Bump sass-loader from 11.0.1 to 13.0.0 in /idp

go.mod

@@ -271,3 +271,5 @@ require (
 
 // we need to use a fork to make the windows build pass
 replace github.com/pkg/xattr => github.com/micbar/xattr v0.4.6-0.20220215112335-88e74d648fb7
+
+replace github.com/cs3org/reva/v2 => github.com/rhafer/reva/v2 v2.0.0-20220405124942-8293b7a72a70

go.sum

@@ -337,8 +337,6 @@ github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD9
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
 github.com/cs3org/go-cs3apis v0.0.0-20220328105952-297bef33e13f h1:emnlOWc1s2gx77MViLnZH9yh5TRHKsykRu6rJjx3lkM=
 github.com/cs3org/go-cs3apis v0.0.0-20220328105952-297bef33e13f/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.0.0-20220404075659-19fd0b28297b h1:CqHYID4t286wle5kXcFfUtxxw6Vz0XlbGCiB/Z8rDbI=
-github.com/cs3org/reva/v2 v2.0.0-20220404075659-19fd0b28297b/go.mod h1:1siLO6MV57uSyzQxPbfM6qNA9NP6aagN3/yKOE/FwtM=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
@@ -1217,6 +1215,8 @@ github.com/prometheus/statsd_exporter v0.22.4/go.mod h1:N4Z1+iSqc9rnxlT1N8Qn3l65
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/rhafer/reva/v2 v2.0.0-20220405124942-8293b7a72a70 h1:cLMe1OP/KxFs4oxOCdwz+Tujpjv9WiwlLUbF2fYxXbY=
+github.com/rhafer/reva/v2 v2.0.0-20220405124942-8293b7a72a70/go.mod h1:1siLO6MV57uSyzQxPbfM6qNA9NP6aagN3/yKOE/FwtM=
 github.com/rickb777/date v1.12.4/go.mod h1:xP0eo/I5qmUt97yRGClHZfyLZ3ikMw6v6SU5MOGZTE0=
 github.com/rickb777/date v1.17.0 h1:Qk1MUtTLFfIWYhRaNRyk1t7LmjfkjOEELacQPsoh7Nw=
 github.com/rickb777/date v1.17.0/go.mod h1:b3AnLwjEdg1YWLUFnAd/lUq3JDJmMRXi/Onm8q0zlQg=

graph/pkg/config/config.go

@@ -36,26 +36,28 @@ type Spaces struct {
 }
 
 type LDAP struct {
-	URI           string `yaml:"uri" env:"GRAPH_LDAP_URI"`
+	URI           string `yaml:"uri" env:"LDAP_URI;GRAPH_LDAP_URI"`
 	Insecure      bool   `yaml:"insecure" env:"OCIS_INSECURE;GRAPH_LDAP_INSECURE"`
-	BindDN        string `yaml:"bind_dn" env:"GRAPH_LDAP_BIND_DN"`
-	BindPassword  string `yaml:"bind_password" env:"GRAPH_LDAP_BIND_PASSWORD"`
+	BindDN        string `yaml:"bind_dn" env:"LDAP_BIND_DN;GRAPH_LDAP_BIND_DN"`
+	BindPassword  string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD"`
 	UseServerUUID bool   `yaml:"use_server_uuid" env:"GRAPH_LDAP_SERVER_UUID"`
 	WriteEnabled  bool   `yaml:"write_enabled" env:"GRAPH_LDAP_SERVER_WRITE_ENABLED"`
 
