# vim: ft=yaml.ansible
---
- name: create ldap volume folders
  file:
    name: "{{ services.openldap.volume_folder }}/{{ volume }}"
    state: directory
  loop:
    - "var/lib/ldap"
    - "etc/slapd"
    - "certs"
  loop_control:
    loop_var: volume

- name: Create a network for ldap
  docker_network:
    name: ldap

- name: openLDAP container
  docker_container:
    name: openldap
    image: osixia/openldap:{{ services.openldap.version }}
    tty: true
    interactive: true
    restart_policy: unless-stopped
    volumes:
      - "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
      - "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
      - "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
    published_ports:
      - "389:389"
      - "636:636"
    hostname: "{{ services.openldap.domain }}"
    domainname: "{{ services.openldap.domain }}" # important: same as hostname
    networks:
      - name: ldap
    env:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "{{ base_domain }}"
      LDAP_DOMAIN: "{{ base_domain }}"
      LDAP_BASE_DN: ""
      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
      LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
      LDAP_READONLY_USER: "false"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_PROTOCOL_MIN: "3.1"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"

- name: phpLDAPadmin container
  docker_container:
    name: phpldapadmin
    image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
    restart_policy: unless-stopped
    networks:
      - name: external_services
      - name: ldap
    env:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
      PHPLDAPADMIN_TRUST_PROXY_SSL: "true"

      VIRTUAL_HOST: "{{ services.openldap.domain }}"
      LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"