Update docs

docs/_static/env-vars/frontend_configvars.md

@@ -1,5 +1,5 @@
 
-2026-05-13-00-07-57
+2026-05-14-00-07-47
 
 ## Deprecation Notice
 

docs/_static/env-vars/idm_readme.md

@@ -9,6 +9,18 @@ It is mainly targeted at small OpenCloud installations. For larger setups it is
 
 IDM listens on port 9235 by default. In the default configuration it only accepts TLS-protected connections (LDAPS). The BaseDN of the LDAP tree is `o=libregraph-idm`. IDM gives LDAP write permissions to a single user (DN: `uid=libregraph,ou=sysusers,o=libregraph-idm`). Any other authenticated user has read-only access. IDM stores its data in a boltdb file `idm/idm.boltdb` inside the OpenCloud base data directory.
 
+The internal LDAP certificate and key are stored as `ldap.crt` and `ldap.key` in the IDM data directory. By default, these certificates expire after 12 months. When the certificate has expired, IDM can no longer establish valid TLS connections and requests that depend on LDAP may fail with `500 Internal Server Error`.
+
+To renew the internal LDAP certificate, stop or restart the OpenCloud container after deleting the expired certificate and key:
+
+```bash
+cd .opencloud/idm
+rm ldap.crt ldap.key
+docker compose restart
+```
+
+The certificate and key are automatically regenerated when the container starts again. For more details, see [Internal LibreIDM cert expires](https://docs.opencloud.eu/docs/admin/resources/common-issues/#internal-libreidm-cert-expires).
+
 Note: IDM is limited in its functionality. It only supports a subset of the LDAP operations (namely `BIND`, `SEARCH`, `ADD`, `MODIFY`, `DELETE`). Also, IDM currently does not do any schema verification (like. structural vs. auxiliary object classes, require and option attributes, syntax checks, …). Therefore it is not meant as a general purpose LDAP server.
 
 ## Table of Contents

docs/_static/env-vars/sharing.yaml

@@ -26,6 +26,9 @@ events:
   enable_tls: false
   auth_username: ""
   auth_password: ""
+service_account:
+  service_account_id: ""
+  service_account_secret: ""
 skip_user_groups_in_token: false
 user_sharing_driver: jsoncs3
 user_sharing_drivers:

docs/_static/env-vars/sharing_configvars.md

@@ -20,6 +20,8 @@
 |`OC_EVENTS_ENABLE_TLS`<br/>`SHARING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`|
 |`OC_EVENTS_AUTH_USERNAME`<br/>`SHARING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`Username for the events broker.`|``|
 |`OC_EVENTS_AUTH_PASSWORD`<br/>`SHARING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`Password for the events broker.`|``|
+|`OC_SERVICE_ACCOUNT_ID`<br/>`SHARING_SERVICE_ACCOUNT`| next |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``|
+|`OC_SERVICE_ACCOUNT_SECRET`<br/>`SHARING_SERVICE_ACCOUNT_SECRET`| next |string|`The service account secret.`|``|
 |`SHARING_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`|
 |`SHARING_USER_DRIVER`| 1.0.0 |string|`Driver to be used to persist shares. Supported values are 'jsoncs3', 'json', 'cs3' (deprecated) and 'owncloudsql'.`|`jsoncs3`|
 |`SHARING_USER_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|

docs/_static/env-vars/storage-users_configvars.md

@@ -1,5 +1,5 @@
 
-2026-05-13-00-07-57
+2026-05-14-00-07-47
 
 ## Deprecation Notice
 

docs/_static/env-vars/web_configvars.md

@@ -1,5 +1,5 @@
 
-2026-05-13-00-07-57
+2026-05-14-00-07-48
 
 ## Deprecation Notice