This adapts the storage service to the recent changes of the LDAP
settings in reva.
Also we define a new set of LDAP env variables that can be shared
between all LDAP related ocis services (graph, idp, storage-auth-basic,
storage-userprovider, storage-groupprovider, idm). This should simplify
the most LDAP based configurations considerably.
Upon deleting a User from the LDAP backend, we also need to cleanup
the user's group memberships as LDAP itself doesn't make any promises
about referential integrity.
Fixes#3027
Defaults to `false` (for now). So the /graph/users endpoints are
read-only by default, which should be the default configured against
and existing external LDAP server.
By default the GraphAPI will generate the UUID itself now instead of
relying on the LDAP server to generate a valid entryUUID attribute. This
can been be switched off via the new `use_server_uuid` toggle in the
LDAP config.
This adds basic support for creating users via the GraphAPI
LDAP backend. This currently just maintains the bare minimum
Attributes for the inetOrgPerson objectclass.
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>
This is an initial implementation of the /groups graph endpoint.
Currently it is only showing the ID and Name attributes of the groups.
Listing members is not yet supported.
As the userbackend this is still read-only and doesn't support any
advanced filtering.
This module basically wraps ldap.Client and allows us to keep
to keep a long running LDAP connection open, which automatically
reconnects on network errors. Allows it allows to easiliy multiplex
multiple Operations on a single connection.
