From 48abeda36696598a897121b10518ee4176475342 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 22 Jan 2025 17:45:37 +0100
Subject: [PATCH] Implemented lam

---
 group_vars/all                                |  7 +++--
 roles/docker-ldap/README.md                   |  8 ++---
 .../templates/docker-compose.yml.j2           | 31 +++++++++++++++++--
 3 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/group_vars/all b/group_vars/all
index 725195ad..b67dcb58 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -245,11 +245,14 @@ keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"
 
 #### LDAP
-ldap_version:                         "latest"
-ldap_admin_version:                   "2.0.0-dev"   # @todo Attention: Change this as fast as released to latest
+ldap_lam_version:                     "latest"
+ldap_openldap_version:                "latest"
+ldap_phpldapadmin_version:            "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
+ldap_webinterface:                    "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
 ldap_administrator_username:          "{{administrator_username}}"
 ldap_administrator_password:          "{{user_administrator_initial_password}}" #CHANGE for security reasons
 ldap_administrator_database_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons
+ldap_lam_administrator_password:      "{{user_administrator_initial_password}}" #CHANGE for security reasons
 
 #### Listmonk
 listmonk_admin_username:          "{{administrator_username}}"
diff --git a/roles/docker-ldap/README.md b/roles/docker-ldap/README.md
index 2ccf8201..60df3f15 100644
--- a/roles/docker-ldap/README.md
+++ b/roles/docker-ldap/README.md
@@ -38,8 +38,8 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
 | `cert_mount_directory`        | Directory to mount SSL/TLS certificates.                | `{{docker_compose_instance_directory}}/certs/` |
 | `ldap_administrator_username` | Username for the LDAP admin.                            | `admin`                              |
 | `ldap_administrator_password` | Password for the LDAP admin.                            | _Required_                           |
-| `ldap_admin_version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
-| `ldap_version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
+| `ldap_phpldapadmin_version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
+| `ldap_openldap_version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
 
 ---
 
@@ -75,8 +75,8 @@ Here’s an example playbook to use this role:
         primary_domain_tld: "world"
         ldap_administrator_username: "administrator"
         ldap_administrator_password: "secure_password_here"
-        ldap_admin_version: "latest"
-        ldap_version: "latest"
+        ldap_phpldapadmin_version: "latest"
+        ldap_openldap_version: "latest"
 ```
 
 ### **Steps to Deploy:**
diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2
index 9ba9da88..69c25cef 100644
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -1,6 +1,30 @@
 services:
+{% if ldap_webinterface == 'lam' %}
+  lam:
+    image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}}  # Dies ist das Docker-Image für LAM
+    container_name: lam
+    logging:
+      driver: journald
+    restart: {{docker_restart_policy}}
+    ports:
+      - 127.0.0.1:{{http_port}}:80 
+    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
+      
+      # Basic Configuration   
+      LAM_PASSWORD:       {{ldap_lam_administrator_password}}       # LAM configuration master password and password for server profile "lam
+      
+      # Database
+      LAM_CONFIGURATION_DATABASE: files                              # configuration database (files or mysql) @todo implement mariadb
+
+      # LDAP Configuration
+      LDAP_SERVER:         ldap://openldap:389                       # LDAP server URL
+      LDAP_DOMAIN:         {{domain}}                                # domain of LDAP database root entry, will be converted to dc=...,dc=...
+      LDAP_BASE_DN:        {{ldap_root}}                             # LDAP base DN to overwrite value generated by LDAP_DOMAIN
+      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
+      LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}}  # LDAP admin password
+{% elif ldap_webinterface == 'phpldapadmin' %}
   phpldapadmin:
-    image: leenooks/phpldapadmin:{{ldap_admin_version}}
+    image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
@@ -10,8 +34,9 @@ services:
       # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
       APP_URL:    https://{{domain}}
       LDAP_HOST:  openldap
+{% endif %}
   openldap:
-    image: bitnami/openldap:{{ldap_version}}
+    image: bitnami/openldap:{{ldap_openldap_version}}
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
@@ -23,7 +48,7 @@ services:
       
       # GENERAL
       ## Database
-      LDAP_ADMIN_USERNAME:        {{ldap_administrator_username}} # LDAP database admin user.
+      LDAP_ADMIN_USERNAME:        {{ldap_administrator_username}}          # LDAP database admin user.
       LDAP_ADMIN_PASSWORD:        {{ldap_administrator_database_password}} # LDAP database admin password.
       
       ## Users