set generate ldap secrets

extensions/auth-basic/pkg/config/config.go

@@ -50,9 +50,9 @@ type GRPCConfig struct {
 }
 
 type AuthProviders struct {
-	JSON        JSONProvider        `yaml:"json"`
-	LDAP        LDAPProvider        `yaml:"ldap"`
-	OwnCloudSQL OwnCloudSQLProvider `yaml:"owncloud_sql"`
+	JSON        JSONProvider        `yaml:"json,omitempty"`
+	LDAP        LDAPProvider        `yaml:"ldap,omitempty"`
+	OwnCloudSQL OwnCloudSQLProvider `yaml:"owncloud_sql,omitempty"`
 }
 
 type JSONProvider struct {
@@ -60,24 +60,24 @@ type JSONProvider struct {
 }
 
 type LDAPProvider struct {
-	URI              string   `env:"LDAP_URI;AUTH_BASIC_LDAP_URI"`
-	CACert           string   `env:"LDAP_CACERT;AUTH_BASIC_LDAP_CACERT"`
-	Insecure         bool     `env:"LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE"`
-	BindDN           string   `env:"LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN"`
-	BindPassword     string   `env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"`
-	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN"`
-	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN"`
-	UserScope        string   `env:"LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE"`
-	GroupScope       string   `env:"LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE"`
-	UserFilter       string   `env:"LDAP_USERFILTER;AUTH_BASIC_LDAP_USERFILTER"`
-	GroupFilter      string   `env:"LDAP_GROUPFILTER;AUTH_BASIC_LDAP_USERFILTER"`
-	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS"`
-	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS"`
-	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES"`
-	IDP              string   `env:"OCIS_URL;AUTH_BASIC_IDP_URL"` // TODO what is this for?
-	GatewayEndpoint  string   // TODO do we need this here?
-	UserSchema       LDAPUserSchema
-	GroupSchema      LDAPGroupSchema
+	URI              string          `yaml:",omitempty" env:"LDAP_URI;AUTH_BASIC_LDAP_URI"`
+	CACert           string          `yaml:",omitempty" env:"LDAP_CACERT;AUTH_BASIC_LDAP_CACERT"`
+	Insecure         bool            `yaml:",omitempty" env:"LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE"`
+	BindDN           string          `yaml:",omitempty" env:"LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN"`
+	BindPassword     string          `yaml:",omitempty" env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string          `yaml:",omitempty" env:"LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string          `yaml:",omitempty" env:"LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN"`
+	UserScope        string          `yaml:",omitempty" env:"LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE"`
+	GroupScope       string          `yaml:",omitempty" env:"LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE"`
+	UserFilter       string          `yaml:",omitempty" env:"LDAP_USERFILTER;AUTH_BASIC_LDAP_USERFILTER"`
+	GroupFilter      string          `yaml:",omitempty" env:"LDAP_GROUPFILTER;AUTH_BASIC_LDAP_USERFILTER"`
+	UserObjectClass  string          `yaml:",omitempty" env:"LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string          `yaml:",omitempty" env:"LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string        `yaml:",omitempty" env:"LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string          `yaml:",omitempty" env:"OCIS_URL;AUTH_BASIC_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string          `yaml:",omitempty"`                                   // TODO do we need this here?
+	UserSchema       LDAPUserSchema  `yaml:",omitempty"`
+	GroupSchema      LDAPGroupSchema `yaml:",omitempty"`
 }
 
 type LDAPUserSchema struct {

extensions/auth-basic/pkg/config/defaults/defaultconfig.go

@@ -49,7 +49,6 @@ func DefaultConfig() *config.Config {
 				UserObjectClass:  "inetOrgPerson",
 				GroupObjectClass: "groupOfNames",
 				BindDN:           "uid=reva,ou=sysusers,o=libregraph-idm",
-				BindPassword:     "reva",
 				IDP:              "https://localhost:9200",
 				UserSchema: config.LDAPUserSchema{
 					ID:          "ownclouduuid",
@@ -68,7 +67,6 @@ func DefaultConfig() *config.Config {
 			JSON: config.JSONProvider{},
 			OwnCloudSQL: config.OwnCloudSQLProvider{
 				DBUsername:       "owncloud",
-				DBPassword:       "secret",
 				DBHost:           "mysql",
 				DBPort:           3306,
 				DBName:           "owncloud",

extensions/auth-machine/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,8 @@
 package defaults
 
 import (
+	"log"
+
 	"github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
 )
 
