kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 10:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Joomla: Add LDAP autocreate plugin support

Browse Source 
- Introduced autocreate_users feature flag in config/main.yml
- Added ldapautocreate.php and ldapautocreate.xml plugin files
- Implemented tasks/01_ldap_files.yml for plugin deployment
- Added tasks/05_ldap.yml to configure LDAP plugin and register ldapautocreate
- Renamed tasks for better structure (01→02, 02→03, etc.)
- Updated cli-ldap.php.j2 for clean parameter handling
- Mounted ldapautocreate plugin via docker-compose.yml.j2
- Extended vars/main.yml with LDAP autocreate configuration

Ref: https://chatgpt.com/share/68b0802f-bfd4-800f-b10a-57cf0c091f7e
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-28 18:13:53 +02:00
parent 18f3b1042f
commit ef801aa498
15 changed files with 326 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/web-app-joomla/config/main.yml
View File

@@ -1,3 +1,4 @@
autocreate_users: true # Autocreate LDAP users on Login
features:
matomo: true
css: true
@@ -24,4 +25,4 @@ docker:
version: latest
name: joomla
volumes:
data: "joomla_data"
data: "joomla_data"

108
roles/web-app-joomla/files/ldapautocreate.php Normal file
View File

@@ -0,0 +1,108 @@
<?php
/**
* System plugin that auto-creates a Joomla user after successful LDAP authentication.
* It reads the LDAP Auth plugin params from #__extensions (folder=authentication, element=ldap),
* looks up cn/mail for the authenticated uid, and creates a local Joomla user if missing.
*/
defined('_JEXEC') || die;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\User\User;
use Joomla\Database\DatabaseDriver;
use Joomla\Authentication\Authentication;
class PlgSystemLdapautocreate extends CMSPlugin
{
protected $app;
/**
* Runs after authentication handlers; fires for both frontend and backend.
* @param array $options Contains 'username' and more after auth
* @return void
*/
public function onUserAfterAuthenticate($options, $response)
{
// Only proceed on success
if (($response->status ?? null) !== Authentication::STATUS_SUCCESS) {
return;
}
$username = $response->username ?? $options['username'] ?? null;
if (!$username) {
return;
}
/** @var DatabaseDriver $dbo */
$dbo = Factory::getDbo();
// If user already exists locally, nothing to do
$exists = (int) $dbo->setQuery(
$dbo->getQuery(true)
->select('COUNT(*)')
->from($dbo->quoteName('#__users'))
->where($dbo->quoteName('username') . ' = ' . $dbo->quote($username))
)->loadResult();
if ($exists) {
return;
}
// Read LDAP Auth plugin params to connect (the ones we configured via cli-ldap.php)
$ldapExt = $dbo->setQuery(
$dbo->getQuery(true)
->select('*')
->from($dbo->quoteName('#__extensions'))
->where($dbo->quoteName('type') . " = 'plugin'")
->where($dbo->quoteName('folder') . " = 'authentication'")
->where($dbo->quoteName('element') . " = 'ldap'")
)->loadObject();
if (!$ldapExt) {
return; // LDAP plugin not found; bail out silently
}
$p = json_decode($ldapExt->params ?: "{}", true) ?: [];
$host = $p['host'] ?? 'openldap';
$port = (int) ($p['port'] ?? 389);
$baseDn = $p['base_dn'] ?? '';
$bindDn = $p['username'] ?? '';
$bindPw = $p['password'] ?? '';
$attrUid = $p['ldap_uid'] ?? 'uid';
$attrMail = $p['ldap_email'] ?? 'mail';
$attrName = $p['ldap_fullname'] ?? 'cn';
// Look up user in LDAP to fetch name/email
$ds = @ldap_connect($host, $port);
if (!$ds) { return; }
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_bind($ds, $bindDn, $bindPw);
$filter = sprintf('(%s=%s)', $attrUid, ldap_escape($username, '', LDAP_ESCAPE_FILTER));
$sr = @ldap_search($ds, $baseDn, $filter, [$attrName, $attrMail]);
$entry = $sr ? @ldap_first_entry($ds, $sr) : null;
$name = $entry ? (@ldap_get_values($ds, $entry, $attrName)[0] ?? $username) : $username;
$email = $entry ? (@ldap_get_values($ds, $entry, $attrMail)[0] ?? ($username.'@example.invalid')) : ($username.'@example.invalid');
if ($ds) { @ldap_unbind($ds); }
// Create Joomla user (Registered group id=2)
$data = [
'name' => $name,
'username' => $username,
'email' => $email,
// Password is irrelevant for LDAP; set a random one
'password' => bin2hex(random_bytes(12)),
'block' => 0,
'groups' => [2],
];
$user = new User;
if (!$user->bind($data)) {
return;
}
$user->save();
}
}

