Set user quota via LDAP attribute

I want to have the ability to assign different user quota values ​​via an LDAP attribute. I searched the OCIS documentation but found nothing to do this. I’ve tried different attributes (even trying with AI) but none of them work.

Versione OCIS

I installed OCIS binary ocis-7.1.2-linux-amd64 and configured my VM and service following this setup: Bare Metal Deployment with systemd

Here is my ocis.env file

OCIS_INSECURE=true
#IDM_CREATE_DEMO_USERS=true
PROXY_HTTP_ADDR=0.0.0.0:9200
OCIS_URL=https://xxx.xxx.xxx.xxx:9200
OCIS_FORCE_CONFIG_OVERWRITE=true
OCIS_LOG_LEVEL=debug

#OCIS_SPACES_MAX_QUOTA=10737418240
#STORAGE_USERS_OCIS_MAX_QUOTA=10737418240

OCIS_DISABLE_VERSIONING=“true”

OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

OCIS_LDAP_URI=“ldaps://xxxxxx”
OCIS_LDAP_INSECURE=“true”
OCIS_LDAP_BIND_DN=“cn=xxxxxx,cn=users,dc=xxxxxx,dc=local”
OCIS_LDAP_BIND_PASSWORD=“xxxxxx”
OCIS_LDAP_DISABLE_USER_MECHANISM=“none”
OCIS_LDAP_GROUP_BASE_DN=“dc=xxxxxx,dc=local”
OCIS_LDAP_GROUP_OBJECTCLASS=“group”
OCIS_LDAP_GROUP_SCHEMA_ID=“objectGUID”
OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING=“true”
OCIS_LDAP_GROUP_SCHEMA_GROUPNAME=“cn”
OCIS_LDAP_USER_BASE_DN=“dc=xxxxxx,dc=local”
OCIS_LDAP_USER_OBJECTCLASS=“user”
OCIS_LDAP_USER_SCHEMA_ID=“objectGUID”
OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING=“true”
OCIS_LDAP_USER_SCHEMA_USERNAME=“sAMAccountName”
OCIS_LDAP_USER_SCHEMA_QUOTA=“postofficebox”
OCIS_LDAP_LOGIN_ATTRIBUTES=“sAMAccountName”
IDP_LDAP_LOGIN_ATTRIBUTE=“sAMAccountName”
IDP_LDAP_UUID_ATTRIBUTE=“objectGUID”
IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary
OCIS_LDAP_USER_ENABLED_ATTRIBUTE=title
OCIS_LDAP_SERVER_WRITE_ENABLED=false
OCIS_EXCLUDE_RUN_SERVICES=idm
OCIS_ADMIN_USER_ID=‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx’

GRAPH_LDAP_USER_QUOTA_ATTRIBUTE=postOfficeBox
OCIS_LDAP_USER_QUOTA_ATTRIBUTE=postOfficeBox
IDM_LDAP_USER_SCHEMA_QUOTA=postOfficeBox
GRAPH_SPACES_DEFAULT_QUOTA=1000
OCIS_LDAP_USER_SCHEMA_QUOTA=postOfficeBox

OCIS_DEFAULT_LANGUAGE=it

Actual behaviour

User quota is always unlimited.

Server configuration

Operating system: Ubuntu 24.04.2 LTS
ownCloud version: OCIS 7.1.2
User-backend: LDAP/ActiveDirectory

Unfortunately this is not possible at the moment. Quotas on the personal spaces are always based on the user role (admin, spaceadmin, user, …) and not on the individual users.

It is however possible to assign roles to users via oidc claims and then adjust the quota for these roles. See Proxy Service Configuration :: Documentation for ownCloud (A Kiteworks Company) and Proxy Service Configuration :: Documentation for ownCloud (A Kiteworks Company) for more information about this.

My goal is to ensure that by default all users have a quota of only 1MB. For some special users, at a later time, I want to be able to increase the quota, for example to 1, 2, 3, 5/10GB. Is there a way to achieve this in OCIS?

Yes this is possible. See Proxy Service Configuration :: Documentation for ownCloud (A Kiteworks Company)

The default id for the user role in ocis is d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11 so something like

role_quotas:
    d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11: 1MB

in the proxy config should do the trick

How can I configure AD/LDAP for the management and configuration of ‘claims’, exists some tutorials? Is AD/LDAP sufficient, or do I necessarily need to use an external OpenID IDP like Keycloak?

Furthermore, due to security policy, the LDAP user used in the OCIS configuration (ocis.env) has read-only privileges. Is it still possible to configure and use the Proxy Service?

You need use an OpenID Connect IDP - see proxy documentation on automatic assignments Proxy Service Configuration :: Documentation for ownCloud (A Kiteworks Company)

How to configure the claims on the idp is a different topic, you should check your idps documentation, it is unrelated to ocis.

I’m not quite sure if I understand this correctly. During deployment of ocis you need to add these lines to the configuration file.