-	UserBaseDN               string `yaml:"user_base_dn" env:"GRAPH_LDAP_USER_BASE_DN"`
-	UserSearchScope          string `yaml:"user_search_scope" env:"GRAPH_LDAP_USER_SCOPE"`
-	UserFilter               string `yaml:"user_filter" env:"GRAPH_LDAP_USER_FILTER"`
-	UserEmailAttribute       string `yaml:"user_mail_attribute" env:"GRAPH_LDAP_USER_EMAIL_ATTRIBUTE"`
-	UserDisplayNameAttribute string `yaml:"user_displayname_attribute" env:"GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE"`
-	UserNameAttribute        string `yaml:"user_name_attribute" env:"GRAPH_LDAP_USER_NAME_ATTRIBUTE"`
-	UserIDAttribute          string `yaml:"user_id_attribute" env:"GRAPH_LDAP_USER_UID_ATTRIBUTE"`
+	UserBaseDN               string `yaml:"user_base_dn" env:"LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN"`
+	UserSearchScope          string `yaml:"user_search_scope" env:"LDAP_USER_SCOPE;GRAPH_LDAP_USER_SCOPE"`
+	UserFilter               string `yaml:"user_filter" env:"LDAP_USER_FILTER;GRAPH_LDAP_USER_FILTER"`
+	UserObjectClass          string `yaml:"user_objectclass" env:"LDAP_USER_OBJECTCLASS;GRAPH_LDAP_USER_OBJECTCLASS"`
+	UserEmailAttribute       string `yaml:"user_mail_attribute" env:"LDAP_USER_SCHEMA_MAIL;GRAPH_LDAP_USER_EMAIL_ATTRIBUTE"`
+	UserDisplayNameAttribute string `yaml:"user_displayname_attribute" env:"LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE"`
+	UserNameAttribute        string `yaml:"user_name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;GRAPH_LDAP_USER_NAME_ATTRIBUTE"`
+	UserIDAttribute          string `yaml:"user_id_attribute" env:"LDAP_USER_SCHEMA_ID;GRAPH_LDAP_USER_UID_ATTRIBUTE"`
 
-	GroupBaseDN        string `yaml:"group_base_dn" env:"GRAPH_LDAP_GROUP_BASE_DN"`
-	GroupSearchScope   string `yaml:"group_search_scope" env:"GRAPH_LDAP_GROUP_SEARCH_SCOPE"`
-	GroupFilter        string `yaml:"group_filter" env:"GRAPH_LDAP_GROUP_FILTER"`
-	GroupNameAttribute string `yaml:"group_name_attribute" env:"GRAPH_LDAP_GROUP_NAME_ATTRIBUTE"`
-	GroupIDAttribute   string `yaml:"group_id_attribute" env:"GRAPH_LDAP_GROUP_ID_ATTRIBUTE"`
+	GroupBaseDN        string `yaml:"group_base_dn" env:"LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN"`
+	GroupSearchScope   string `yaml:"group_search_scope" env:"LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE"`
+	GroupFilter        string `yaml:"group_filter" env:"LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER"`
+	GroupObjectClass   string `yaml:"group_objectclass" env:"LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS"`
+	GroupNameAttribute string `yaml:"group_name_attribute" env:"LDAP_GROUP_SCHEMA_GROUPNAME;GRAPH_LDAP_GROUP_NAME_ATTRIBUTE"`
+	GroupIDAttribute   string `yaml:"group_id_attribute" env:"LDAP_GROUP_SCHEMA_ID;GRAPH_LDAP_GROUP_ID_ATTRIBUTE"`
 }
 
 type Identity struct {

graph/pkg/config/defaults/defaultconfig.go

@@ -43,7 +43,8 @@ func DefaultConfig() *config.Config {
 				WriteEnabled:             false,
 				UserBaseDN:               "ou=users,dc=ocis,dc=test",
 				UserSearchScope:          "sub",
-				UserFilter:               "(objectClass=inetOrgPerson)",
+				UserFilter:               "",
+				UserObjectClass:          "inetOrgPerson",
 				UserEmailAttribute:       "mail",
 				UserDisplayNameAttribute: "displayName",
 				UserNameAttribute:        "uid",
@@ -52,7 +53,8 @@ func DefaultConfig() *config.Config {
 				UserIDAttribute:    "owncloudUUID",
 				GroupBaseDN:        "ou=groups,dc=ocis,dc=test",
 				GroupSearchScope:   "sub",
-				GroupFilter:        "(objectclass=groupOfNames)",
+				GroupFilter:        "",
+				GroupObjectClass:   "groupOfNames",
 				GroupNameAttribute: "cn",
 				GroupIDAttribute:   "owncloudUUID",
 			},

graph/pkg/identity/ldap.go

@@ -27,11 +27,13 @@ type LDAP struct {
 
 	userBaseDN       string
 	userFilter       string
+	userObjectClass  string
 	userScope        int
 	userAttributeMap userAttributeMap
 
 	groupBaseDN       string
 	groupFilter       string
+	groupObjectClass  string
 	groupScope        int
 	groupAttributeMap groupAttributeMap
 
