From d8fb34a66f444b404fe0b09856b109c5db8e616e Mon Sep 17 00:00:00 2001
From: Christian Richter <c.richter@opencloud.eu>
Date: Tue, 2 Jun 2026 15:19:57 +0200
Subject: [PATCH] use ldap instead of ldaps internally

Signed-off-by: Christian Richter <c.richter@opencloud.eu>
---
 .../pkg/config/defaults/defaultconfig.go      |  4 ----
 .../pkg/config/defaults/defaultconfig.go      |  5 +---
 .../pkg/config/defaults/defaultconfig.go      |  6 +----
 services/idm/pkg/command/server.go            | 23 ++++++++-----------
 services/idm/pkg/config/config.go             |  2 +-
 .../idm/pkg/config/defaults/defaultconfig.go  |  4 +---
 .../idp/pkg/config/defaults/defaultconfig.go  |  3 +--
 .../pkg/config/defaults/defaultconfig.go      |  6 +----
 8 files changed, 16 insertions(+), 37 deletions(-)

diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go
index 04bdf4aca8..5afdb8da89 100644
--- a/services/auth-basic/pkg/config/defaults/defaultconfig.go
+++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults
 
 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config"
@@ -39,7 +36,6 @@ func DefaultConfig() *config.Config {
 		AuthProviders: config.AuthProviders{
 			LDAP: config.LDAPProvider{
 				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",
diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go
index 8f18e58a75..1ed9f33aed 100644
--- a/services/graph/pkg/config/defaults/defaultconfig.go
+++ b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -1,11 +1,9 @@
 package defaults
 
 import (
-	"path"
 	"strings"
 	"time"
 
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
@@ -79,9 +77,8 @@ func DefaultConfig() *config.Config {
 		Identity: config.Identity{
 			Backend: "ldap",
 			LDAP: config.LDAP{
-				URI:                      "ldaps://localhost:9235",
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
-				CACert:                   path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
 				BindDN:                   "uid=libregraph,ou=sysusers,o=libregraph-idm",
 				UseServerUUID:            false,
 				UsePasswordModExOp:       true,
diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go
index f723079489..273e12b3d0 100644
--- a/services/groups/pkg/config/defaults/defaultconfig.go
+++ b/services/groups/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults
 
 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/groups/pkg/config"
@@ -38,8 +35,7 @@ func DefaultConfig() *config.Config {
 		Driver: "ldap",
 		Drivers: config.Drivers{
 			LDAP: config.LDAPDriver{
-				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",
diff --git a/services/idm/pkg/command/server.go b/services/idm/pkg/command/server.go
index 1d2ddbf092..e462d12386 100644
--- a/services/idm/pkg/command/server.go
+++ b/services/idm/pkg/command/server.go
@@ -8,10 +8,11 @@ import (
 	"html/template"
 	"os"
 	"os/signal"
+	"path"
 	"strings"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	pkgcrypto "github.com/opencloud-eu/opencloud/pkg/crypto"
+	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/services/idm"
@@ -47,23 +48,19 @@ func Server(cfg *config.Config) *cobra.Command {
 			gr := runner.NewGroup()
 			{
 				servercfg := server.Config{
-					Logger:          log.LogrusWrap(logger.Logger),
-					LDAPHandler:     "boltdb",
-					LDAPSListenAddr: cfg.IDM.LDAPSAddr,
-					TLSCertFile:     cfg.IDM.Cert,
-					TLSKeyFile:      cfg.IDM.Key,
-					LDAPBaseDN:      "o=libregraph-idm",
-					LDAPAdminDN:     "uid=libregraph,ou=sysusers,o=libregraph-idm",
+					Logger:         log.LogrusWrap(logger.Logger),
+					LDAPHandler:    "boltdb",
+					LDAPListenAddr: cfg.IDM.LDAPAddr,
+					LDAPBaseDN:     "o=libregraph-idm",
+					LDAPAdminDN:    "uid=libregraph,ou=sysusers,o=libregraph-idm",
 