@@ -31,11 +33,6 @@ func DefaultConfig() *config.Config {
 			Address: "127.0.0.1:9142",
 		},
 		AuthProvider: "ldap",
-		AuthProviders: config.AuthProviders{
-			Machine: config.MachineProvider{
-				APIKey: "change-me-please",
-			},
-		},
 	}
 }
 
@@ -78,6 +75,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else if cfg.TokenManager == nil {
 		cfg.TokenManager = &config.TokenManager{}
 	}
+
+	if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	} else if cfg.MachineAuthAPIKey == "" {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }
 
 func Sanitize(cfg *config.Config) {

extensions/frontend/pkg/config/defaults/defaultconfig.go

@@ -64,9 +64,6 @@ func DefaultConfig() *config.Config {
 			AdditionalInfoAttribute: "{{.Mail}}",
 			ResourceInfoCacheTTL:    0,
 		},
-		AuthMachine: config.AuthMachine{
-			APIKey: "change-me-please",
-		},
 		Middleware: config.Middleware{
 			Auth: config.Auth{
 				CredentialsByUserAgent: map[string]string{},

extensions/graph/pkg/config/config.go

@@ -37,37 +37,37 @@ type Spaces struct {
 }
 
 type LDAP struct {
-	URI           string `yaml:"uri" env:"LDAP_URI;GRAPH_LDAP_URI"`
-	Insecure      bool   `yaml:"insecure" env:"OCIS_INSECURE;GRAPH_LDAP_INSECURE"`
-	BindDN        string `yaml:"bind_dn" env:"LDAP_BIND_DN;GRAPH_LDAP_BIND_DN"`
-	BindPassword  string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD"`
-	UseServerUUID bool   `yaml:"use_server_uuid" env:"GRAPH_LDAP_SERVER_UUID"`
-	WriteEnabled  bool   `yaml:"write_enabled" env:"GRAPH_LDAP_SERVER_WRITE_ENABLED"`
+	URI           string `yaml:"uri,omitempty" env:"LDAP_URI;GRAPH_LDAP_URI"`
+	Insecure      bool   `yaml:"insecure,omitempty" env:"OCIS_INSECURE;GRAPH_LDAP_INSECURE"`
+	BindDN        string `yaml:"bind_dn,omitempty" env:"LDAP_BIND_DN;GRAPH_LDAP_BIND_DN"`
+	BindPassword  string `yaml:"bind_password,omitempty" env:"LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD"`
+	UseServerUUID bool   `yaml:"use_server_uuid,omitempty" env:"GRAPH_LDAP_SERVER_UUID"`
+	WriteEnabled  bool   `yaml:"write_enabled,omitempty" env:"GRAPH_LDAP_SERVER_WRITE_ENABLED"`
 
-	UserBaseDN               string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN"`
-	UserSearchScope          string `yaml:"user_search_scope" env:"LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE"`
-	UserFilter               string `yaml:"user_filter" env:"LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER"`
-	UserObjectClass          string `yaml:"user_objectclass" env:"LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS"`
-	UserEmailAttribute       string `yaml:"user_mail_attribute" env:"LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE"`
-	UserDisplayNameAttribute string `yaml:"user_displayname_attribute" env:"LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE"`
-	UserNameAttribute        string `yaml:"user_name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE"`
-	UserIDAttribute          string `yaml:"user_id_attribute" env:"LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE"`
+	UserBaseDN               string `yaml:"user_base_dn,omitempty" env:"LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN"`
+	UserSearchScope          string `yaml:"user_search_scope,omitempty" env:"LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE"`
+	UserFilter               string `yaml:"user_filter,omitempty" env:"LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER"`
+	UserObjectClass          string `yaml:"user_objectclass,omitempty" env:"LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS"`
+	UserEmailAttribute       string `yaml:"user_mail_attribute,omitempty" env:"LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE"`
+	UserDisplayNameAttribute string `yaml:"user_displayname_attribute,omitempty" env:"LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE"`
+	UserNameAttribute        string `yaml:"user_name_attribute,omitempty" env:"LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE"`
+	UserIDAttribute          string `yaml:"user_id_attribute,omitempty" env:"LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE"`
 
