Normalized OpenLDAP constants

roles/svc-db-openldap/tasks/01_credentials.yml

@@ -3,7 +3,7 @@
 
 - name: "Query available LDAP databases"
   shell: |
-    docker exec {{ openldap_name }} \
+    docker exec {{ OPENLDAP_NAME }} \
       ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "(olcDatabase=*)" dn
   register: ldap_databases
 
@@ -27,13 +27,13 @@
 
 - name: "Generate hash for Database Admin password"
   shell: |
-    docker exec {{ openldap_name }} \
+    docker exec {{ OPENLDAP_NAME }} \
       slappasswd -s "{{ LDAP.BIND_CREDENTIAL }}"
   register: database_admin_pw_hash
 
 - name: "Reset Database Admin password in LDAP (olcRootPW)"
   shell: |
-    docker exec -i {{ openldap_name }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
+    docker exec -i {{ OPENLDAP_NAME }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
     dn: {{ data_backend_dn }}
     changetype: modify
     replace: olcRootPW
@@ -42,13 +42,13 @@
 
 - name: "Generate hash for Configuration Admin password"
   shell: |
-    docker exec {{ openldap_name }} \
+    docker exec {{ OPENLDAP_NAME }} \
       slappasswd -s "{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"
   register: config_admin_pw_hash
 
 - name: "Reset Configuration Admin password in LDAP (olcRootPW)"
   shell: |
-    docker exec -i {{ openldap_name }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
+    docker exec -i {{ OPENLDAP_NAME }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
     dn: {{ config_backend_dn }}
     changetype: modify
     replace: olcRootPW

roles/svc-db-openldap/tasks/03_users.yml

@@ -4,7 +4,7 @@
 - name: Ensure LDAP users exist
   community.general.ldap_entry:
     dn:           "{{ LDAP.USER.ATTRIBUTES.ID }}={{ item.key }},{{ LDAP.DN.OU.USERS }}"
-    server_uri:   "{{ openldap_server_uri }}"
+    server_uri:   "{{ OPENLDAP_SERVER_URI }}"
     bind_dn:      "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
     bind_pw:      "{{ LDAP.BIND_CREDENTIAL }}"
     objectClass:  "{{ LDAP.USER.OBJECTS.STRUCTURAL }}"
@@ -30,7 +30,7 @@
 - name: Ensure required objectClass values and mail address are present
   community.general.ldap_attrs:
     dn: "{{ LDAP.USER.ATTRIBUTES.ID }}={{ item.key }},{{ LDAP.DN.OU.USERS }}"
-    server_uri: "{{ openldap_server_uri }}"
+    server_uri: "{{ OPENLDAP_SERVER_URI }}"
     bind_dn: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
     bind_pw: "{{ LDAP.BIND_CREDENTIAL }}"
     attributes:
@@ -46,7 +46,7 @@
 - name: "Ensure container for application roles exists"
   community.general.ldap_entry:
     dn: "{{ LDAP.DN.OU.ROLES }}"
-    server_uri: "{{ openldap_server_uri }}"
+    server_uri: "{{ OPENLDAP_SERVER_URI }}"
     bind_dn:  "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
     bind_pw:  "{{ LDAP.BIND_CREDENTIAL }}"
     objectClass: organizationalUnit

roles/svc-db-openldap/tasks/04_update.yml

@@ -1,6 +1,6 @@
 - name: Gather all users with their current objectClass list
   community.general.ldap_search:
-    server_uri: "{{ openldap_server_uri }}"
+    server_uri: "{{ OPENLDAP_SERVER_URI }}"
     bind_dn:    "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
     bind_pw:    "{{ LDAP.BIND_CREDENTIAL }}"
     dn:         "{{ LDAP.DN.OU.USERS }}"
@@ -14,7 +14,7 @@
 
 - name: Add only missing auxiliary classes
   community.general.ldap_attrs:
-    server_uri: "{{ openldap_server_uri }}"
+    server_uri: "{{ OPENLDAP_SERVER_URI }}"
     bind_dn:    "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
     bind_pw:    "{{ LDAP.BIND_CREDENTIAL }}"
     dn:         "{{ item.dn }}"

roles/svc-db-openldap/tasks/ldifs_creation.yml

@@ -1,7 +1,7 @@
-- name: "Create LDIF files at {{ openldap_ldif_host_path }}{{ folder }}"
+- name: "Create LDIF files at {{ OPENLDAP_LDIF_PATH_HOST }}{{ folder }}"
   template:
     src: "{{ item }}"
-    dest: "{{ openldap_ldif_host_path }}{{ folder }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    dest: "{{ OPENLDAP_LDIF_PATH_HOST }}{{ folder }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
     mode: "0770"
   loop: >-
     {{

roles/svc-db-openldap/tasks/main.yml

@@ -19,7 +19,7 @@
 
 - name: create docker network for LDAP, so that other applications can access it
   community.docker.docker_network:
-    name: "{{ openldap_network }}"
+    name: "{{ OPENLDAP_NETWORK }}"
     state: present
     ipam_config:
       - subnet: "{{ networks.local[application_id].subnet }}"
@@ -40,12 +40,12 @@
     - applications | get_app_conf(application_id, 'network.local')
     - applications | get_app_conf(application_id, 'provisioning.credentials', True)
 
-- name: "create directory {{openldap_ldif_host_path}}{{item}}"
+- name: "create directory {{OPENLDAP_LDIF_PATH_HOST}}{{item}}"
   file:
-    path: "{{openldap_ldif_host_path}}{{item}}"
+    path: "{{OPENLDAP_LDIF_PATH_HOST}}{{item}}"
     state: directory
     mode: "0755"
-  loop: "{{openldap_ldif_types}}"
+  loop: "{{OPENLDAP_LDIF_TYPES}}"
 
 - name: "Import LDIF Configuration"
   include_tasks: ldifs_creation.yml

roles/svc-db-openldap/tasks/schemas/nextcloud.yml

@@ -13,9 +13,9 @@
       - "( 1.3.6.1.4.1.99999.2 NAME '{{ LDAP.USER.OBJECTS.AUXILIARY.NEXTCLOUD_USER }}' DESC 'Auxiliary class for Nextcloud attributes' AUXILIARY MAY ( {{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }} ) )"
   command: >
     ldapsm
-      -s {{ openldap_server_uri }}
-      -D '{{ openldap_bind_dn }}'
-      -W '{{ openldap_bind_pw }}'
+      -s {{ OPENLDAP_SERVER_URI }}
+      -D '{{ OPENLDAP_BIND_DN }}'
+      -W '{{ OPENLDAP_BIND_PW }}'
       -n {{ schema_name }}
       {% for at in attribute_defs %}
       -a "{{ at }}"

roles/svc-db-openldap/tasks/schemas/openssh_lpk.yml

@@ -21,9 +21,9 @@
 
   command: >
     ldapsm
-      -s {{ openldap_server_uri }}
-      -D '{{ openldap_bind_dn }}'
-      -W '{{ openldap_bind_pw }}'
+      -s {{ OPENLDAP_SERVER_URI }}
+      -D '{{ OPENLDAP_BIND_DN }}'
+      -W '{{ OPENLDAP_BIND_PW }}'
       -n {{ schema_name }}
       {% for at in attribute_defs %}
       -a "{{ at }}"