We agreed to move the 'opencloud_full' example to a new directory to
avoid confusion with the supported compose examples in
opencloud-compose.
This commit keeps the bare-metal example in place as that is still
mentioned in the documentation.
* remove opencloud_full from the read.me and add opencloud-compose instead
* remove wrong changes
* add eicar file which accendially was removed
* replace eicar.zip
Due to the sunsetting of the Docker Hub bitnami repository on
2025-09-28, use the bitnamilegacy/openldap:2.6 container image instead
of bitnami/openldap:2.6
The app provider is called `CollaboraOnline` in the deployment example, not `Collabora`. Also switches the default app to Collabora for all mime types since it's the only app provider running per default.
* ldap setup
* run ldap in the opencloud full
* set admin user
* feat: use the shared LDAP schema and new phpldapadmin
* chore: change dc to match opencloud domain
---------
Co-authored-by: Michael Barz <michael.barz@zeitgestalten.eu>
* Harmonize Keycloak client configurations with built-in IdP
This change makes the Keycloak client configurations consistent with the built-in IdP:
1. Standardized client IDs to match built-in IdP:
- web (unchanged)
- OpenCloudDesktop (was random ID)
- OpenCloudAndroid (was random ID)
- OpenCloudIOS (was random ID)
- Cyberduck (simplified ID)
2. Updated domain names to use .eu consistently:
- Changed from opencloud.com to opencloud.eu for mobile apps
- Changed from hardcoded domains to templated {{OC_URL}} values
3. Updated redirect URIs to match built-in IdP format:
- Added specific callback paths for web client
- Removed wildcarded ports for desktop client
4. Changed mobile/desktop clients to public clients (equivalent to native app type)
5. Enhanced docker-entrypoint-override.sh to handle {{OC_URL}} template variables
These changes ensure a consistent authentication experience regardless of
whether users are using the built-in IdP or Keycloak.
* Harmonize Keycloak client configuration with client JSONs
Update the realm configuration to match the client configuration JSON files:
1. Update client IDs to match client JSON files:
- Changed 'xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69' to 'OpenCloudDesktop'
- Changed 'e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD' to 'OpenCloudAndroid'
- Changed 'mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1' to 'OpenCloudIOS'
2. Fix additional client properties:
- Fix client names: Use proper capitalization for all clients
- Fix OAuth redirect URIs for Android and iOS to use .eu domain
- Fix Desktop URIs by removing wildcard asterisks
- Update post-logout redirect URIs to match client JSONs
- Set publicClient flag to true for all mobile/desktop clients
These changes ensure that when the realm is imported during deployment,
the client configurations will match the client JSONs exactly.
* Update web client configuration in Keycloak realm
Harmonize the web client configuration in the realm:
- Add 'OpenCloud Web App' client name
- Change URLs to use {{OC_URL}} template variables
- Update redirect URIs to use specific paths instead of wildcard
- Set backchannel logout URL to use templated URL
This completes the harmonization of all client configurations in the realm.
* Revert template variable approach in Keycloak configuration
Reverted templating changes to match upstream conventions:
1. Removed template variable handling from docker-entrypoint-override.sh
- Removed {{OC_URL}} replacement, keeping only domain replacement
This maintains compatibility with the upstream approach of using direct URLs
with domain substitution instead of template variables.
* Fix remaining old client ID references in role mappings
Updated the remaining references to old client IDs in the role mappings section:
- xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 → OpenCloudDesktop
- e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD → OpenCloudAndroid
- mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 → OpenCloudIOS
This ensures all client ID references throughout the realm configuration are
consistent and use the simplified IDs.
The compose example lacked support for setting various SMTP related
config vars. Even though some of them where present in the '.env' file.
Closes: #511