-	GroupBaseDN        string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN"`
-	GroupSearchScope   string `yaml:"group_search_scope" env:"LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE"`
-	GroupFilter        string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER"`
-	GroupObjectClass   string `yaml:"group_objectclass" env:"LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS"`
-	GroupNameAttribute string `yaml:"group_name_attribute" env:"LDAP_GROUP_SCHEMA_GROUPNAME;GRAPH_LDAP_GROUP_NAME_ATTRIBUTE"`
-	GroupIDAttribute   string `yaml:"group_id_attribute" env:"LDAP_GROUP_SCHEMA_ID;GRAPH_LDAP_GROUP_ID_ATTRIBUTE"`
+	GroupBaseDN        string `yaml:"group_base_dn,omitempty" env:"LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN"`
+	GroupSearchScope   string `yaml:"group_search_scope,omitempty" env:"LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE"`
+	GroupFilter        string `yaml:"group_filter,omitempty" env:"LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER"`
+	GroupObjectClass   string `yaml:"group_objectclass,omitempty" env:"LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS"`
+	GroupNameAttribute string `yaml:"group_name_attribute,omitempty" env:"LDAP_GROUP_SCHEMA_GROUPNAME;GRAPH_LDAP_GROUP_NAME_ATTRIBUTE"`
+	GroupIDAttribute   string `yaml:"group_id_attribute,omitempty" env:"LDAP_GROUP_SCHEMA_ID;GRAPH_LDAP_GROUP_ID_ATTRIBUTE"`
 }
 
 type Identity struct {
-	Backend string `yaml:"backend" env:"GRAPH_IDENTITY_BACKEND"`
-	LDAP    LDAP   `yaml:"ldap"`
+	Backend string `yaml:"backend,omitempty" env:"GRAPH_IDENTITY_BACKEND"`
+	LDAP    LDAP   `yaml:"ldap,omitempty"`
 }
 
 // Events combines the configuration options for the event bus.
 type Events struct {
-	Endpoint string `yaml:"events_endpoint" env:"GRAPH_EVENTS_ENDPOINT" desc:"the address of the streaming service"`
-	Cluster  string `yaml:"events_cluster" env:"GRAPH_EVENTS_CLUSTER" desc:"the clusterID of the streaming service. Mandatory when using nats"`
+	Endpoint string `yaml:"events_endpoint,omitempty" env:"GRAPH_EVENTS_ENDPOINT" desc:"the address of the streaming service"`
+	Cluster  string `yaml:"events_cluster,omitempty" env:"GRAPH_EVENTS_CLUSTER" desc:"the clusterID of the streaming service. Mandatory when using nats"`
 }

extensions/group/pkg/config/config.go

@@ -51,34 +51,34 @@ type GRPCConfig struct {
 }
 
 type Drivers struct {
-	JSON        JSONDriver
-	LDAP        LDAPDriver
-	OwnCloudSQL OwnCloudSQLDriver
-	REST        RESTProvider
+	JSON        JSONDriver        `yaml:",omitempty"`
+	LDAP        LDAPDriver        `yaml:",omitempty"`
+	OwnCloudSQL OwnCloudSQLDriver `yaml:",omitempty"`
+	REST        RESTProvider      `yaml:",omitempty"`
 }
 
 type JSONDriver struct {
 	File string
 }
 type LDAPDriver struct {
-	URI              string   `env:"LDAP_URI;GROUPS_LDAP_URI"`
-	CACert           string   `env:"LDAP_CACERT;GROUPS_LDAP_CACERT"`
-	Insecure         bool     `env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE"`
-	BindDN           string   `env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN"`
-	BindPassword     string   `env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"`
-	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN"`
-	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN"`
-	UserScope        string   `env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE"`
-	GroupScope       string   `env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE"`
-	UserFilter       string   `env:"LDAP_USERFILTER;GROUPS_LDAP_USERFILTER"`
-	GroupFilter      string   `env:"LDAP_GROUPFILTER;GROUPS_LDAP_USERFILTER"`
-	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS"`
-	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS"`
-	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES"`
-	IDP              string   `env:"OCIS_URL;GROUPS_IDP_URL"` // TODO what is this for?
-	GatewayEndpoint  string   // TODO do we need this here?
-	UserSchema       LDAPUserSchema
-	GroupSchema      LDAPGroupSchema
+	URI              string          `yaml:",omitempty" env:"LDAP_URI;GROUPS_LDAP_URI"`
+	CACert           string          `yaml:",omitempty" env:"LDAP_CACERT;GROUPS_LDAP_CACERT"`
+	Insecure         bool            `yaml:",omitempty" env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE"`
+	BindDN           string          `yaml:",omitempty" env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN"`
+	BindPassword     string          `yaml:",omitempty" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string          `yaml:",omitempty" env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string          `yaml:",omitempty" env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN"`
+	UserScope        string          `yaml:",omitempty" env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE"`
+	GroupScope       string          `yaml:",omitempty" env:"LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE"`
+	UserFilter       string          `yaml:",omitempty" env:"LDAP_USERFILTER;GROUPS_LDAP_USERFILTER"`
+	GroupFilter      string          `yaml:",omitempty" env:"LDAP_GROUPFILTER;GROUPS_LDAP_USERFILTER"`
+	UserObjectClass  string          `yaml:",omitempty" env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string          `yaml:",omitempty" env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string        `yaml:",omitempty" env:"LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string          `yaml:",omitempty" env:"OCIS_URL;GROUPS_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string          `yaml:",omitempty"`                               // TODO do we need this here?
+	UserSchema       LDAPUserSchema  `yaml:",omitempty"`
+	GroupSchema      LDAPGroupSchema `yaml:",omitempty"`
 }
 
