mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-19 14:13:17 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4966 from kobergj/ReadmeForAuthBasic

Browse Source 
Improve AuthBasic Readme
This commit is contained in:
kobergj
2022-11-03 15:15:49 +01:00
committed by GitHub
parent 47293eb23b a41bec243e
commit d55d132f26
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
changelog/unreleased/rename-authprovider.md Normal file
View File

@@ -0,0 +1,5 @@
Enhancement: Rename AUTH_BASIC_AUTH_PROVIDER envvar
Rename the `AUTH_BASIC_AUTH_PROVIDER` envvar to `AUTH_BASIC_AUTH_MANAGER`
https://github.com/owncloud/ocis/pull/4966

6
services/auth-basic/README.md
View File

@@ -4,7 +4,7 @@ The `auth-basic` service is responsible for validating authentication of incomin
## Auth Managers
Since the `auth-basic` service does not do any validation itself, it needs to be configured with an authentication manager. One can use the `AUTH_BASIC_AUTH_PROVIDER` environment variable to configure this.
Since the `auth-basic` service does not do any validation itself, it needs to be configured with an authentication manager. One can use the `AUTH_BASIC_AUTH_MANAGER` environment variable to configure this. Currently only one auth manager is supported: `"ldap"`
### LDAP Auth Manager
@@ -12,9 +12,9 @@ Setting `AUTH_BASIC_AUTH_PROVIDER` to `"ldap"` will configure the `auth-basic` s
### Other Auth Managers
The possible auth mangers which can be selected are `"ldap"` and `"owncloudsql"`. Those are tested and usable though `"ldap"` is the recommend manager. Refer to the admin docs for additional information about those.
oCIS currently supports no other auth manager
## Scalability
Scalability, just like memory and CPU consumption, are highly dependent on the configured auth manager. When using the recommended one which is `"ldap"`, there is no persistance as requests will just be forwarded to the LDAP server. Therefore, multiple instances of the `auth-basic` service can be started without further configuration. Be aware, that other auth managers might not allow that.
When using `"ldap"` as auth manager, there is no persistance as requests will just be forwarded to the LDAP server. Therefore, multiple instances of the `auth-basic` service can be started without further configuration. Be aware, that other auth managers might not allow that.

2
services/auth-basic/pkg/config/config.go
View File

@@ -19,7 +19,7 @@ type Config struct {
Reva *shared.Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups."`
AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The authentication provider to check if credentials are valid. Supported values are 'ldap' and 'owncloudsql'."`
AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_MANAGER" desc:"The authentication provider to check if credentials are valid. Supported value is 'ldap'."`
AuthProviders AuthProviders `yaml:"auth_providers"`
Supervised bool `yaml:"-"`