 					BoltDBFile: cfg.IDM.DatabasePath,
 				}
 
-				if cfg.IDM.LDAPSAddr != "" {
-					// Generate a self-signing cert if no certificate is present
-					if err := pkgcrypto.GenCert(cfg.IDM.Cert, cfg.IDM.Key, logger); err != nil {
-						logger.Fatal().Err(err).Msgf("Could not generate test-certificate")
-					}
+				if err := os.MkdirAll(path.Join(defaults.BaseDataPath(), "idm"), 0700); err != nil {
+					logger.Fatal().Err(err).Msgf("Could not create data directory for idm")
 				}
+
 				if _, err := os.Stat(servercfg.BoltDBFile); errors.Is(err, os.ErrNotExist) {
 					logger.Debug().Msg("Bootstrapping IDM database")
 					if err = bootstrap(logger, cfg, servercfg); err != nil {
diff --git a/services/idm/pkg/config/config.go b/services/idm/pkg/config/config.go
index 13e61d7683..c53f0d00d0 100644
--- a/services/idm/pkg/config/config.go
+++ b/services/idm/pkg/config/config.go
@@ -26,7 +26,7 @@ type Config struct {
 }
 
 type Settings struct {
-	LDAPSAddr    string `yaml:"ldaps_addr" env:"IDM_LDAPS_ADDR" desc:"Listen address for the LDAPS listener (ip-addr:port)." introductionVersion:"1.0.0"`
+	LDAPAddr     string `yaml:"ldaps_addr" env:"IDM_LDAPS_ADDR" desc:"Listen address for the LDAPS listener (ip-addr:port)." introductionVersion:"1.0.0"`
 	Cert         string `yaml:"cert" env:"IDM_LDAPS_CERT" desc:"File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
 	Key          string `yaml:"key" env:"IDM_LDAPS_KEY" desc:"File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
 	DatabasePath string `yaml:"database" env:"IDM_DATABASE_PATH" desc:"Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm." introductionVersion:"1.0.0"`
diff --git a/services/idm/pkg/config/defaults/defaultconfig.go b/services/idm/pkg/config/defaults/defaultconfig.go
index 225cd93576..23381ecf99 100644
--- a/services/idm/pkg/config/defaults/defaultconfig.go
+++ b/services/idm/pkg/config/defaults/defaultconfig.go
@@ -30,9 +30,7 @@ func DefaultConfig() *config.Config {
 		CreateDemoUsers:    false,
 		DemoUsersIssuerUrl: "https://localhost:9200",
 		IDM: config.Settings{
-			LDAPSAddr:    "127.0.0.1:9235",
-			Cert:         path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
-			Key:          path.Join(defaults.BaseDataPath(), "idm", "ldap.key"),
+			LDAPAddr:     "127.0.0.1:9235",
 			DatabasePath: path.Join(defaults.BaseDataPath(), "idm", "idm.boltdb"),
 		},
 	}
diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go
index 356f71e7dd..d10b7eda62 100644
--- a/services/idp/pkg/config/defaults/defaultconfig.go
+++ b/services/idp/pkg/config/defaults/defaultconfig.go
@@ -119,8 +119,7 @@ func DefaultConfig() *config.Config {
 			},
 		},
 		Ldap: config.Ldap{
-			URI:                  "ldaps://localhost:9235",
-			TLSCACert:            filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+			URI:                  "ldap://localhost:9235",
 			BindDN:               "uid=idp,ou=sysusers,o=libregraph-idm",
 			BaseDN:               "ou=users,o=libregraph-idm",
 			Scope:                "sub",
diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go
index c2f3d7be06..e4bc5b0103 100644
--- a/services/users/pkg/config/defaults/defaultconfig.go
+++ b/services/users/pkg/config/defaults/defaultconfig.go
@@ -1,9 +1,6 @@
 package defaults
 
 import (
-	"path/filepath"
-
-	"github.com/opencloud-eu/opencloud/pkg/config/defaults"
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
 	"github.com/opencloud-eu/opencloud/services/users/pkg/config"
@@ -38,8 +35,7 @@ func DefaultConfig() *config.Config {
 		Driver: "ldap",
 		Drivers: config.Drivers{
 			LDAP: config.LDAPDriver{
-				URI:                      "ldaps://localhost:9235",
-				CACert:                   filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
+				URI:                      "ldap://localhost:9235",
 				Insecure:                 false,
 				UserBaseDN:               "ou=users,o=libregraph-idm",
 				GroupBaseDN:              "ou=groups,o=libregraph-idm",