 type LDAPUserSchema struct {

extensions/group/pkg/config/defaults/defaultconfig.go

@@ -50,7 +50,6 @@ func DefaultConfig() *config.Config {
 				UserObjectClass:  "inetOrgPerson",
 				GroupObjectClass: "groupOfNames",
 				BindDN:           "uid=reva,ou=sysusers,o=libregraph-idm",
-				BindPassword:     "reva",
 				IDP:              "https://localhost:9200",
 				UserSchema: config.LDAPUserSchema{
 					ID:          "ownclouduuid",

extensions/idm/pkg/config/defaults/defaultconfig.go

@@ -22,12 +22,6 @@ func DefaultConfig() *config.Config {
 			Name: "idm",
 		},
 		CreateDemoUsers: false,
-		ServiceUserPasswords: config.ServiceUserPasswords{
-			OcisAdmin: "admin",
-			Idm:       "idm",
-			Idp:       "idp",
-			Reva:      "reva",
-		},
 		IDM: config.Settings{
 			LDAPSAddr:    "127.0.0.1:9235",
 			Cert:         path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),

extensions/idp/pkg/config/config.go

@@ -27,28 +27,28 @@ type Config struct {
 
 // Ldap defines the available LDAP configuration.
 type Ldap struct {
-	URI       string `yaml:"uri" env:"LDAP_URI;IDP_LDAP_URI"`
-	TLSCACert string `yaml:"cacert" env:"LDAP_CACERT;IDP_LDAP_TLS_CACERT"`
+	URI       string `yaml:"uri,omitempty" env:"LDAP_URI;IDP_LDAP_URI"`
+	TLSCACert string `yaml:"cacert,omitempty" env:"LDAP_CACERT;IDP_LDAP_TLS_CACERT"`
 
-	BindDN       string `yaml:"bind_dn" env:"LDAP_BIND_DN;IDP_LDAP_BIND_DN"`
-	BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD"`
+	BindDN       string `yaml:"bind_dn,omitempty" env:"LDAP_BIND_DN;IDP_LDAP_BIND_DN"`
+	BindPassword string `yaml:"bind_password,omitempty" env:"LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD"`
 
-	BaseDN string `yaml:"base_dn" env:"LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN"`
-	Scope  string `yaml:"scope" env:"LDAP_USER_SCOPE;IDP_LDAP_SCOPE"`
+	BaseDN string `yaml:"base_dn,omitempty" env:"LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN"`
+	Scope  string `yaml:"scope,omitempty" env:"LDAP_USER_SCOPE;IDP_LDAP_SCOPE"`
 
-	LoginAttribute    string `yaml:"login_attribute" env:"IDP_LDAP_LOGIN_ATTRIBUTE"`
-	EmailAttribute    string `yaml:"email_attribute" env:"LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE"`
-	NameAttribute     string `yaml:"name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE"`
-	UUIDAttribute     string `yaml:"uuid_attribute" env:"LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE"`
-	UUIDAttributeType string `yaml:"uuid_attribute_type" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE"`
+	LoginAttribute    string `yaml:"login_attribute,omitempty" env:"IDP_LDAP_LOGIN_ATTRIBUTE"`
+	EmailAttribute    string `yaml:"email_attribute,omitempty" env:"LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE"`
+	NameAttribute     string `yaml:"name_attribute,omitempty" env:"LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE"`
+	UUIDAttribute     string `yaml:"uuid_attribute,omitempty" env:"LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE"`
+	UUIDAttributeType string `yaml:"uuid_attribute_type,omitempty" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE"`
 
