feat: modify .env file to make the needed changes for keycloak and ldap

deployments/examples/opencloud_full/.env

@@ -251,9 +251,38 @@ INBUCKET_DOMAIN=
 # Path separator for supplemental compose files specified in COMPOSE_FILE.
 COMPOSE_PATH_SEPARATOR=:
 
-### Keycloak Settings ###
+### Ldap Settings ###
+# LDAP is always needed for OpenCloud to store user data as there is no relational database.
+# The built-in LDAP server should used for testing purposes or small installations only.
+# For production installations, it is recommended to use an external LDAP server.
+# We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable.
+# This LDAP configuration is known to work with OpenCloud and provides a blueprint for
+# configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
+#
 # Note: the leading colon is required to enable the service.
-#KEYCLOAK=:keycloak.yml
+LDAP=:ldap.yml
+# Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
+LDAP_ADMIN_PASSWORD=
+# LDAP manager
+# login with uid ldapadmin and password
+LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
+# LDAP manager domain. Defaults to "ldap.opencloud.test"
+LDAP_MANAGER_DOMAIN=
+
+### Keycloak Settings ###
+# Keycloak is an open-source identity and access management solution.
+# We are using Keycloak as the default identity provider on production installations.
+# It can be used to federate authentication with other identity providers like
+# Microsoft Entra ID, ADFS or other SAML/OIDC providers.
+# The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the
+# authentication process, the allowed clients and the session management.
+# Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud.
+# Keycloak can be used in two different modes:
+# 1. Autoprovisioning: New are automatically created in openCloud when they log in for the first time.
+# 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately
+# because the LDAP server is connected to both Keycloak and OpenCloud.
+# Note: the leading colon is required to enable the service.
+KEYCLOAK=:keycloak.yml
 # Domain for Keycloak. Defaults to "keycloak.opencloud.test".
 KEYCLOAK_DOMAIN=
 # Realm which to be used with OpenCloud. Defaults to "OpenCloud"
@@ -262,20 +291,11 @@ KEYCLOAK_REALM=
 KEYCLOAK_ADMIN_USER=
 # Admin user login password. Defaults to "admin"
 KEYCLOAK_ADMIN_PASSWORD=
-
-### Ldap Settings ###
-# Note: the leading colon is required to enable the service.
-#LDAP=:ldap.yml
-# Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
-LDAP_ADMIN_PASSWORD=
-# LDAP manager
-# login with uid ldapadmin and password
-#LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
-# LDAP manager domain. Defaults to "ldap.opencloud.test"
-LDAP_MANAGER_DOMAIN=
+# Autoprovisioning mode. Defaults to "true"
+KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
 
 ## IMPORTANT ##
 # This MUST be the last line as it assembles the supplemental compose files to be used.
 # ALL supplemental configs must be added here, whether commented or not.
 # Each var must either be empty or contain :path/file.yml
-COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${LDAP_MANAGER:-}
+COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}