Disallow managing the users via an ocis admin menu when using an external IDP

[2403905]

Describe the bug

When the ocis installation is using an external IDP like keycloak we have disalow the user menegment actions in an ocis admin menu that can confuse an admin and lead to inconsistent data. There are two cases: rename user and create a new user.

Steps to reproduce

1. Login as moss and logout
2. login as an admin -> open admin-settings/users -> rename moss to mossNew
3. Try to login as mossNew
4. After admin logout and login agen he can see two records moss and mossNew

Expected behavior

You logged in as mossNew. Only mossNew exists.

Actual behavior

Login is failed. There are two rows in an ocis user setings moss and mossNew

Setup

ocis 5.0.5 ocis_keycloak/docker-compose.yml

```console OCIS_XXX=somevalue OCIS_YYY=somevalue PROXY_XXX=somevalue ```

Additional context

Add any other context about the problem here.

[kulmann]

Did you check https://owncloud.dev/services/frontend/#define-read-only-attributes ?

When you set up an external IdP you basically need to tell the web ui that certain things are readonly. I always thought that we have an environment variable to set most of the user management UI to readonly, like adding and deleting users, but I can't find it anymore.

[AlexAndBear]

We have the FRONTEND_LDAP_SERVER_WRITE_ENABLED env variable, according to docs setting it to false, it will result in:

• disable the create user button
• disable the delete user button

FRONTEND_READONLY_USER_ATTRIBUTES additionally will allow you to disable fields that should not be edited in web but managed via the IDP

See https://owncloud.dev/services/frontend/

So from my POV everything is working as intended but hard to understand (docs related)

[2403905]

Thank you. It looks like a misconfiguration of the deployment example.