10
roles/web-app-joomla/files/ldapautocreate.xml Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<extension type="plugin" group="system" method="upgrade" version="4.0">
<name>plg_system_ldapautocreate</name>
<author>Infinito.Nexus</author>
<version>1.0.0</version>
<description>Auto-create Joomla users after successful LDAP authentication.</description>
<files>
<filename plugin="ldapautocreate">ldapautocreate.php</filename>
</files>
</extension>

25
roles/web-app-joomla/tasks/01_ldap_files.yml Normal file
View File

@@ -0,0 +1,25 @@
- name: "Render LDAP CLI helper"
template:
src: cli-ldap.php.j2
dest: "{{ JOOMLA_LDAP_CONF_FILE }}"
mode: "0644"
when: JOOMLA_LDAP_ENABLED | bool
notify: docker compose restart
- block:
- name: "Ensure ldapautocreate plugin hostdir exists"
file:
path: "{{ JOOMLA_LDAP_AUT_CRT_HOST_DIR }}"
state: directory
mode: "0755"
- name: "Deploy ldapautocreate plugin files"
copy:
src: "ldapautocreate.{{ item }}"
dest: "{{ [ JOOMLA_LDAP_AUT_CRT_HOST_DIR, 'ldapautocreate.' ~ item ] | path_join }}"
mode: "0644"
notify: docker compose restart
loop:
- php
- xml
when: JOOMLA_LDAP_AUTO_CREATE_ENABLED | bool

0
roles/web-app-joomla/tasks/01_install.yml → roles/web-app-joomla/tasks/02_install.yml
View File

0
roles/web-app-joomla/tasks/02_debug.yml → roles/web-app-joomla/tasks/03_debug.yml
View File

9
roles/web-app-joomla/tasks/04_ldap.yml
View File

@@ -1,9 +0,0 @@
- name: "Configure LDAP plugin params via helper"
command: >
docker exec {{ JOOMLA_CONTAINER }}
php cli/cli-ldap.php
register: ldap_conf
changed_when: "'configured' in ldap_conf.stdout | lower"
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
when: JOOMLA_LDAP_ENABLED | bool

0
roles/web-app-joomla/tasks/03_patch.yml → roles/web-app-joomla/tasks/04_patch.yml
View File

