diff --git a/services/graph/README.md b/services/graph/README.md
index 4dc03c618..07777786d 100644
--- a/services/graph/README.md
+++ b/services/graph/README.md
@@ -2,17 +2,14 @@
 
 The graph service provides the Graph API which is a RESTful web API used to access Infinite Scale
 resources. It is inspired by the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api)
-and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://owncloud.dev/libre-graph-api/)
+and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/)
 for a detailed specification of the API implemented by the graph service.
 
 ## Sequence Diagram
 
 The following image gives an overview of the scenario when a client requests to list available spaces the user has access to. To do so, the client is directed with his request automatically via the proxy service to the graph service.
 
-<!-- referencing: https://github.com/owncloud/ocis/pull/3816 ([docs-only] add client protocol overview) -->
-<!-- The image source needs to be the raw source !! -->
-
-<img src="https://raw.githubusercontent.com/owncloud/ocis/master/services/graph/images/mermaid-graph.svg" width="500" />
+<img src="https://raw.githubusercontent.com/opencloud-eu/opencloud/master/services/graph/images/mermaid-graph.svg" width="500" />
 
 ## Users and Groups API
 
@@ -27,7 +24,7 @@ The graph service provides endpoints for querying users and groups. It features
 ### LDAP Configuration
 
 The LDAP backend is configured using a set of environment variables. A detailed list of all the
-available configuration options can be found in the [documentation](https://owncloud.dev/services/graph/configuration/#environment-variables).
+available configuration options can be found in the [documentation](https://docs.opencloud.eu/services/graph/configuration/#environment-variables).
 The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for settings specific to graph service).
 
 #### Read-Only Access to Existing LDAP Servers
@@ -35,28 +32,28 @@ The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for sett
 To connect the graph service to an existing LDAP server, set `OC_LDAP_SERVER_WRITE_ENABLED` to
 `false` to prevent the graph service from sending write operations to the LDAP server. Also set the
 various `OC_LDAP_*` environment variables to match the configuration of the LDAP server you are connecting
-to. An example configuration for connecting oCIS to an instance of Microsoft Active Directory is
-available [here](https://owncloud.dev/ocis/identity-provider/ldap-active-directory/).
+to. An example configuration for connecting OpenCloud to an instance of Microsoft Active Directory is
+available [here](https://docs.opencloud.eu/opencloud/identity-provider/ldap-active-directory/).
 
 #### Using a Write Enabled LDAP Server
 
 To use the graph service for managing (create, update, delete) users and groups, a write enabled LDAP
 server is required. In the default configuration, the graph service will use the simple LDAP server
-that is bundled with oCIS in the `idm` service which provides all the required features.
-It is also possible to setup up an external LDAP server with write access for use with oCIS. It is
+that is bundled with OpenCloud in the `idm` service which provides all the required features.
+It is also possible to setup up an external LDAP server with write access for use with OpenCloud. It is
 recommend to use OpenLDAP for this. The LDAP server needs to fulfill a couple of requirements with
 respect to the available schema:
   * The LDAP server must provide the `inetOrgPerson` object class for users and the `groupOfNames`
     object class for groups.
   * The graph service maintains a few additional attributes for users and groups that are not
     available in the standard LDAP schema. An schema file, ready to use with OpenLDAP, defining those
-    additional attributes is available [here](https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif).
+    additional attributes is available [here](https://github.com/opencloud-eu/opencloud/blob/master/deployments/examples/opencloud_ldap/config/ldap/schemas/10_owncloud_schema.ldif).
 
 ## Query Filters Provided by the Graph API
 
 Some API endpoints provided by the graph service allow to specify query filters. The filter syntax
 is based on the [OData Specification](https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part1-protocol.html#sec_SystemQueryOptionfilter).
-See the [Libre Graph API](https://owncloud.dev/libre-graph-api/#/users/ListUsers) for examples
+See the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/#/users/ListUsers) for examples
 on the filters supported when querying users.
 
