From 91a0301ea0cb4b8a06db7d7ab3c8e9f402a1e045 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Mon, 11 Apr 2022 12:35:17 +0200
Subject: [PATCH] Adapt deployment examples for new LDAP config

---
 .../oc10_ocis_parallel/docker-compose.yml     | 24 +++++++--------
 .../docker-compose.yml                        |  6 ++--
 .../examples/ocis_ldap/docker-compose.yml     | 29 ++++++++-----------
 3 files changed, 24 insertions(+), 35 deletions(-)

diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
index cb4a503437..4538ba147d 100644
--- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml
+++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
@@ -58,8 +58,7 @@ services:
       STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
       WEB_OIDC_SCOPE: openid profile email owncloud
       # LDAP bind
-      STORAGE_LDAP_HOSTNAME: openldap
-      STORAGE_LDAP_PORT: 636
+      STORAGE_LDAP_URI: "ldaps://openldap"
       STORAGE_LDAP_INSECURE: "true"
       STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
       STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
@@ -68,25 +67,22 @@ services:
       PROXY_ACCOUNT_BACKEND_TYPE: cs3 # proxy should get users from CS3APIS (which gets it from LDAP)
       PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
       PROXY_USER_CS3_CLAIM: userid # equals STORAGE_LDAP_USER_SCHEMA_UID
-      STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=com"
+      STORAGE_LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
       STORAGE_LDAP_GROUP_SCHEMA_DISPLAYNAME: "cn"
       STORAGE_LDAP_GROUP_SCHEMA_GID_NUMBER: "gidnumber"
-      STORAGE_LDAP_GROUP_SCHEMA_GID: "cn"
+      STORAGE_LDAP_GROUP_SCHEMA_ID: "cn"
       STORAGE_LDAP_GROUP_SCHEMA_MAIL: "mail"
-      STORAGE_LDAP_GROUPATTRIBUTEFILTER: "(&(objectclass=posixGroup)(objectclass=owncloud)({{attr}}={{value}}))"
-      STORAGE_LDAP_GROUPFILTER: "(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
-      STORAGE_LDAP_GROUPMEMBERFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
-      STORAGE_LDAP_USERGROUPFILTER: "(&(objectclass=posixGroup)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
-      STORAGE_LDAP_USER_SCHEMA_CN: "cn"
+      STORAGE_LDAP_GROUP_SCHEMA_MEMBER: "cn"
+      STORAGE_LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
+      STORAGE_LDAP_GROUPFILTER: "(objectclass=owncloud)"
+      STORAGE_LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
+      STORAGE_LDAP_USER_SCHEMA_USERNAME: "cn"
       STORAGE_LDAP_USER_SCHEMA_DISPLAYNAME: "displayname"
       STORAGE_LDAP_USER_SCHEMA_GID_NUMBER: "gidnumber"
       STORAGE_LDAP_USER_SCHEMA_MAIL: "mail"
       STORAGE_LDAP_USER_SCHEMA_UID_NUMBER: "uidnumber"
-      STORAGE_LDAP_USER_SCHEMA_UID: "ownclouduuid"
-      STORAGE_LDAP_LOGINFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))"
-      STORAGE_LDAP_USERATTRIBUTEFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)({{attr}}={{value}}))"
-      STORAGE_LDAP_USERFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))"
-      STORAGE_LDAP_USERFINDFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))"
+      STORAGE_LDAP_USER_SCHEMA_ID: "ownclouduuid"
+      STORAGE_LDAP_LOGIN_ATTRIBUTES: "uid,mail"
       # ownCloudSQL storage driver
       STORAGE_USERS_DRIVER: owncloudsql
       STORAGE_METADATA_DRIVER: ocis # keep metadata on ocis storage since this are only small files atm
diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml
index bdf844a7e2..2af750b9a9 100644
--- a/deployments/examples/ocis_individual_services/docker-compose.yml
+++ b/deployments/examples/ocis_individual_services/docker-compose.yml
@@ -608,8 +608,7 @@ services:
       STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144
 
       STORAGE_USERPROVIDER_DRIVER: ldap
-      STORAGE_LDAP_HOSTNAME: glauth
-      STORAGE_LDAP_PORT: 9126
+      STORAGE_LDAP_URI: "ldaps://glauth:9126"
       STORAGE_LDAP_INSECURE: "true"
       STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
       STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
@@ -639,8 +638,7 @@ services:
       STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160
 
       STORAGE_GROUPPROVIDER_DRIVER: ldap
-      STORAGE_LDAP_HOSTNAME: glauth
-      STORAGE_LDAP_PORT: 9126
+      STORAGE_LDAP_URI: "ldaps://glauth:9126"
       STORAGE_LDAP_INSECURE: "true"
       STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
       STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
diff --git a/deployments/examples/ocis_ldap/docker-compose.yml b/deployments/examples/ocis_ldap/docker-compose.yml
index 18504d8e21..b5547a8b20 100644
--- a/deployments/examples/ocis_ldap/docker-compose.yml
+++ b/deployments/examples/ocis_ldap/docker-compose.yml
@@ -53,26 +53,21 @@ services:
       - /entrypoint-override.sh
     environment:
       # CS3 users from ldap specific configuration
-      IDP_LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
-      IDP_LDAP_URI: ldap://ldap-server:389
-      IDP_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
-      IDP_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
-      IDP_LDAP_BASE_DN: "dc=owncloud,dc=com"
-      IDP_LDAP_LOGIN_ATTRIBUTE: uid
+      LDAP_URI: ldaps://ldap-server
+      LDAP_INSECURE: "true"
+      LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
+      LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
+      LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
+      LDAP_GROUPFILTER: "(objectclass=owncloud)"
+      LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
+      LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
+      LDAP_USERFILTER: "(objectclass=owncloud)"
+      LDAP_USER_OBEJECTCLASS: "inetOrgPerson"
+      LDAP_LOGIN_ATTRIBUTES: "uid,mail"
+      IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
       IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
       IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
       PROXY_ACCOUNT_BACKEND_TYPE: cs3
-      STORAGE_LDAP_HOSTNAME: ldap-server
-      STORAGE_LDAP_PORT: 636
-      STORAGE_LDAP_INSECURE: "true"
-      STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=com"
-      STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
-      STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
-      STORAGE_LDAP_LOGINFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
-      STORAGE_LDAP_USERFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
-      STORAGE_LDAP_ATTRIBUTEFILTER: '(&(objectclass=owncloud)({{attr}}={{value}}))'
-      STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
-      STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
       # web ui
       WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json"
       # General oCIS config