#SPDX-License-Identifier: MIT-0
---
# LDAP configuration for Nextcloud user_ldap app

- name: Check if LDAP configuration exists
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    command: php /var/www/html/occ ldap:show-config
  register: ldap_show_config
  changed_when: false

- name: Create LDAP configuration
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    command: php /var/www/html/occ ldap:create-empty-config
  when: "'s01' not in ldap_show_config.stdout"

- name: Read current LDAP config for s01
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    command: php /var/www/html/occ ldap:show-config s01 --output=json
  register: _ldap_show_s01
  changed_when: false
  failed_when: false

- name: Parse current LDAP config
  ansible.builtin.set_fact:
    _ldap_current: >-
      {{
        (_ldap_show_s01.stdout | from_json) if (
          (_ldap_show_s01.stdout | default('') | trim) is match('^[\\[{]')
        ) else {}
      }}
  when: _ldap_show_s01.rc | default(1) == 0

- name: Configure LDAP settings
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    argv:
      - php
      - /var/www/html/occ
      - ldap:set-config
      - s01
      - "{{ item.key }}"
      - "{{ item.value | string }}"
  loop: "{{ nextcloud_ldap_config | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  no_log: true
  when: ((_ldap_current | default({})).get(item.key) | default(none) | string) != (item.value | string)

- name: Test LDAP configuration
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    command: php /var/www/html/occ ldap:test-config s01
  register: ldap_test_result
  changed_when: false
  failed_when:
    - ldap_test_result.rc != 0
    - "'succeeded' not in (ldap_test_result.stdout | default('') | lower)"