feat: add keycloak LDAP docs

[micbar]

Add documentation for Keycloak-LDAP integration modes

Description

This PR adds comprehensive documentation for the recently introduced Keycloak-LDAP integration modes in OpenCloud, as implemented in PR #720 ("Supported production setup with Keycloak and LDAP").

The documentation covers two newly supported authentication modes:

1. Shared User Directory Mode - LDAP serves as central user directory for both Keycloak and OpenCloud

graph TD
    subgraph opencloud["OpenCloud Deployment"]
        OpenCloud["OpenCloud Server"]
        Keycloak("Keycloak<br>(OIDC Provider)")
    end
    subgraph existing["Existing Infrastructure"]
        LDAP[("LDAP Server<br>(Shared User Directory)")]
    end

    OpenCloud -->|"User and Groups are looked up for sharing"| LDAP
    OpenCloud -->|"Reads Roles and Group memberships from claims"| Keycloak
    Keycloak -->|"Verify credentials"| LDAP
    LDAP -->|"Import Users and Groups"| Keycloak

    classDef service fill:#3498db,stroke:#2c3e50,stroke-width:2px,rx:10px,ry:10px;
    classDef storage fill:#2ecc71,stroke:#27ae60,stroke-width:2px,rx:10px,ry:10px;
    classDef readonly fill:#87CEFA,stroke:#4682B4,stroke-width:3px,rx:10px,ry:10px;
    classDef general stroke-width:2px,rx:10px,ry:10px;

    class OpenCloud,Keycloak service;
    class LDAP storage;
    class existing,directory readonly;
    class opencloud general;

Loading

3. Autoprovisioning Mode - OpenCloud creates/updates users in LDAP automatically upon first login

graph TD
    subgraph opencloud["OpenCloud Deployment"]
        OpenCloud["`**OpenCloud Server**`"]
        Stop((("Block <br>disabled<br>Users")))
        subgraph directory["User Directory"]
            LDAP[("`**LDAP Server**
            - managed by opencloud
            - custom schema`")]
        end
    end
    subgraph existing["Existing Infrastructure"]
        Keycloak("`**Keycloak**<br>(OIDC Provider)`")
        UserDirectory[("`Federated Identity Provider
        - Microsoft
        - Google
        - and others`")]
    end

    OpenCloud -->|"User and Groups are created during first user login"| LDAP
    OpenCloud <-->|"User and Groups are looked up for sharing"| LDAP
    OpenCloud -- "Reads Users, Attributes, Group memberships and Roles from OIDC claims" --> Stop --> Keycloak
    UserDirectory -->|"Import Users and Groups"| Keycloak

    classDef service fill:#3498db,stroke:#2c3e50,stroke-width:2px,rx:10px,ry:10px;
    classDef storage fill:#2ecc71,stroke:#27ae60,stroke-width:2px,rx:10px,ry:10px;
    classDef readonly fill:#87CEFA,stroke:#4682B4,stroke-width:3px,rx:10px,ry:10px;
    classDef general stroke-width:2px,rx:10px,ry:10px;

    class OpenCloud,Keycloak service;
    class LDAP storage;
    class existing,directory readonly;
    class opencloud general;

Loading

Changes

• Created a new documentation page specifically for Keycloak integration with existing users (keycloak-existing-users.md)
• Added two diagrams to explain the two modes
• Updated the main authentication index page to introduce the new authentication modes
• Added cross-references in the existing Keycloak documentation
• Included configuration examples and troubleshooting tips
• Provided correct environment variables based on the example configurations in deployments/examples/opencloud_full/

Related

• Implements documentation for PR Update docs #720 (Supported production setup with Keycloak and LDAP opencloud#720)

Testing

• Documentation rendered correctly in local environment
• All links between documentation pages verified
• Configuration examples verified against actual Docker Compose configuration files
• Environment variables validated for correctness

Screenshots

N/A (documentation changes only)

[Copilot]

Pull Request Overview

This PR adds comprehensive documentation for the new Keycloak-LDAP integration modes in OpenCloud. The changes include adding a dedicated documentation page for Keycloak-LDAP, updating the main authentication index to highlight the new modes, and adding cross-references and configuration examples.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
docs/dev/server/index.md	Added script tag and likec4-view element for rendering architecture diagrams
docs/admin/configuration/authentication-and-user-management/keycloak.md	Included a new section on LDAP integration with Keycloak
docs/admin/configuration/authentication-and-user-management/keycloak-ldap.md	Introduced detailed documentation for Keycloak with LDAP integration, including configuration and troubleshooting tips
docs/admin/configuration/authentication-and-user-management/index.md	Updated the production authentication section to include Keycloak and LDAP integration details

[Copilot]

Pull Request Overview

This PR adds documentation for Keycloak-LDAP integration modes in OpenCloud, introducing configuration examples and guides for two authentication modes.

• New documentation page for Keycloak integration with existing users
• Updates to the main authentication index page and Keycloak configuration examples
• Added cross-references and troubleshooting tips for both Shared User Directory Mode and Autoprovisioning Mode

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
docs/admin/configuration/authentication-and-user-management/keycloak.md	Removed outdated Docker Compose setup and updated configuration examples with additional options and cross-references
docs/admin/configuration/authentication-and-user-management/keycloak-existing-users.md	Introduces comprehensive documentation for integration with existing users, detailing both integration modes
docs/admin/configuration/authentication-and-user-management/index.md	Updates the authentication index page to include information on Keycloak with LDAP integration

[Svanvith]

LGTM

[micbar]

@Svanvith after looking at it again, I am thinking of integrating that into the one keycloak.md and not create another menu entry.

[micbar]

@AlexAndBear any opinions?

[AlexAndBear]

@Svanvith after looking at it again, I am thinking of integrating that into the one keycloak.md and not create another menu entry.

I am all for it 👍

[micbar]

@Svanvith @AlexAndBear
Now i consolidated it into one file.

[Copilot]

Pull Request Overview

This PR adds comprehensive documentation for the new Keycloak-LDAP integration modes in OpenCloud, clearly distinguishing between Shared User Directory Mode and Autoprovisioning Mode.

• Introduces detailed guides and configuration examples for both integration modes.
• Adds new Mermaid diagrams to illustrate system interactions.
• Updates the main authentication index page to reference the new Keycloak documentation.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
docs/admin/configuration/authentication-and-user-management/keycloak.md	Expanded configuration details and added diagrams for Shared Directory and Autoprovisioning Modes
docs/admin/configuration/authentication-and-user-management/index.md	Added introductory content highlighting LDAP integration with Keycloak

Comments suppressed due to low confidence (1)

docs/admin/configuration/authentication-and-user-management/index.md:28

• The term 'KeyCloak' appears with inconsistent capitalization; please change it to 'Keycloak' for consistency with the rest of the document.

This setup is suitable for scenarios where the LDAP server is not under the control of the OpenCloud admin and can be connected to KeyCloak and OpenCloud using standard attributes and a read-only bind user.