SuiteCRM LDAP integration fixes:

- Correct LDAP attribute FIRSTNAME changed to givenName
- Add automated ldap.yaml rendering and bind mount
- Create LDAP extension directory inside container
- Adjust docker-compose.yml for proper LDAP config mount
- Add strict formatting template for ldap.yaml
- Update paths for SUITECRM_LDAP_CONFIG_HOST and SUITECRM_LDAP_EXTENSION_DIR

Details: https://chatgpt.com/share/6928375d-1458-800f-bcc3-b3364ea69078

group_vars/all/13_ldap.yml

@@ -87,7 +87,7 @@ LDAP:
       ID:                 "{{ _ldap_user_id }}"
       MAIL:               "mail"
       FULLNAME:           "cn"
-      FIRSTNAME:          "givenname"
+      FIRSTNAME:          "givenName"
       SURNAME:            "sn"
       SSH_PUBLIC_KEY:     "sshPublicKey"
       NEXTCLOUD_QUOTA:    "nextcloudQuota"

roles/web-app-suitecrm/tasks/main.yml

@@ -4,6 +4,14 @@
   vars:
     docker_compose_flush_handlers: false
 
+- name: "Render SuiteCRM LDAP mapping"
+  template:
+    src:  ldap.yaml.j2
+    dest: "{{ SUITECRM_LDAP_CONFIG_HOST }}"
+  notify:
+    - docker compose up
+  when: SUITECRM_LDAP_ENABLED | bool
+
 - name: "Deploy '{{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_ABS }}'"
   copy:
     src:  "{{ SUITECRM_ENTRYPOINT_SCRIPT_FILE }}"

roles/web-app-suitecrm/templates/Dockerfile.j2

@@ -86,5 +86,8 @@ RUN yarn install --immutable \
 COPY {{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL }} {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}
 RUN chmod +x {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}
 
+# Create LDAP Extension Directory
+RUN mkdir -p "{{ SUITECRM_LDAP_EXTENSION_DIR }}"
+
 ENTRYPOINT ["{{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}"]
 CMD ["apache2-foreground"]

roles/web-app-suitecrm/templates/docker-compose.yml.j2

@@ -17,6 +17,11 @@
     volumes:
       - data:/var/www/html/
 
+{% if SUITECRM_LDAP_ENABLED | bool %}
+      # Readonly isn't possible for LDAP config, because otherwise file permission script will fail
+      - "{{ SUITECRM_LDAP_CONFIG_HOST }}:{{ SUITECRM_LDAP_EXTENSION_DIR }}/ldap.yaml"
+{% endif %}
+
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
     name: {{ SUITECRM_DATA_VOLUME }}

roles/web-app-suitecrm/templates/ldap.yaml.j2

@@ -0,0 +1,7 @@
+{# WARNING: Don't mess with the formatation SuiteCRM is very strict! #}
+parameters:
+  ldap.extra_fields: ['{{ LDAP.USER.ATTRIBUTES.MAIL }}', '{{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}', '{{ LDAP.USER.ATTRIBUTES.SURNAME }}']
+  ldap.autocreate.extra_fields_map:
+    {{ LDAP.USER.ATTRIBUTES.MAIL }}: email1
+    {{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}: first_name
+    {{ LDAP.USER.ATTRIBUTES.SURNAME }}: last_name

roles/web-app-suitecrm/vars/main.yml

@@ -25,7 +25,11 @@ SUITECRM_DATA_VOLUME:                 "{{ applications | get_app_conf(applicatio
 
 # URLs & feature flags
 SUITECRM_URL:                         "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+
+# LDAP
 SUITECRM_LDAP_ENABLED:                "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+SUITECRM_LDAP_CONFIG_HOST:            "{{ [ docker_compose.directories.config, 'ldap.yaml'] | path_join }}"
+SUITECRM_LDAP_EXTENSION_DIR:          "/var/www/html/extensions/{{ SOFTWARE_NAME | lower | replace('.', '-') }}/config/services/ldap"
 
 # Simple maintenance toggle (for later extensions)
 SUITECRM_INIT_MAINTENANCE_MODE:       "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}"