feat: opencloud group provisioning via oidc

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

inventories/vagrant/host_vars/backend/opencloud.yml

@@ -36,6 +36,16 @@ opencloud_ldap_group_base_dn: "ou=groups,dc=local,dc=test"
 # Draw.io integration
 opencloud_drawio_url: "https://drawio.local.test"
 
+# Role assignment via OIDC (maps LDAP groups from Keycloak token to OpenCloud roles)
+opencloud_role_assignment_driver: "oidc"
+opencloud_role_mapping:
+  - role_name: admin
+    claim_value: admins
+  - role_name: user
+    claim_value: users
+  - role_name: user
+    claim_value: developers
+
 # CSP configuration
 opencloud_csp_extra_connect_src:
   - "https://keycloak.local.test/"