56
roles/web-app-joomla/tasks/05_ldap.yml Normal file
View File

@@ -0,0 +1,56 @@
- name: "Configure LDAP plugin params via helper"
command: >
docker exec {{ JOOMLA_CONTAINER }}
sh -c 'test -f /var/www/html/cli/cli-ldap.php && php /var/www/html/cli/cli-ldap.php'
register: ldap_conf
changed_when: "'configured' in ldap_conf.stdout | lower"
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
when: JOOMLA_LDAP_ENABLED | bool
- name: "Register & enable ldapautocreate Joomla system plugin"
command: >
docker exec {{ JOOMLA_CONTAINER }}
sh -lc '
test -f /var/www/html/plugins/system/ldapautocreate/ldapautocreate.php ||
{ echo "ERROR: plugin file missing"; exit 1; };
php -r "
define(\"_JEXEC\",1);
\$root=\"/var/www/html\";
require \$root.\"/includes/defines.php\";
require \$root.\"/includes/framework.php\";
\$dbo = Joomla\\CMS\\Factory::getDbo();
\$ext = \$dbo->setQuery(
\"SELECT * FROM #__extensions WHERE type=\\\"plugin\\\" AND folder=\\\"system\\\" AND element=\\\"ldapautocreate\\\"\"
)->loadObject();
if (!\$ext) {
\$row = (object)[
\"name\" => \"plg_system_ldapautocreate\",
\"type\" => \"plugin\",
\"element\" => \"ldapautocreate\",
\"folder\" => \"system\",
\"enabled\" => 1,
\"access\" => 1,
\"protected\" => 0,
\"manifest_cache\" => \"{}\",
\"params\" => \"{}\",
\"custom_data\" => \"{}\",
\"state\" => 0,
\"ordering\" => 0,
\"client_id\" => 0
];
\$dbo->insertObject(\"#__extensions\", \$row);
echo \"Plugin registered + enabled\\n\";
} else {
\$ext->enabled = 1;
\$dbo->updateObject(\"#__extensions\", \$ext, \"extension_id\");
echo \"Plugin already exists, just enabled\\n\";
}
"
'
register: ldapautocreate_reg
changed_when: >
('registered + enabled' in (ldapautocreate_reg.stdout | lower)) or
('just enabled' in (ldapautocreate_reg.stdout | lower))
failed_when: ldapautocreate_reg.rc != 0
when: JOOMLA_LDAP_AUTO_CREATE_ENABLED | bool

0
roles/web-app-joomla/tasks/05_assert.yml → roles/web-app-joomla/tasks/06_assert.yml
View File

34
roles/web-app-joomla/tasks/main.yml
View File

@@ -1,12 +1,12 @@
---
- name: "Include role srv-domain-provision for {{ application_id }}"
include_role:
name: srv-domain-provision
loop: "{{ JOOMLA_DOMAINS }}"
loop_control:
loop_var: domain
vars:
http_port: "{{ ports.localhost.http[application_id] }}"
#- name: "Include role srv-domain-provision for {{ application_id }}"
# include_role:
# name: srv-domain-provision
# loop: "{{ JOOMLA_DOMAINS }}"
# loop_control:
# loop_var: domain
# vars:
# http_port: "{{ ports.localhost.http[application_id] }}"
- name: "load docker and db for {{ application_id }}"
include_role:
@@ -14,12 +14,8 @@
vars:
docker_compose_flush_handlers: false
- name: "Render LDAP CLI helper"
template:
src: cli-ldap.php.j2
dest: "{{ JOOMLA_LDAP_CONF_FILE }}"
mode: "0644"
when: JOOMLA_LDAP_ENABLED | bool
- name: Include install routines
include_tasks: "01_ldap_files.yml"
- name: "flush docker compose handlers"
meta: flush_handlers
@@ -27,8 +23,8 @@
- name: Include install routines
include_tasks: "{{ item }}"
loop:
- 01_install.yml
- 02_debug.yml
- 03_patch.yml
- 04_ldap.yml
- 05_assert.yml
- 02_install.yml
- 03_debug.yml
- 04_patch.yml
- 05_ldap.yml
- 06_assert.yml