@@ -89,10 +91,12 @@ func NewLDAPBackend(lc ldap.Client, config config.LDAP, logger *log.Logger) (*LD
 		useServerUUID:     config.UseServerUUID,
 		userBaseDN:        config.UserBaseDN,
 		userFilter:        config.UserFilter,
+		userObjectClass:   config.UserObjectClass,
 		userScope:         userScope,
 		userAttributeMap:  uam,
 		groupBaseDN:       config.GroupBaseDN,
 		groupFilter:       config.GroupFilter,
+		groupObjectClass:  config.GroupObjectClass,
 		groupScope:        groupScope,
 		groupAttributeMap: gam,
 		logger:            logger,
@@ -311,7 +315,7 @@ func (i *LDAP) getLDAPUserByNameOrID(nameOrID string) (*ldap.Entry, error) {
 func (i *LDAP) getLDAPUserByFilter(filter string) (*ldap.Entry, error) {
 	searchRequest := ldap.NewSearchRequest(
 		i.userBaseDN, i.userScope, ldap.NeverDerefAliases, 1, 0, false,
-		fmt.Sprintf("(&%s%s)", i.userFilter, filter),
+		fmt.Sprintf("(&%s(objectClass=%s)%s)", i.userFilter, i.userObjectClass, filter),
 		[]string{
 			i.userAttributeMap.displayName,
 			i.userAttributeMap.id,
@@ -357,7 +361,7 @@ func (i *LDAP) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregra
 	if search == "" {
 		search = queryParam.Get("$search")
 	}
-	userFilter := i.userFilter
+	userFilter := fmt.Sprintf("%s(objectClass=%s)", i.userFilter, i.userObjectClass)
 	if search != "" {
 		search = ldap.EscapeFilter(search)
 		userFilter = fmt.Sprintf(
@@ -428,7 +432,7 @@ func (i *LDAP) getLDAPGroupByFilter(filter string, requestMembers bool) (*ldap.E
 
 // Search for LDAP Groups matching the specified filter, if requestMembers is true the groupMemberShip
 // attribute will be part of the result attributes. The LDAP filter is combined with the configured groupFilter
-// resulting in a filter like "(&(LDAP.groupFilter)(<filter_from_args>))"
+// resulting in a filter like "(&(LDAP.groupFilter)(objectClass=LDAP.groupObjectClass)(<filter_from_args>))"
 func (i *LDAP) getLDAPGroupsByFilter(filter string, requestMembers, single bool) ([]*ldap.Entry, error) {
 	attrs := []string{
 		i.groupAttributeMap.name,
@@ -445,7 +449,7 @@ func (i *LDAP) getLDAPGroupsByFilter(filter string, requestMembers, single bool)
 	}
 	searchRequest := ldap.NewSearchRequest(
 		i.groupBaseDN, i.groupScope, ldap.NeverDerefAliases, sizelimit, 0, false,
-		fmt.Sprintf("(&%s%s)", i.groupFilter, filter),
+		fmt.Sprintf("(&%s(objectClass=%s)%s)", i.groupFilter, i.groupObjectClass, filter),
 		attrs,
 		nil,
 	)
@@ -511,7 +515,7 @@ func (i *LDAP) GetGroups(ctx context.Context, queryParam url.Values) ([]*libregr
 	if search == "" {
 		search = queryParam.Get("$search")
 	}
-	groupFilter := i.groupFilter
+	groupFilter := fmt.Sprintf("%s(objectClass=%s)", i.groupFilter, i.groupObjectClass)
 	if search != "" {
 		search = ldap.EscapeFilter(search)
 		groupFilter = fmt.Sprintf(

idp/package.json

@@ -139,7 +139,7 @@
     "react-intl-po": "^2.2.2",
     "resolve": "1.20.0",
     "resolve-url-loader": "^3.1.2",
-    "sass-loader": "11.0.1",
+    "sass-loader": "13.0.0",
     "source-map-explorer": "^2.5.2",
     "style-loader": "2.0.0",
     "terser-webpack-plugin": "4.2.3",

idp/pkg/config/config.go

@@ -27,21 +27,22 @@ type Config struct {
 
 // Ldap defines the available LDAP configuration.
 type Ldap struct {
-	URI string `yaml:"uri" env:"IDP_LDAP_URI"`
+	URI string `yaml:"uri" env:"LDAP_URI;IDP_LDAP_URI"`
 
