* ocis_keycloak: Add ocis roles as realm roles
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".
* Expose realm_roles in "roles" claim of id tokens and userinfo
Switch away from the unmaintained osixia image to the more uptodate
bitnami image.
Also update the owncloud schema to include the latest changes
Fixes#5636
Fix for
`ERROR: The Compose file './docker-compose.yml' is invalid because:
services.ocis.environment.NOTIFICATIONS_SMTP_INSECURE contains true, which is an invalid type, it should be a string, number, or a null`
When refint is enabled on an LDAP server, it will rename all references
to an entity if its DN is modified. If this happens, the member
renames will not be needed, and will also return an error.
This PR does the following:
* Detects the attribute error, and don't return an error.
* Log that the server has been misconfigured.
* Add config value that skips renaming if set.
ownCloud Web recently transitioned to Vue3. The settings ui is still
written in Vue2. Since it's pretty much unused we won't take the efforts
of upgrading it to Vue3.
Allow to adjust the docker socket path used by traefik and the logging driver
so that this example can be more easily used with podman based setups.
With a running podman service ("podman system service --time 0"), this should
basically work:
export DOCKER_SOCKET_PATH="/run/user/1000/podman/podman.sock"
export LOG_DRIVER=journald
docker-compose -H unix:///run/user/1000/podman/podman.sock up
The setup was configured to use a mix of the 'groupOfNames' and
'groupOfUniqueNames' objectclasses/attributetypes for groups. This
aligns the configuration and sample data to use just'groupOfNames'.
Closes: #5085
The auth-bearer service is currently not needed by ocis. Reva tookens
for oidc authenticated clients are currently minted via the auth-machine
service. This commit does not completely remove the service as we shoud
consider to rework the proxy's oidc middleware to use the auth-bearer
service in the future (see #4701)
Fixes: #4692