-	Filter      string `yaml:"filter" env:"LDAP_USER_FILTER;IDP_LDAP_FILTER"`
-	ObjectClass string `yaml:"objectclass" env:"LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS"`
+	Filter      string `yaml:"filter,omitempty" env:"LDAP_USER_FILTER;IDP_LDAP_FILTER"`
+	ObjectClass string `yaml:"objectclass,omitempty" env:"LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS"`
 }
 
 // Asset defines the available asset configuration.
 type Asset struct {
-	Path string `yaml:"asset" env:"IDP_ASSET_PATH"`
+	Path string `yaml:"asset,omitempty" env:"IDP_ASSET_PATH"`
 }
 
 type Settings struct {

extensions/storage/pkg/config/defaults/defaultconfig.go

@@ -57,7 +57,6 @@ func DefaultConfig() *config.Config {
 				UserObjectClass:  "inetOrgPerson",
 				GroupObjectClass: "groupOfNames",
 				BindDN:           "uid=reva,ou=sysusers,o=libregraph-idm",
-				BindPassword:     "reva",
 				IDP:              defaultPublicURL,
 				UserSchema: config.LDAPUserSchema{
 					ID:          "ownclouduuid",
@@ -81,7 +80,6 @@ func DefaultConfig() *config.Config {
 			},
 			UserOwnCloudSQL: config.UserOwnCloudSQL{
 				DBUsername:         "owncloud",
-				DBPassword:         "secret",
 				DBHost:             "mysql",
 				DBPort:             3306,
 				DBName:             "owncloud",

extensions/user/pkg/config/config.go

@@ -51,34 +51,34 @@ type GRPCConfig struct {
 }
 
 type Drivers struct {
-	JSON        JSONDriver
-	LDAP        LDAPDriver
-	OwnCloudSQL OwnCloudSQLDriver
-	REST        RESTProvider
+	JSON        JSONDriver        `yaml:",omitempty"`
+	LDAP        LDAPDriver        `yaml:",omitempty"`
+	OwnCloudSQL OwnCloudSQLDriver `yaml:",omitempty"`
+	REST        RESTProvider      `yaml:",omitempty"`
 }
 
 type JSONDriver struct {
 	File string
 }
 type LDAPDriver struct {
-	URI              string   `env:"LDAP_URI;USERS_LDAP_URI"`
-	CACert           string   `env:"LDAP_CACERT;USERS_LDAP_CACERT"`
-	Insecure         bool     `env:"LDAP_INSECURE;USERS_LDAP_INSECURE"`
-	BindDN           string   `env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN"`
-	BindPassword     string   `env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD"`
-	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN"`
-	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN"`
-	UserScope        string   `env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE"`
-	GroupScope       string   `env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE"`
-	UserFilter       string   `env:"LDAP_USERFILTER;USERS_LDAP_USERFILTER"`
-	GroupFilter      string   `env:"LDAP_GROUPFILTER;USERS_LDAP_USERFILTER"`
-	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS"`
-	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS"`
-	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;USERS_LDAP_LOGIN_ATTRIBUTES"`
-	IDP              string   `env:"OCIS_URL;USERS_IDP_URL"` // TODO what is this for?
-	GatewayEndpoint  string   // TODO do we need this here?
-	UserSchema       LDAPUserSchema
-	GroupSchema      LDAPGroupSchema
+	URI              string          `yaml:",omitempty" env:"LDAP_URI;USERS_LDAP_URI"`
+	CACert           string          `yaml:",omitempty" env:"LDAP_CACERT;USERS_LDAP_CACERT"`
+	Insecure         bool            `yaml:",omitempty" env:"LDAP_INSECURE;USERS_LDAP_INSECURE"`
+	BindDN           string          `yaml:",omitempty" env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN"`
+	BindPassword     string          `yaml:",omitempty" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string          `yaml:",omitempty" env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string          `yaml:",omitempty" env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN"`
+	UserScope        string          `yaml:",omitempty" env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE"`
+	GroupScope       string          `yaml:",omitempty" env:"LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE"`
+	UserFilter       string          `yaml:",omitempty" env:"LDAP_USERFILTER;USERS_LDAP_USERFILTER"`
+	GroupFilter      string          `yaml:",omitempty" env:"LDAP_GROUPFILTER;USERS_LDAP_USERFILTER"`
+	UserObjectClass  string          `yaml:",omitempty" env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string          `yaml:",omitempty" env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string        `yaml:",omitempty" env:"LDAP_LOGIN_ATTRIBUTES;USERS_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string          `yaml:",omitempty" env:"OCIS_URL;USERS_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string          `yaml:",omitempty"`                              // TODO do we need this here?
+	UserSchema       LDAPUserSchema  `yaml:",omitempty"`
+	GroupSchema      LDAPGroupSchema `yaml:",omitempty"`
 }
 
