diff --git a/group_vars/all/13_ldap.yml b/group_vars/all/13_ldap.yml index 3d8afa4d..2609c51c 100644 --- a/group_vars/all/13_ldap.yml +++ b/group_vars/all/13_ldap.yml @@ -87,7 +87,7 @@ LDAP: ID: "{{ _ldap_user_id }}" MAIL: "mail" FULLNAME: "cn" - FIRSTNAME: "givenname" + FIRSTNAME: "givenName" SURNAME: "sn" SSH_PUBLIC_KEY: "sshPublicKey" NEXTCLOUD_QUOTA: "nextcloudQuota" diff --git a/roles/web-app-suitecrm/tasks/main.yml b/roles/web-app-suitecrm/tasks/main.yml index 4bfdac92..80aa2a27 100644 --- a/roles/web-app-suitecrm/tasks/main.yml +++ b/roles/web-app-suitecrm/tasks/main.yml @@ -4,6 +4,14 @@ vars: docker_compose_flush_handlers: false +- name: "Render SuiteCRM LDAP mapping" + template: + src: ldap.yaml.j2 + dest: "{{ SUITECRM_LDAP_CONFIG_HOST }}" + notify: + - docker compose up + when: SUITECRM_LDAP_ENABLED | bool + - name: "Deploy '{{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_ABS }}'" copy: src: "{{ SUITECRM_ENTRYPOINT_SCRIPT_FILE }}" diff --git a/roles/web-app-suitecrm/templates/Dockerfile.j2 b/roles/web-app-suitecrm/templates/Dockerfile.j2 index e383418f..6dc4e988 100644 --- a/roles/web-app-suitecrm/templates/Dockerfile.j2 +++ b/roles/web-app-suitecrm/templates/Dockerfile.j2 @@ -86,5 +86,8 @@ RUN yarn install --immutable \ COPY {{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL }} {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }} RUN chmod +x {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }} +# Create LDAP Extension Directory +RUN mkdir -p "{{ SUITECRM_LDAP_EXTENSION_DIR }}" + ENTRYPOINT ["{{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}"] CMD ["apache2-foreground"] diff --git a/roles/web-app-suitecrm/templates/docker-compose.yml.j2 b/roles/web-app-suitecrm/templates/docker-compose.yml.j2 index 4bb54bbb..2b5a334a 100644 --- a/roles/web-app-suitecrm/templates/docker-compose.yml.j2 +++ b/roles/web-app-suitecrm/templates/docker-compose.yml.j2 @@ -17,6 +17,11 @@ volumes: - data:/var/www/html/ +{% if SUITECRM_LDAP_ENABLED | bool %} + # Readonly isn't possible for LDAP config, because otherwise file permission script will fail + - "{{ SUITECRM_LDAP_CONFIG_HOST }}:{{ SUITECRM_LDAP_EXTENSION_DIR }}/ldap.yaml" +{% endif %} + {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: name: {{ SUITECRM_DATA_VOLUME }} diff --git a/roles/web-app-suitecrm/templates/ldap.yaml.j2 b/roles/web-app-suitecrm/templates/ldap.yaml.j2 new file mode 100644 index 00000000..0e8b45e6 --- /dev/null +++ b/roles/web-app-suitecrm/templates/ldap.yaml.j2 @@ -0,0 +1,7 @@ +{# WARNING: Don't mess with the formatation SuiteCRM is very strict! #} +parameters: + ldap.extra_fields: ['{{ LDAP.USER.ATTRIBUTES.MAIL }}', '{{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}', '{{ LDAP.USER.ATTRIBUTES.SURNAME }}'] + ldap.autocreate.extra_fields_map: + {{ LDAP.USER.ATTRIBUTES.MAIL }}: email1 + {{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}: first_name + {{ LDAP.USER.ATTRIBUTES.SURNAME }}: last_name diff --git a/roles/web-app-suitecrm/vars/main.yml b/roles/web-app-suitecrm/vars/main.yml index 670c1be1..5641c662 100644 --- a/roles/web-app-suitecrm/vars/main.yml +++ b/roles/web-app-suitecrm/vars/main.yml @@ -25,7 +25,11 @@ SUITECRM_DATA_VOLUME: "{{ applications | get_app_conf(applicatio # URLs & feature flags SUITECRM_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" + +# LDAP SUITECRM_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}" +SUITECRM_LDAP_CONFIG_HOST: "{{ [ docker_compose.directories.config, 'ldap.yaml'] | path_join }}" +SUITECRM_LDAP_EXTENSION_DIR: "/var/www/html/extensions/{{ SOFTWARE_NAME | lower | replace('.', '-') }}/config/services/ldap" # Simple maintenance toggle (for later extensions) SUITECRM_INIT_MAINTENANCE_MODE: "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}"