84
roles/web-app-joomla/templates/cli-ldap.php.j2
View File

@@ -1,54 +1,68 @@
<?php
// Tiny Joomla CLI to enable + configure Authentication - LDAP plugin.
// Safe to run multiple times.
// Joomla CLI script to enable and configure the Authentication - LDAP plugin.
// Safe to run multiple times. Uses only Factory::getDbo() (no web/administrator app context required).
define('_JEXEC', 1);
if (PHP_SAPI !== 'cli') { fwrite(STDERR, "CLI only\n"); exit(1); }
define('JPATH_BASE', __DIR__ . '/..');
$root = __DIR__ . '/..';
require $root . '/includes/defines.php';
require $root . '/includes/framework.php';
// Load Joomla framework
require JPATH_BASE . '/includes/defines.php';
require JPATH_BASE . '/includes/framework.php';
$app = \Joomla\CMS\Factory::getApplication('administrator');
$dbo = \Joomla\CMS\Factory::getDbo();
use Joomla\CMS\Factory;
// Database driver from Factory
$dbo = Factory::getDbo();
// Locate the LDAP plugin row in #__extensions
$query = $dbo->getQuery(true)
->select('*')
->from($dbo->quoteName('#__extensions'))
->where($dbo->quoteName('type') . ' = ' . $dbo->quote('plugin'))
->where($dbo->quoteName('folder') . ' = ' . $dbo->quote('authentication'))
->where($dbo->quoteName('element') . ' = ' . $dbo->quote('ldap'));
->select('*')
->from($dbo->quoteName('#__extensions'))
->where($dbo->quoteName('type') . ' = ' . $dbo->quote('plugin'))
->where($dbo->quoteName('folder') . ' = ' . $dbo->quote('authentication'))
->where($dbo->quoteName('element') . ' = ' . $dbo->quote('ldap'));
$dbo->setQuery($query);
$ext = $dbo->loadObject();
if (!$ext) { fwrite(STDERR, "LDAP plugin not found.\n"); exit(2); }
if (!$ext) {
fwrite(STDERR, "LDAP plugin not found.\n");
exit(2);
}
// Merge desired params
// Helper to strip quotes if present in env-file values
$get = static fn($k) => preg_replace('/^(["\'])(.*)\1$/', '$2', getenv($k) ?: '');
// Desired plugin parameters (must match Joomla LDAP plugin schema)
$desired = [
"host" => getenv('JOOMLA_LDAP_HOST'),
"port" => (int) getenv('JOOMLA_LDAP_PORT'),
"basedn" => getenv('JOOMLA_LDAP_BASE_DN'),
"userbasedn" => getenv('JOOMLA_LDAP_USER_TREE_DN'),
"groupbasedn" => getenv('JOOMLA_LDAP_GROUP_TREE_DN'),
"authmethod" => getenv('JOOMLA_LDAP_AUTH_METHOD'), // "bind" or "search"
"searchstring" => getenv('JOOMLA_LDAP_USER_SEARCH_STRING'),
"username" => getenv('JOOMLA_LDAP_BIND_DN'),
"password" => getenv('JOOMLA_LDAP_BIND_PASSWORD'),
"uid" => getenv('JOOMLA_LDAP_UID_ATTR'),
"email" => getenv('JOOMLA_LDAP_EMAIL_ATTR'),
"fullname" => getenv('JOOMLA_LDAP_NAME_ATTR'),
"starttls" => (bool) getenv('JOOMLA_LDAP_USE_STARTTLS'),
"ignore_reqcert" => (bool) getenv('JOOMLA_LDAP_IGNORE_CERT'),
"mapfullname" => (bool) getenv('JOOMLA_LDAP_MAP_FULLNAME'),
"mapemail" => (bool) getenv('JOOMLA_LDAP_MAP_EMAIL'),
// Connection settings
"host" => $get('JOOMLA_LDAP_HOST'),
"port" => (int) $get('JOOMLA_LDAP_PORT'),
"use_ldapV3" => true,
"negotiate_tls" => (bool) $get('JOOMLA_LDAP_USE_STARTTLS'),
"no_referrals" => false,
// Authentication settings
"auth_method" => $get('JOOMLA_LDAP_AUTH_METHOD') ?: "search", // "search" or "bind"
"base_dn" => $get('JOOMLA_LDAP_BASE_DN'),
"search_string" => $get('JOOMLA_LDAP_USER_SEARCH_STRING'), // e.g. uid=[username]
"users_dn" => $get('JOOMLA_LDAP_USER_TREE_DN'), // required for "bind" mode
"username" => $get('JOOMLA_LDAP_BIND_DN'),
"password" => $get('JOOMLA_LDAP_BIND_PASSWORD'),
// Attribute mapping
"ldap_uid" => $get('JOOMLA_LDAP_UID_ATTR') ?: "uid",
"ldap_email" => $get('JOOMLA_LDAP_EMAIL_ATTR') ?: "mail",
"ldap_fullname" => $get('JOOMLA_LDAP_NAME_ATTR') ?: "cn",
];
// Merge current parameters with desired values
$current = json_decode($ext->params ?: "{}", true) ?: [];
$merged = array_replace($current, array_filter($desired, fn($v) => $v !== null && $v !== ''));
$clean = array_filter($desired, static fn($v) => $v !== null && $v !== '');
$merged = array_replace($current, $clean);
// Save back to database and enable the plugin
$ext->params = json_encode($merged, JSON_UNESCAPED_SLASHES);
$ext->enabled = {{ JOOMLA_LDAP_ENABLED | ternary(1, 0) }};
$ext->enabled = 1;
$dbo->updateObject('#__extensions', $ext, 'extension_id');
echo "LDAP plugin enabled=". $ext->enabled . " and configured.\n";
echo "LDAP plugin enabled={$ext->enabled} and configured.\n";