 type LDAPUserSchema struct {

extensions/user/pkg/config/defaults/defaultconfig.go

@@ -50,7 +50,6 @@ func DefaultConfig() *config.Config {
 				UserObjectClass:  "inetOrgPerson",
 				GroupObjectClass: "groupOfNames",
 				BindDN:           "uid=reva,ou=sysusers,o=libregraph-idm",
-				BindPassword:     "reva",
 				IDP:              "https://localhost:9200",
 				UserSchema: config.LDAPUserSchema{
 					ID:          "ownclouduuid",

ocis/pkg/command/init.go

@@ -17,15 +17,19 @@ import (
 	cli "github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v3"
 
+	authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
 	authbearer "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
 	frontend "github.com/owncloud/ocis/extensions/frontend/pkg/config"
 	graph "github.com/owncloud/ocis/extensions/graph/pkg/config"
+	group "github.com/owncloud/ocis/extensions/group/pkg/config"
 	idm "github.com/owncloud/ocis/extensions/idm/pkg/config"
+	idp "github.com/owncloud/ocis/extensions/idp/pkg/config"
 	ocdav "github.com/owncloud/ocis/extensions/ocdav/pkg/config"
 	proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config"
 	storagemetadata "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config"
 	storageusers "github.com/owncloud/ocis/extensions/storage-users/pkg/config"
 	thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config"
+	user "github.com/owncloud/ocis/extensions/user/pkg/config"
 )
 
 const configFilename string = "ocis.yaml" // TODO: use also a constant for reading this file
@@ -98,12 +102,25 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	cfg := config.Config{
 		TokenManager: &shared.TokenManager{},
 		IDM:          &idm.Config{},
+		AuthBasic: &authbasic.Config{
+			AuthProviders: authbasic.AuthProviders{
+				LDAP: authbasic.LDAPProvider{},
+			},
+		},
+		Group: &group.Config{
+			Drivers: group.Drivers{
+				LDAP: group.LDAPDriver{},
+			},
+		},
+		User: &user.Config{
+			Drivers: user.Drivers{
+				LDAP: user.LDAPDriver{},
+			},
+		},
+		IDP: &idp.Config{},
 	}
 
 	if insecure {
-		cfg.Proxy = &proxy.Config{
-			InsecureBackends: true,
-		}
 		cfg.AuthBearer = &authbearer.Config{
 			AuthProviders: authbearer.AuthProviders{
 				OIDC: authbearer.OIDCProvider{
@@ -127,6 +144,10 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 		cfg.OCDav = &ocdav.Config{
 			Insecure: true,
 		}
+		cfg.Proxy = &proxy.Config{
+			InsecureBackends: true,
+		}
+
 		cfg.StorageMetadata = &storagemetadata.Config{
 			DataProviderInsecure: true,
 		}
@@ -139,6 +160,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 				CS3AllowInsecure:    true,
 			},
 		}
+
 	}
 
 	idmServicePassword, err := generators.GenerateRandomPassword(passwordLength)
@@ -180,9 +202,17 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	cfg.TokenManager.JWTSecret = tokenManagerJwtSecret
 
 	cfg.IDM.ServiceUserPasswords.Idm = idmServicePassword
+	cfg.Graph.Identity.LDAP.BindPassword = idmServicePassword
+
 	cfg.IDM.ServiceUserPasswords.Idp = idpServicePassword
-	cfg.IDM.ServiceUserPasswords.OcisAdmin = ocisAdminServicePassword
+	cfg.IDP.Ldap.BindPassword = idpServicePassword
+
 	cfg.IDM.ServiceUserPasswords.Reva = revaServicePassword
+	cfg.AuthBasic.AuthProviders.LDAP.BindPassword = revaServicePassword
+	cfg.Group.Drivers.LDAP.BindPassword = revaServicePassword
+	cfg.User.Drivers.LDAP.BindPassword = revaServicePassword
+
+	cfg.IDM.ServiceUserPasswords.OcisAdmin = ocisAdminServicePassword
 
 	yamlOutput, err := yaml.Marshal(cfg)
 	if err != nil {