Supported production setup with Keycloak and LDAP (#720)

* feat: modify .env file to make the needed changes for keycloak and ldap

* style: remove default values from yaml

deployments/examples/opencloud_full/.env

@@ -260,12 +260,12 @@ COMPOSE_PATH_SEPARATOR=:
 # configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
 #
 # Note: the leading colon is required to enable the service.
-LDAP=:ldap.yml
+#LDAP=:ldap.yml
 # Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
 LDAP_ADMIN_PASSWORD=
 # LDAP manager
 # login with uid ldapadmin and password
-LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
+#LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
 # LDAP manager domain. Defaults to "ldap.opencloud.test"
 LDAP_MANAGER_DOMAIN=
 
@@ -282,7 +282,7 @@ LDAP_MANAGER_DOMAIN=
 # 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately
 # because the LDAP server is connected to both Keycloak and OpenCloud.
 # Note: the leading colon is required to enable the service.
-KEYCLOAK=:keycloak.yml
+#KEYCLOAK=:keycloak.yml
 # Domain for Keycloak. Defaults to "keycloak.opencloud.test".
 KEYCLOAK_DOMAIN=
 # Realm which to be used with OpenCloud. Defaults to "OpenCloud"
@@ -292,7 +292,7 @@ KEYCLOAK_ADMIN_USER=
 # Admin user login password. Defaults to "admin"
 KEYCLOAK_ADMIN_PASSWORD=
 # Autoprovisioning mode. Defaults to "true"
-KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
+#KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
 
 ## IMPORTANT ##
 # This MUST be the last line as it assembles the supplemental compose files to be used.

deployments/examples/opencloud_full/ldap.yml

@@ -12,18 +12,16 @@ services:
       OC_LDAP_BIND_DN: "cn=admin,dc=opencloud,dc=eu"
       OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
       OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=opencloud,dc=eu"
-      OC_LDAP_GROUP_FILTER: "(objectclass=opencloudobject)"
-      OC_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
+      OC_LDAP_GROUP_SCHEMA_ID: "entryUUID"
       OC_LDAP_USER_BASE_DN: "ou=users,dc=opencloud,dc=eu"
-      OC_LDAP_USER_FILTER: "(objectclass=openclouduser)"
-      OC_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
-      LDAP_LOGIN_ATTRIBUTES: "uid"
-      OC_ADMIN_USER_ID: "f7fc96f6-ceb4-4387-bd69-07a6d7992973"
-      IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
-      IDP_LDAP_UUID_ATTRIBUTE: "openclouduuid"
-      IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
-      GRAPH_LDAP_SERVER_WRITE_ENABLED: "true" # assuming the external ldap is writable
+      OC_LDAP_USER_FILTER: "(objectclass=inetOrgPerson)"
+      OC_LDAP_USER_SCHEMA_ID: "entryUUID"
+      OC_LDAP_DISABLE_USER_MECHANISM: "none"
+      GRAPH_LDAP_SERVER_UUID: "true"
+      GRAPH_LDAP_GROUP_CREATE_BASE_DN: "ou=custom,ou=groups,dc=opencloud,dc=eu"
       GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
+      FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.accountEnabled,user.appRoleAssignments"
+      OC_LDAP_SERVER_WRITE_ENABLED: "false" # assuming the external ldap is not writable
       # OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services
       OC_EXCLUDE_RUN_SERVICES: idm
 
@@ -46,7 +44,6 @@ services:
       - "127.0.0.1:636:1636"
     volumes:
       - ./config/ldap/ldif:/ldifs
-      - ../shared/config/ldap/schemas/10_opencloud_schema.ldif:/schemas/10_opencloud_schema.ldif
       - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
       - ldap-certs:/opt/bitnami/openldap/share
       - ldap-data:/bitnami/openldap