3
roles/web-app-joomla/templates/docker-compose.yml.j2
View File

@@ -11,6 +11,9 @@
- data:/var/www/html
{% if JOOMLA_LDAP_ENABLED %}
- {{ JOOMLA_LDAP_CONF_FILE }}:/var/www/html/cli/cli-ldap.php:ro
{% if JOOMLA_LDAP_AUTO_CREATE_ENABLED | bool %}
- {{ JOOMLA_LDAP_AUT_CRT_HOST_DIR }}:{{ JOOMLA_LDAP_AUT_CRT_DOCK_DIR }}:ro
{% endif %}
{% endif %}
ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"

42
roles/web-app-joomla/templates/env.j2
View File

@@ -6,29 +6,29 @@ JOOMLA_ADMIN_EMAIL={{ JOOMLA_USER_EMAIL }}
{% if database_type == 'mariadb' %}
# Database
JOOMLA_DB_HOST="{{ database_host }}:{{ database_port }}"
JOOMLA_DB_USER="{{ database_username }}"
JOOMLA_DB_PASSWORD="{{ database_password }}"
JOOMLA_DB_NAME="{{ database_name }}"
JOOMLA_DB_TYPE="{{ JOOMLA_DB_CONNECTOR }}"
JOOMLA_DB_HOST={{ database_host }}:{{ database_port }}
JOOMLA_DB_USER={{ database_username }}
JOOMLA_DB_PASSWORD={{ database_password }}
JOOMLA_DB_NAME={{ database_name }}
JOOMLA_DB_TYPE={{ JOOMLA_DB_CONNECTOR }}
{% endif %}
{% if JOOMLA_LDAP_ENABLED %}
# LDAP
JOOMLA_LDAP_HOST="{{ JOOMLA_LDAP_HOST }}"
JOOMLA_LDAP_PORT="{{ JOOMLA_LDAP_PORT }}"
JOOMLA_LDAP_BASE_DN="{{ JOOMLA_LDAP_BASE_DN }}"
JOOMLA_LDAP_USER_TREE_DN="{{ JOOMLA_LDAP_USER_TREE_DN }}"
JOOMLA_LDAP_GROUP_TREE_DN="{{ JOOMLA_LDAP_GROUP_TREE_DN }}"
JOOMLA_LDAP_UID_ATTR="{{ JOOMLA_LDAP_UID_ATTR }}"
JOOMLA_LDAP_EMAIL_ATTR="{{ JOOMLA_LDAP_EMAIL_ATTR }}"
JOOMLA_LDAP_NAME_ATTR="{{ JOOMLA_LDAP_NAME_ATTR }}"
JOOMLA_LDAP_BIND_DN="{{ JOOMLA_LDAP_BIND_DN }}"
JOOMLA_LDAP_BIND_PASSWORD="{{ JOOMLA_LDAP_BIND_PASSWORD }}"
JOOMLA_LDAP_USE_STARTTLS="{{ JOOMLA_LDAP_USE_STARTTLS | ternary('1','') }}"
JOOMLA_LDAP_IGNORE_CERT="{{ JOOMLA_LDAP_IGNORE_CERT | ternary('1','') }}"
JOOMLA_LDAP_MAP_FULLNAME="{{ JOOMLA_LDAP_MAP_FULLNAME | ternary('1','') }}"
JOOMLA_LDAP_MAP_EMAIL="{{ JOOMLA_LDAP_MAP_EMAIL | ternary('1','') }}"
JOOMLA_LDAP_AUTH_METHOD="{{ JOOMLA_LDAP_AUTH_METHOD }}"
JOOMLA_LDAP_USER_SEARCH_STRING="{{ JOOMLA_LDAP_USER_SEARCH_STRING }}"
JOOMLA_LDAP_HOST={{ JOOMLA_LDAP_HOST }}
JOOMLA_LDAP_PORT={{ JOOMLA_LDAP_PORT }}
JOOMLA_LDAP_BASE_DN={{ JOOMLA_LDAP_BASE_DN }}
JOOMLA_LDAP_USER_TREE_DN={{ JOOMLA_LDAP_USER_TREE_DN }}
JOOMLA_LDAP_GROUP_TREE_DN={{ JOOMLA_LDAP_GROUP_TREE_DN }}
JOOMLA_LDAP_UID_ATTR={{ JOOMLA_LDAP_UID_ATTR }}
JOOMLA_LDAP_EMAIL_ATTR={{ JOOMLA_LDAP_EMAIL_ATTR }}
JOOMLA_LDAP_NAME_ATTR={{ JOOMLA_LDAP_NAME_ATTR }}
JOOMLA_LDAP_BIND_DN={{ JOOMLA_LDAP_BIND_DN }}
JOOMLA_LDAP_BIND_PASSWORD={{ JOOMLA_LDAP_BIND_PASSWORD }}
JOOMLA_LDAP_USE_STARTTLS={{ JOOMLA_LDAP_USE_STARTTLS | ternary('1','') }}
JOOMLA_LDAP_IGNORE_CERT={{ JOOMLA_LDAP_IGNORE_CERT | ternary('1','') }}
JOOMLA_LDAP_MAP_FULLNAME={{ JOOMLA_LDAP_MAP_FULLNAME | ternary('1','') }}
JOOMLA_LDAP_MAP_EMAIL={{ JOOMLA_LDAP_MAP_EMAIL | ternary('1','') }}
JOOMLA_LDAP_AUTH_METHOD={{ JOOMLA_LDAP_AUTH_METHOD }}
JOOMLA_LDAP_USER_SEARCH_STRING={{ JOOMLA_LDAP_USER_SEARCH_STRING }}
{% endif %}

