When using the metadata storage (the current default) the default role
assignments were recreated at every start of the settings service. Leading to
duplicated role assignments
Fixes: #3432
* graph: Allow updating "surname" and "givenName" of users
Also use attribute getters to lookup the attribute Values instead of fiddling around
with pointers.
* graph: Allow updating education users
Update suppport for education users was still missing.
This PR adds configuration parameters to the auth-basic and users
services that passes them through to reva. These configuration parameters
are all related to the new user disable mechanism that @Excds added to
the graph API, and that I added to reva.
* Remove unused code from oidc module
* Use already existing Metadata type for jwks discovery
ocis-pkg/oidc already provides a type for the oidc metadata. Switch to
that instead of defining yet another custom type.
* oidc: Add helper to get IDP metadata
* Configure the file metadata cache for storage-users
* Also configure the cache for the system storage
* Update services/storage-system/pkg/config/config.go
Co-authored-by: Martin <github@diemattels.at>
* Improve documentation
* Bump reva to pull in the latest ini backend changes
* Fix missing comment
* Update services/storage-users/README.md
Co-authored-by: Martin <github@diemattels.at>
* Update services/storage-system/README.md
Co-authored-by: Martin <github@diemattels.at>
* Tweak docs
* Apply suggestions from code review
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Martin <github@diemattels.at>
---------
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* A new config option for disabling users with the options "none", "attribute" and "group".
* When set to "none", there will be no enabledAttribute returned in user info and trying to change enabledAttribute will return an error
* Disable/enable group name DN as config parameter
* Adding/removing users to specified group on user update
* Changing log level for service initialization failure to error
* Adding helper methods to check if user is enabled/disabled + tests
Fixes#5554
This add support for combining filters on the /users with a logical "or" operation.
E.g. the filter:
"filter=(memberOf/any(m:m/id eq 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa) or memberOf/any(m:m/id eq 262982c1-2362-4afa-bfdf-8cbfef64a06e)"
will return all users that are a member of either of the referenced group.
Closes: #5667