 ## Caching
@@ -86,14 +83,12 @@ If Keycloak is used for authentication, GDPR regulations require to add all pers
 *   `OC_KEYCLOAK_CLIENT_ID` - The client ID of the client that is used to authenticate with keycloak, this client has to be able to list users and get the credential data.
 *   `OC_KEYCLOAK_CLIENT_SECRET` - The client secret of the client that is used to authenticate with keycloak.
 *   `OC_KEYCLOAK_CLIENT_REALM` - The realm the client is defined in.
-*   `OC_KEYCLOAK_USER_REALM` - The realm the oCIS users are defined in.
+*   `OC_KEYCLOAK_USER_REALM` - The realm the OpenCloud users are defined in.
 *   `OC_KEYCLOAK_INSECURE_SKIP_VERIFY` - If set to true, the TLS certificate of the keycloak instance is not verified.
 
-For more details see the [User-Triggered GDPR Report](https://doc.owncloud.com/ocis/next/deployment/gdpr/gdpr.html) in the ocis admin documentation.
-
 ### Keycloak Client Configuration
 
-The client that is used to authenticate with keycloak has to be able to list users and get the credential data. To do this, the following  roles have to be assigned to the client and they have to be about the realm that contains the oCIS users:
+The client that is used to authenticate with keycloak has to be able to list users and get the credential data. To do this, the following  roles have to be assigned to the client and they have to be about the realm that contains the OpenCloud users:
 
 *   `view-users`
 *   `view-identity-providers`
@@ -118,7 +113,7 @@ For example, for the language `de`, one needs to place the corresponding transla
 
 <!-- also see the notifications readme -->
 
-Important: For the time being, the embedded ownCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default.
+Important: For the time being, the embedded OpenCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default.
 
 ### Translation Rules
 
@@ -160,7 +155,7 @@ To enable disabled roles like the `UnifiedRoleSecureViewer`, you must provide th
 The following CLI command simplifies the process of finding out which UID belongs to which role:
 
 ```bash
-ocis graph list-unified-roles
+opencloud graph list-unified-roles
 ```
 
 The output of this command includes the following information for each role:
diff --git a/services/graph/pkg/command/root.go b/services/graph/pkg/command/root.go
index 0ca13a0c2..6cd1a0b66 100644
--- a/services/graph/pkg/command/root.go
+++ b/services/graph/pkg/command/root.go
@@ -24,11 +24,11 @@ func GetCommands(cfg *config.Config) cli.Commands {
 	}, UnifiedRoles(cfg)...)
 }
 
-// Execute is the entry point for the ocis-graph command.
+// Execute is the entry point for the opencloud graph command.
 func Execute(cfg *config.Config) error {
 	app := clihelper.DefaultApp(&cli.App{
 		Name:     "graph",
-		Usage:    "Serve Graph API for oCIS",
+		Usage:    "Serve Graph API for OpenCloud",
 		Commands: GetCommands(cfg),
 	})
 	return app.RunContext(cfg.Context, os.Args)
diff --git a/services/graph/pkg/config/application.go b/services/graph/pkg/config/application.go
index 35d5b8faa..b21cec4f4 100644
--- a/services/graph/pkg/config/application.go
+++ b/services/graph/pkg/config/application.go
@@ -2,6 +2,6 @@ package config
 