71
roles/web-app-joomla/vars/main.yml
View File

@@ -1,41 +1,44 @@
# General
application_id: "web-app-joomla"
database_type: "mariadb"
container_port: 80
application_id: "web-app-joomla"
database_type: "mariadb"
container_port: 80
# Joomla
JOOMLA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
JOOMLA_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
JOOMLA_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
JOOMLA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
JOOMLA_CUSTOM_IMAGE: "{{ JOOMLA_IMAGE }}_custom"
JOOMLA_DOMAINS: "{{ applications | get_app_conf(application_id, 'server.domains.canonical') }}"
JOOMLA_SITE_NAME: "{{ SOFTWARE_NAME }} Joomla - CMS"
JOOMLA_DB_CONNECTOR: "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
JOOMLA_CONFIG_FILE: "/var/www/html/configuration.php"
JOOMLA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
JOOMLA_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
JOOMLA_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
JOOMLA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
JOOMLA_CUSTOM_IMAGE: "{{ JOOMLA_IMAGE }}_custom"
JOOMLA_DOMAINS: "{{ applications | get_app_conf(application_id, 'server.domains.canonical') }}"
JOOMLA_SITE_NAME: "{{ SOFTWARE_NAME }} Joomla - CMS"
JOOMLA_DB_CONNECTOR: "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
JOOMLA_CONFIG_FILE: "/var/www/html/configuration.php"
# User
JOOMLA_USER_NAME: "{{ users.administrator.username }}"
JOOMLA_USER: "{{ JOOMLA_USER_NAME | capitalize }}"
JOOMLA_USER_PASSWORD: "{{ users.administrator.password }}"
JOOMLA_USER_EMAIL: "{{ users.administrator.email }}"
JOOMLA_USER_NAME: "{{ users.administrator.username }}"
JOOMLA_USER: "{{ JOOMLA_USER_NAME | capitalize }}"
JOOMLA_USER_PASSWORD: "{{ users.administrator.password }}"
JOOMLA_USER_EMAIL: "{{ users.administrator.email }}"
# LDAP
JOOMLA_LDAP_CONF_FILE: "{{ [ docker_compose.directories.volumes, 'cli-ldap.php' ] | path_join }}"
JOOMLA_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
JOOMLA_LDAP_HOST: "{{ LDAP.SERVER.DOMAIN }}"
