Can I disable the builtin IDM if I'm using Authelia?

I’m using Authelia for my identity management solution, and I was wondering if I can disable the builtin IDM (with OCIS_EXCLUDE_RUN_SERVICES=idm), or if I should just leave it alone.

I’m having a problem when disabling it though where I’m getting these errors:

{"level":"error","service":"notifications","error":"mail: no address","time":"2024-09-16T19:16:10-07:00","message":"parsing error, the 'smtp_sender' must be a valid single RFC 5322 address."}
{"level":"error","service":"graph","error":"open /var/lib/ocis/idm/ldap.crt: no such file or directory","time":"2024-09-16T19:16:16-07:00","message":"Error initializing LDAP Backend"}
{"level":"error","service":"graph","error":"could not initialize graph service","transport":"http","time":"2024-09-16T19:16:16-07:00","message":"Failed to initialize server"}
{"level":"error","service":"auth-basic","error":"unable to register services: rgrpc: grpc service authprovider could not be started,: Error reading LDAP CA Cert '/var/lib/ocis/idm/ldap.crt.': open /var/lib/ocis/idm/ldap.crt: no such file or directory","time":"2024-09-16T19:16:16-07:00","message":"error starting the grpc server"}

When using the Authelia you can always disable the the idp service, which is the builtin OpenID connect IDP.

Whether you can disable the idm (the builtin LDAP server) service as well depends a bit on your setup. E.g. if your Authelia instance is backed by some an existing LDAP server you should be able to configure oCIS to also user that LDAP server for querying users. Otherwise you’ll likely need the builtin idm service and configure oCIS to auto provision users upon first login. See Proxy | ownCloud for details on that.

1 Like

Like @rhaferkamp said, the idp service can be excluded, the idm service seems to be needed. I have it like that in my small home-lab production instance and it’s working fine (with authelia).

1 Like

I’m assuming if you setup OCIS with something like LLDAP you can also disable the IDM. Having a hell of a time figuring that out right now.