solved locale network bugs of ldap

group_vars/all/07_applications.yml

@@ -3,6 +3,13 @@
 ## Docker Role Specific Parameters
 docker_restart_policy:        "unless-stopped"
 
+##############################################
+## Private Helper variables                ### 
+##############################################
+
+# By default don't expose openldap to the internet, just if explicit configured
+_ldap_openldap_expose_to_internet:       "{{ applications.ldap.openldap.expose_to_internet if applications.ldap is defined and applications.ldap.openldap is defined else false}}"
+
 defaults_applications:
 
   ## Akaunting
@@ -62,7 +69,8 @@ defaults_applications:
       administrator_password:         "{{user_administrator_initial_password}}" # CHANGE for security reasons
     openldap:
       version:                        "latest"
-      expose_to_internet:             false     # Set to true if you want to expose the LDAP port to the internet. Keep in mind to
+      expose_to_internet:             "{{_ldap_openldap_expose_to_internet}}"   # Set to true if you want to expose the LDAP port to the internet
+      domain:                         "{{domains.ldap if _ldap_openldap_expose_to_internet else 'openldap'}}" # Mapping for public or locale access
     phpldapadmin:
       version:                        "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
     webinterface:                     "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin

roles/docker-keycloak/vars/main.yml

@@ -1,3 +1,4 @@
 application_id:  	    "keycloak"
 database_type:        "postgres"
 database_password:    "{{keycloak_database_password}}"
+ldap_network_enabled: true  # Activate LDAP network

roles/docker-ldap/tasks/main.yml

@@ -40,6 +40,7 @@
     mode: '770'
     force: yes
   notify: docker compose project setup
+  when: applications.ldap.webinterface == 'phpldapadmin'
 
 - name: "create {{docker_compose.directories.env}}lam.env"
   template: 
@@ -48,3 +49,4 @@
     mode: '770'
     force: yes
   notify: docker compose project setup
+  when: applications.ldap.webinterface == 'lam'

roles/docker-ldap/templates/lam.env.j2

@@ -7,7 +7,7 @@ LAM_PASSWORD=               {{applications.ldap.lam.administrator_password}}
 LAM_CONFIGURATION_DATABASE= files                                                   # configuration database (files or mysql) @todo implement mariadb
 
 # LDAP Configuration
-LDAP_SERVER=                {{domain}}                                              # domain of LDAP database root entry, will be converted to dc=...,dc=...
+LDAP_SERVER=                {{applications.ldap.openldap.domain}}                   # domain of LDAP database root entry, will be converted to dc=...,dc=...
 LDAP_BASE_DN=               {{ldap_root}}                                           # LDAP base DN to overwrite value generated by LDAP_DOMAIN
 LDAP_USER=                  {{ldap_admin_dn}}                                       # LDAP admin user (set as login user for LAM)
 LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}}   # LDAP admin password

roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2

@@ -10,7 +10,7 @@ whitelist_domains       =   [".{{primary_domain}}"]
 client_secret           =   "{{oidc.client.secret}}"
 client_id               =   "{{oidc.client.id}}"
 redirect_url            =   "https://{{domain}}/oauth2/callback"
-oidc_issuer_url         =   "{{oidc_client_issuer_url}}"
+oidc_issuer_url         =   "{{oidc.client.issuer_url}}"
 provider                =   "oidc"
 provider_display_name   =   "Keycloak"