JOOMLA_LDAP_PORT: "{{ LDAP.SERVER.PORT }}"
JOOMLA_LDAP_BASE_DN: "{{ LDAP.DN.ROOT }}"
JOOMLA_LDAP_USER_TREE_DN: "{{ LDAP.DN.OU.USERS }}"
JOOMLA_LDAP_GROUP_TREE_DN: "{{ LDAP.DN.OU.GROUPS }}"
JOOMLA_LDAP_UID_ATTR: "{{ LDAP.USER.ATTRIBUTES.ID }}" # e.g. uid
JOOMLA_LDAP_EMAIL_ATTR: "{{ LDAP.USER.ATTRIBUTES.MAIL }}"
JOOMLA_LDAP_NAME_ATTR: "{{ LDAP.USER.ATTRIBUTES.FULLNAME }}"
JOOMLA_LDAP_BIND_DN: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
JOOMLA_LDAP_BIND_PASSWORD: "{{ LDAP.BIND_CREDENTIAL }}"
JOOMLA_LDAP_USE_STARTTLS: false
JOOMLA_LDAP_IGNORE_CERT: true
JOOMLA_LDAP_MAP_FULLNAME: true
JOOMLA_LDAP_MAP_EMAIL: true
JOOMLA_LDAP_AUTH_METHOD: "search" # "bind" or "search"
JOOMLA_LDAP_USER_SEARCH_STRING: "{{ JOOMLA_LDAP_UID_ATTR }}=[username],{{ JOOMLA_LDAP_USER_TREE_DN }}"
JOOMLA_LDAP_CONF_FILE: "{{ [ docker_compose.directories.volumes, 'cli-ldap.php' ] | path_join }}"
JOOMLA_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
JOOMLA_LDAP_AUTO_CREATE_ENABLED: "{{ applications | get_app_conf(application_id, 'autocreate_users') }}"
JOOMLA_LDAP_HOST: "{{ LDAP.SERVER.DOMAIN }}"
JOOMLA_LDAP_PORT: "{{ LDAP.SERVER.PORT }}"
JOOMLA_LDAP_BASE_DN: "{{ LDAP.DN.ROOT }}"
JOOMLA_LDAP_USER_TREE_DN: "{{ LDAP.DN.OU.USERS }}"
JOOMLA_LDAP_GROUP_TREE_DN: "{{ LDAP.DN.OU.GROUPS }}"
JOOMLA_LDAP_UID_ATTR: "{{ LDAP.USER.ATTRIBUTES.ID }}" # e.g. uid
JOOMLA_LDAP_EMAIL_ATTR: "{{ LDAP.USER.ATTRIBUTES.MAIL }}"
JOOMLA_LDAP_NAME_ATTR: "{{ LDAP.USER.ATTRIBUTES.FULLNAME }}"
JOOMLA_LDAP_BIND_DN: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
JOOMLA_LDAP_BIND_PASSWORD: "{{ LDAP.BIND_CREDENTIAL }}"
JOOMLA_LDAP_USE_STARTTLS: false
JOOMLA_LDAP_IGNORE_CERT: true
JOOMLA_LDAP_MAP_FULLNAME: true
JOOMLA_LDAP_MAP_EMAIL: true
JOOMLA_LDAP_AUTH_METHOD: "search" # "bind" or "search"
JOOMLA_LDAP_USER_SEARCH_STRING: "{{ JOOMLA_LDAP_UID_ATTR }}=[username]"
JOOMLA_LDAP_AUT_CRT_HOST_DIR: "{{ [ docker_compose.directories.volumes, 'ldapautocreate' ] | path_join }}"
JOOMLA_LDAP_AUT_CRT_DOCK_DIR: "/var/www/html/plugins/system/ldapautocreate"