From bb2ea7bf36742665a3f275faacff5f0a71dfdef0 Mon Sep 17 00:00:00 2001 From: Hannes Hauswedell Date: Tue, 24 Mar 2026 12:02:14 +0100 Subject: [PATCH] doc: add opencloud.md --- example_configs/README.md | 1 + example_configs/opencloud.md | 55 ++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 example_configs/opencloud.md diff --git a/example_configs/README.md b/example_configs/README.md index ad2e2a7..ca05475 100644 --- a/example_configs/README.md +++ b/example_configs/README.md @@ -50,6 +50,7 @@ configuration files: - [Nexus](nexus.md) - [OCIS (OwnCloud Infinite Scale)](ocis.md) - [OneDev](onedev.md) +- [OpenCloud](opencloud.md) - [Organizr](Organizr.md) - [Peertube](peertube.md) - [Penpot](penpot.md) diff --git a/example_configs/opencloud.md b/example_configs/opencloud.md new file mode 100644 index 0000000..2288dc8 --- /dev/null +++ b/example_configs/opencloud.md @@ -0,0 +1,55 @@ +# OpenCloud example config + + +## About OpenCloud + +A light-weight file-hosting / webDAV service written in Go and forked from ownCloud Infinite Scale (oCIS). + +More information: + * https://opencloud.eu + * https://github.com/opencloud-eu + + +## LLDAP Configuration + +OpenCloud ships an OIDC provider and a built-in LDAP server. It officially supports using a third-party OIDC provider. + +This is **not** what this config does. This config leaves the general auth/OIDC infrastructure in place, but replaces the LDAP server from underneath it with LLDAP. + +Configuration happens via environment variables. On FreeBSD, these are provided via `/usr/local/etc/opencloud/config.env`; on Linux you can provide them via the Docker configuration. + + +```dotenv +# Replace with actual IP and Port +OC_LDAP_URI=ldap://:3890 +# Remove the following if you use LDAPS and your cert is not self-signed +OC_LDAP_INSECURE="true" + +# Replace with your bind-user; can be in +OC_LDAP_BIND_DN="cn=,ou=people,dc=example,dc=com" +OC_LDAP_BIND_PASSWORD="" + +OC_LDAP_GROUP_BASE_DN="ou=groups,dc=example,dc=com" +OC_LDAP_GROUP_SCHEMA_ID=entryuuid + +OC_LDAP_USER_BASE_DN="ou=people,dc=example,dc=com" +OC_LDAP_USER_SCHEMA_ID=entryuuid + +# Only allow users from specific group to login; remove this if everyone's allowed +OC_LDAP_USER_FILTER='(&(objectClass=person)(memberOf=cn=,ou=groups,dc=example,dc=com))' + +# Other options have not been tested +OC_LDAP_DISABLE_USER_MECHANISM="none" + +# If you bind-user is in lldap_strict_readonly set to false (this hides "forgot password"-buttons) +OC_LDAP_SERVER_WRITE_ENABLED="false" +# If your bind-user can change passwords: +OC_LDAP_SERVER_WRITE_ENABLED="true" # Not tested, yet! + +# Don't start built-in LDAP, because it's replaced by LLDAP +OC_EXCLUDE_RUN_SERVICES="idm" +``` + +There is currently no (documented) way to give an LDAP user (or group) admin rights in OpenCloud. + +See also [the official LDAP documentation](https://github.com/opencloud-eu/opencloud/blob/main/devtools/deployments/opencloud_full/ldap.yml).