From 01a86f028a6e037e3602404bab1c5abcd83348a3 Mon Sep 17 00:00:00 2001
From: Michael Barz <michael.barz@zeitgestalten.eu>
Date: Thu, 24 Apr 2025 14:01:01 +0200
Subject: [PATCH] feat!: Use synced directory (LDAP) for keycloak and opencloud

---
 .../config/keycloak/docker-entrypoint-override.sh   |  4 ++--
 deployments/examples/opencloud_full/keycloak.yml    | 13 +++++--------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh b/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh
index e3f6bdb022..174f19b1a6 100644
--- a/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh
+++ b/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 printenv
-# replace openCloud domain in keycloak realm import
+# replace openCloud domain and LDAP password in keycloak realm import
 mkdir /opt/keycloak/data/import
-sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" /opt/keycloak/data/import-dist/opencloud-realm.json > /opt/keycloak/data/import/opencloud-realm.json
+sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/opencloud-realm.json > /opt/keycloak/data/import/opencloud-realm.json
 
 # run original docker-entrypoint
 /opt/keycloak/bin/kc.sh "$@"
diff --git a/deployments/examples/opencloud_full/keycloak.yml b/deployments/examples/opencloud_full/keycloak.yml
index a53b758693..3a01dffc38 100644
--- a/deployments/examples/opencloud_full/keycloak.yml
+++ b/deployments/examples/opencloud_full/keycloak.yml
@@ -9,23 +9,20 @@ services:
   opencloud:
     environment:
       # Keycloak IDP specific configuration
-      PROXY_AUTOPROVISION_ACCOUNTS: "true"
+      PROXY_AUTOPROVISION_ACCOUNTS: "false"
       PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
       OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}
       PROXY_OIDC_REWRITE_WELLKNOWN: "true"
       WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
-
-      PROXY_USER_OIDC_CLAIM: "preferred_username"
-      PROXY_USER_CS3_CLAIM: "username"
-      OC_EXCLUDE_RUN_SERVICES: "idp"
-      
+      PROXY_USER_OIDC_CLAIM: "uuid"
+      PROXY_USER_CS3_CLAIM: "userid"
+      WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}/account"
       # admin and demo accounts must be created in Keycloak
       OC_ADMIN_USER_ID: ""
       SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
-
       GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
       GRAPH_USERNAME_MATCH: "none"
-      KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test} 
+      KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
 
   postgres:
     image: postgres:alpine