Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d

roles/web-app-nextcloud/tasks/plugins/user_ldap.yml

@@ -3,7 +3,7 @@
 
 - name: Set Nextcloud LDAP bind password
   command: >
-    {{ NEXTCLOUD_DOCKER_EXEC_OCC }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
+    {{ NEXTCLOUD_DOCKER_EXEC_OCC }} ldap:set-config s01 ldapAgentPassword "{{ LDAP.BIND_CREDENTIAL }}"
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
   no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

roles/web-app-nextcloud/templates/config/oidc.config.php.j2

@@ -97,10 +97,10 @@ return array (
     // note: on Keycloak, OIDC name claim = "${given_name} ${family_name}" or one of them if any is missing
     //
     'oidc_login_attributes' => array (
-        'id' => '{{ldap.user.attributes.id}}',
+        'id' => '{{LDAP.USER.ATTRIBUTES.ID}}',
         'name' => 'name',
         'mail' => 'email',
-        'quota' => '{{ ldap.user.attributes.nextcloud_quota }}',
+        'quota' => '{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}',
         # 'home' => 'homeDirectory',    # Not implemented yet
         'ldap_uid' => '{{ OIDC.ATTRIBUTES.USERNAME }}',
         # 'groups' => 'ownCloudGroups', # Not implemented yet

roles/web-app-nextcloud/vars/plugins/user_ldap.yml

@@ -32,17 +32,17 @@ plugin_configuration:
   -
     appid: "user_ldap"
     configkey: "s01ldap_base"
-    configvalue: "{{ldap.dn.root}}"
+    configvalue: "{{ LDAP.DN.ROOT }}"
 
   -
     appid: "user_ldap"
     configkey: "s01ldap_base_groups"
-    configvalue: "{{ldap.dn.root}}"
+    configvalue: "{{ LDAP.DN.ROOT }}"
 
   -
     appid: "user_ldap"
     configkey: "s01ldap_base_users"
-    configvalue: "{{ldap.dn.ou.users}}"
+    configvalue: "{{LDAP.DN.OU.USERS}}"
 
   -
     appid: "user_ldap"
@@ -67,7 +67,7 @@ plugin_configuration:
   -
     appid: "user_ldap"
     configkey: "s01ldap_dn"
-    configvalue: "{{ldap.dn.administrator.data}}"
+    configvalue: "{{LDAP.DN.ADMINISTRATOR.DATA}}"
   -
     appid: "user_ldap"
     configkey: "s01ldap_email_attr"
@@ -103,11 +103,11 @@ plugin_configuration:
   -
     appid: "user_ldap"
     configkey: "s01ldap_host"
-    configvalue: "{{ldap.server.domain}}"
+    configvalue: "{{ LDAP.SERVER.DOMAIN }}"
   -
     appid: "user_ldap"
     configkey: "s01ldap_login_filter"
-    configvalue: "{{ ldap.filters.users.login }}"
+    configvalue: "{{ LDAP.FILTERS.USERS.LOGIN }}"
   -
     appid: "user_ldap"
     configkey: "s01ldap_login_filter_mode"
@@ -165,7 +165,7 @@ plugin_configuration:
     configkey: "s01ldap_userlist_filter"
     configvalue: |-
       {% if applications | get_app_conf(application_id, 'plugins.user_ldap.user_directory.enabled', True) %}
-      {{ ldap.filters.users.all }}
+      {{ LDAP.FILTERS.USERS.ALL }}
       {% else %}
       ()
       {% endif %}
@@ -181,4 +181,4 @@ plugin_configuration:
   -
     appid: "user_ldap"
     configkey: "s01ldap_expert_username_attr"
-    configvalue: "{{ldap.user.attributes.id}}"
+    configvalue: "{{LDAP.USER.ATTRIBUTES.ID}}"