-	BindDN       string `yaml:"bind_dn" env:"IDP_LDAP_BIND_DN"`
-	BindPassword string `yaml:"bind_password" env:"IDP_LDAP_BIND_PASSWORD"`
+	BindDN       string `yaml:"bind_dn" env:"LDAP_BIND_DN;IDP_LDAP_BIND_DN"`
+	BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD"`
 
-	BaseDN string `yaml:"base_dn" env:"IDP_LDAP_BASE_DN"`
-	Scope  string `yaml:"scope" env:"IDP_LDAP_SCOPE"`
+	BaseDN string `yaml:"base_dn" env:"LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN"`
+	Scope  string `yaml:"scope" env:"LDAP_USER_SCOPE;IDP_LDAP_SCOPE"`
 
 	LoginAttribute    string `yaml:"login_attribute" env:"IDP_LDAP_LOGIN_ATTRIBUTE"`
-	EmailAttribute    string `yaml:"email_attribute" env:"IDP_LDAP_EMAIL_ATTRIBUTE"`
-	NameAttribute     string `yaml:"name_attribute" env:"IDP_LDAP_NAME_ATTRIBUTE"`
-	UUIDAttribute     string `yaml:"uuid_attribute" env:"IDP_LDAP_UUID_ATTRIBUTE"`
+	EmailAttribute    string `yaml:"email_attribute" env:"LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE"`
+	NameAttribute     string `yaml:"name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE"`
+	UUIDAttribute     string `yaml:"uuid_attribute" env:"LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE"`
 	UUIDAttributeType string `yaml:"uuid_attribute_type" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE"`
 
-	Filter string `yaml:"filter" env:"IDP_LDAP_FILTER"`
+	Filter      string `yaml:"filter" env:"LDAP_USER_FILTER;IDP_LDAP_FILTER"`
+	ObjectClass string `yaml:"objectclass" env:"LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS"`
 }
 
 // Asset defines the available asset configuration.

idp/pkg/config/defaults/defaultconfig.go

@@ -75,10 +75,11 @@ func DefaultConfig() *config.Config {
 			Scope:             "sub",
 			LoginAttribute:    "cn",
 			EmailAttribute:    "mail",
-			NameAttribute:     "sn",
+			NameAttribute:     "displayName",
 			UUIDAttribute:     "uid",
 			UUIDAttributeType: "text",
-			Filter:            "(objectClass=posixaccount)",
+			Filter:            "",
+			ObjectClass:       "posixAccount",
 		},
 	}
 }

idp/pkg/service/v0/service.go

@@ -124,6 +124,10 @@ func createConfigsIfNotExist(assets http.FileSystem, filePath, ocisURL string) e
 
 // Init vars which are currently not accessible via idp api
 func initLicoInternalEnvVars(ldap *config.Ldap) error {
+	filter := fmt.Sprintf("(objectclass=%s)", ldap.ObjectClass)
+	if ldap.Filter != "" {
+		filter = fmt.Sprintf("(&%s%s)", ldap.Filter, filter)
+	}
 	var defaults = map[string]string{
 		"LDAP_URI":                 ldap.URI,
 		"LDAP_BINDDN":              ldap.BindDN,
@@ -135,7 +139,7 @@ func initLicoInternalEnvVars(ldap *config.Ldap) error {
 		"LDAP_NAME_ATTRIBUTE":      ldap.NameAttribute,
 		"LDAP_UUID_ATTRIBUTE":      ldap.UUIDAttribute,
 		"LDAP_UUID_ATTRIBUTE_TYPE": ldap.UUIDAttributeType,
-		"LDAP_FILTER":              ldap.Filter,
+		"LDAP_FILTER":              filter,
 	}
 
 	for k, v := range defaults {