSUER;USERS_IDP_URL" desc:"The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider." introductionVersion:"pre5.0"` DisableUserMechanism string `yaml:"disable_user_mechanism" env:"OC_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM" desc:"An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed." introductionVersion:"pre5.0"` - UserTypeAttribute string `yaml:"user_type_attribute" env:"OC_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE" desc:"LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'." introductionVersion:"pre5.0"` + UserTypeAttribute string `yaml:"user_type_attribute" env:"OC_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE" desc:"LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'." introductionVersion:"pre5.0"` LdapDisabledUsersGroupDN string `yaml:"ldap_disabled_users_group_dn" env:"OC_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN" desc:"The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'." introductionVersion:"pre5.0"` UserSchema LDAPUserSchema `yaml:"user_schema"` GroupSchema LDAPGroupSchema `yaml:"group_schema"` diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index e9c1f29a8a..39051f6e43 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -53,17 +53,17 @@ func DefaultConfig() *config.Config { BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", DisableUserMechanism: "attribute", LdapDisabledUsersGroupDN: "cn=DisabledUsersGroup,ou=groups,o=libregraph-idm", - UserTypeAttribute: "ownCloudUserType", + UserTypeAttribute: "openCloudUserType", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ - ID: "ownclouduuid", + ID: "openclouduuid", Mail: "mail", DisplayName: "displayname", Username: "uid", - Enabled: "ownCloudUserEnabled", + Enabled: "openclouduserenabled", }, GroupSchema: config.LDAPGroupSchema{ - ID: "ownclouduuid", + ID: "openclouduuid", Mail: "mail", DisplayName: "cn", Groupname: "cn", diff --git a/tests/acceptance/bootstrap/Provisioning.php b/tests/acceptance/bootstrap/Provisioning.php index f4844cb15f..da11871401 100644 --- a/tests/acceptance/bootstrap/Provisioning.php +++ b/tests/acceptance/bootstrap/Provisioning.php @@ -445,8 +445,8 @@ trait Provisioning { $entry['uidNumber'] = $uidNumber; if (!OcHelper::isTestingOnReva()) { - $entry['objectclass'][] = 'ownCloud'; - $entry['ownCloudUUID'] = WebDavHelper::generateUUIDv4(); + $entry['objectclass'][] = 'openCloudObject'; + $entry['openCloudUUID'] = WebDavHelper::generateUUIDv4(); } try { @@ -490,8 +490,8 @@ trait Provisioning { $entry['member'] = ""; } if (!OcHelper::isTestingOnReva()) { - $entry['objectclass'][] = 'ownCloud'; - $entry['ownCloudUUID'] = WebDavHelper::generateUUIDv4(); + $entry['objectclass'][] = 'openCloudObject'; + $entry['openCloudUUID'] = WebDavHelper::generateUUIDv4(); } try {