cosmetic change and working example in readme

remove unused variables

README.md

@@ -13,14 +13,11 @@ Apache +php needed
 Role Variables
 --------------
 
-pla_baseddn
-pla_install_dir - default /var/www/html
-pla_version - default 1.2.6.3
-pla_user - account to use to connect to ldap directory
 pla_basedn - no default
+pla_install_dir - default /var/www/html
+pla_version - default 1.2.6.7
 pla_ldap_server - default {{ localhost }}
-pla_bind_dn - "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'username' ) }}"
+pla_install_dir_owner - default pla, should probably be "{{ php_fpm_pool_user }}"
-pla_bin_pwd:  "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'password' ) }}"
 
 Dependencies
 ------------
@@ -34,6 +31,16 @@ Including an example of how to use your role (for instance, with variables passe
 
     - hosts: servers
       roles:
+	  - role: tco.php-fpm
+	  ¦tags: pla,wips
+	  ¦vars:
+	  ¦  php_packages:
+	  ¦  ¦  - php8.1-ldap
+	  ¦  ¦  - php8.1-xml
+	  ¦  php_version: "8.1"
+	  ¦  php_fpm_create_pool: true
+	  ¦  php_fpm_pool_user: selfservicepassword
+	  ¦  php_fpm_listen_socket: /srv/pla/socket 
 	  - { role: phpldapadmin, basedn: dc=ldx }
 
 License

defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 # defaults file for phpldapadmin
-pla_version: 1.2.6.4
+pla_version: 1.2.6.7
 pla_install_dir: /var/www/html/
+pla_install_dir_owner: pla
 pla_ldap_server: localhost

tasks/main.yml

@@ -1,34 +1,40 @@
-- name: get some vars
+- name: "[pla] - get archive"
-  set_facts:
+  ansible.builtin.get_url:
-    pla_bind_dn: "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'username' ) }}"
+      url: https://github.com/leenooks/phpLDAPadmin/archive/{{ pla_version }}.tar.gz
-    pla_bin_pwd:  "{{ lookup( 'keepass', '{{ group_names[0] }}/{{ inventory_hostname }})pla_dn', 'password' ) }}"
+      dest: /tmp/pla_{{pla_version }}.gz
-  tags: always
 
-  - name: get archive
+- name: "[pla] - create base dir"
-  get_url:
+  ansible.builtin.file:
-url: https://github.com/leenooks/phpLDAPadmin/archive/{{ pla_version }}.tar.gz
+    path: "{{ pla_install_dir }}"
-dest: /tmp/pla_{{pla_version }}.gz
+    state: directory
 
-- package:
+- name: "[pla] - extract archive"
-    name: [ php-ldap, php-xml ]
+  ansible.builtin.unarchive:
-    state: present
+    dest: "{{ pla_install_dir }}"
-
-- unarchive:
-    dest: /{{ pla_install_dir }}
     src:  /tmp/pla_{{pla_version }}.gz
     remote_src: true
-- file:
+    owner: "{{ pla_install_dir_owner }}"
-    src: /{{ pla_install_dir }}/phpLDAPadmin-{{ pla_version }}
+
+- name: "[pla] - link"
+  ansible.builtin.file:
+    src: "{{ pla_install_dir }}/phpLDAPadmin-{{ pla_version }}"
     state: link
-    dest: /{{ pla_install_dir }}/pla
+    dest: "{{ pla_install_dir }}/pla"
+    owner: "{{ pla_install_dir_owner }}"
 
-- template:
+- name: "[pla] - fixownership"
+  tags: chown
+  ansible.builtin.file:
+    path: "{{ pla_install_dir }}/phpLDAPadmin-{{ pla_version }}"
+    recurse: true
+    state: directory
+    owner: "{{ pla_install_dir_owner }}"
+
+- name: "[pla] - configure"
+  vars:
+    bigrandomstring: "{{ lookup('password', '/dev/null chars=ascii_letters,digit length=128', seed=inventory_hostname) | lower }}"
+  ansible.builtin.template:
     src: pla_config.php
-    dest: /{{ pla_install_dir }}/pla/config/config.php
+    dest: "{{ pla_install_dir }}/pla/config/config.php"
-
+    owner: "{{ pla_install_dir_owner }}"
-- name: deploy apache config
-  template:
-    src: pla_httpd.conf
-    dest: /etc/httpd/conf.d/pla.conf
-  notify: reload_apache
 

templates/pla_config.php

@@ -47,7 +47,7 @@
 
 /* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
    to a big random string. */
-$config->custom->session['blowfish'] = imaljdmlkaedmlkezjfmljzaemflezafmlkzhfelmhzafezenull;
+$config->custom->session['blowfish'] = '{{ bigrandomstring }}' ;
 
 /* If your auth_type is http, you can override your HTTP Authentication Realm. */
 // $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');