From 6aa3d386afe8b3f22e47f9971fd719089006b54e Mon Sep 17 00:00:00 2001
From: Thorsten Rossner <rossner@univention.de>
Date: Fri, 24 Nov 2023 16:48:49 +0000
Subject: [PATCH] fix(xwiki): Enable the sync of user profile picture from LDAP

---
 helmfile/apps/xwiki/values.gotmpl | 4 +++-
 helmfile/apps/xwiki/values.yaml   | 8 +++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/helmfile/apps/xwiki/values.gotmpl b/helmfile/apps/xwiki/values.gotmpl
index 853dee54..22e76567 100644
--- a/helmfile/apps/xwiki/values.gotmpl
+++ b/helmfile/apps/xwiki/values.gotmpl
@@ -16,7 +16,7 @@ externalDB:
 
 customConfigs:
   "xwiki.cfg":
-    "xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
+    xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }}
     ## LDAP Server configuration
     xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
     xwiki.authentication.ldap.port: 389
@@ -25,6 +25,8 @@ customConfigs:
     xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
     ## Base DN used for searching for users
     xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
+    ## Allow short update cycles of the LDAP group cache
+    xwiki.authentication.ldap.groupcache_expiration: 300
 
   "xwiki.properties":
     "oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
diff --git a/helmfile/apps/xwiki/values.yaml b/helmfile/apps/xwiki/values.yaml
index b22fea30..78499dfa 100644
--- a/helmfile/apps/xwiki/values.yaml
+++ b/helmfile/apps/xwiki/values.yaml
@@ -10,9 +10,9 @@ customConfigs:
     ## Indicate the LDAP field defining the user UID
     xwiki.authentication.ldap.UID_attr: "uid"
     ## Indicate the LDAP field defining the user profile picture
-    # xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
+    xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
     ## Enable the synchronization of the LDAP profile picture
-    # xwiki.authentication.ldap.update_photo: 1
+    xwiki.authentication.ldap.update_photo: 1
 
   xwiki.properties:
     oidc.scope: "openid,profile,email,address,phoenix"
@@ -80,8 +80,10 @@ properties:
   "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
     "dc=swp-ldap,dc=internal"
   ## LDAP filter to only synchronize some groups
+  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
+  #   "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
   "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
-    "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
+    "(objectClass=opendeskKnowledgemanagementGroup)"
 
 securityContext:
   enabled: true