 // Application defines the available graph application configuration.
 type Application struct {
-	ID          string `yaml:"id" env:"GRAPH_APPLICATION_ID" desc:"The ocis application ID shown in the graph. All app roles are tied to this ID." introductionVersion:"pre5.0"`
-	DisplayName string `yaml:"displayname" env:"GRAPH_APPLICATION_DISPLAYNAME" desc:"The ocis application name." introductionVersion:"pre5.0"`
+	ID          string `yaml:"id" env:"GRAPH_APPLICATION_ID" desc:"The OpenCloud application ID shown in the graph. All app roles are tied to this ID." introductionVersion:"pre5.0"`
+	DisplayName string `yaml:"displayname" env:"GRAPH_APPLICATION_DISPLAYNAME" desc:"The OpenCloud application name." introductionVersion:"pre5.0"`
 }
diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go
index dacde9d33..af7c75fcb 100644
--- a/services/graph/pkg/config/defaults/defaultconfig.go
+++ b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -55,7 +55,7 @@ func DefaultConfig() *config.Config {
 			Name: "graph",
 		},
 		Application: config.Application{
-			DisplayName: "ownCloud Infinite Scale",
+			DisplayName: "OpenCloud",
 		},
 		API: config.API{
 			GroupMembersPatchLimit:  20,
diff --git a/services/graph/pkg/middleware/auth.go b/services/graph/pkg/middleware/auth.go
index 729ddb35c..e44e71a49 100644
--- a/services/graph/pkg/middleware/auth.go
+++ b/services/graph/pkg/middleware/auth.go
@@ -30,7 +30,7 @@ func authOptions(opts ...account.Option) account.Options {
 // Auth provides a middleware to authenticate requests using the x-access-token header value
 // and write it to the context. If there is no x-access-token the middleware prevents access and renders a json document.
 func Auth(opts ...account.Option) func(http.Handler) http.Handler {
-	// Note: This largely duplicates what ocis-pkg/middleware/account.go already does (apart from a slightly different error
+	// Note: This largely duplicates what pkg/middleware/account.go already does (apart from a slightly different error
 	// handling). Ideally we should merge both middlewares.
 	opt := authOptions(opts...)
 	tokenManager, err := jwt.New(map[string]interface{}{
diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go
index 7804033e3..9b6255ef8 100644
--- a/services/graph/pkg/service/v0/service.go
+++ b/services/graph/pkg/service/v0/service.go
@@ -22,7 +22,7 @@ import (
 	"github.com/cs3org/reva/v2/pkg/store"
 	"github.com/cs3org/reva/v2/pkg/utils"
 
-	ocisldap "github.com/opencloud-eu/opencloud/pkg/ldap"
+	ocldap "github.com/opencloud-eu/opencloud/pkg/ldap"
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/roles"
@@ -436,7 +436,7 @@ func setIdentityBackends(options Options, svc *Graph) error {
 			}
 
 			if options.Config.Identity.LDAP.CACert != "" {
-				if err := ocisldap.WaitForCA(options.Logger,
+				if err := ocldap.WaitForCA(options.Logger,
 					options.Config.Identity.LDAP.Insecure,
 					options.Config.Identity.LDAP.CACert); err != nil {
 					options.Logger.Fatal().Err(err).Msg("The configured LDAP CA cert does not exist")
diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go
index ac3a63e95..e68393913 100644
--- a/services/graph/pkg/service/v0/users.go
+++ b/services/graph/pkg/service/v0/users.go
@@ -28,7 +28,7 @@ import (
 	settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity"
-	ocissettingssvc "github.com/opencloud-eu/opencloud/services/settings/pkg/service/v0"
+	ocsettingssvc "github.com/opencloud-eu/opencloud/services/settings/pkg/service/v0"
 	"github.com/opencloud-eu/opencloud/services/settings/pkg/store/defaults"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 )
@@ -402,10 +402,10 @@ func (g Graph) PostUser(w http.ResponseWriter, r *http.Request) {
 		// to all new users for now, as create Account request does not have any role field
 		if _, err = g.roleService.AssignRoleToUser(r.Context(), &settingssvc.AssignRoleToUserRequest{
 			AccountUuid: *u.Id,
-			RoleId:      ocissettingssvc.BundleUUIDRoleUser,
+			RoleId:      ocsettingssvc.BundleUUIDRoleUser,
 		}); err != nil {
 			// log as error, admin eventually needs to do something
-			logger.Error().Err(err).Str("id", *u.Id).Str("role", ocissettingssvc.BundleUUIDRoleUser).Msg("could not create user: role assignment failed")
+			logger.Error().Err(err).Str("id", *u.Id).Str("role", ocsettingssvc.BundleUUIDRoleUser).Msg("could not create user: role assignment failed")
 			errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, "role assignment failed")
 			return
 		}