Work on FusionDirectory container (#5)

README.md

@@ -300,6 +300,45 @@ podman run \
   gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-lemonldap-ng:v0.1
 ```
 
+#### FIDM
+
+Create the shared directory for socket:
+```
+mkdir -p run/volumes/fd-run
+```
+
+Start:
+```
+podman run \
+  --env-file=./run/ENVVAR.example \
+  -v ./run/volumes/fd-run:/run/php-fpm/ \
+  --rm=true \
+  --name=fusioniam-fusiondirectory-php-fpm \
+  --detach=true \
+  --no-hosts \
+  --network=slirp4netns:allow_host_loopback=true \
+  --entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]' \
+  gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-fusiondirectory:v0.1
+```
+
+```
+podman run \
+  --env-file=./run/ENVVAR.example \
+  -v ./run/volumes/fd-run:/var/run/php-fpm/ \
+  --rm=true \
+  -p 127.0.0.1:8081:8080 \
+  --name=fusioniam-fusiondirectory-nginx \
+  --detach=true \
+  --no-hosts \
+  --entrypoint='["/bin/bash","/run-ct.sh","nginx"]' \
+  gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-fusiondirectory:v0.1
+```
+
+Stop:
+```
+podman stop fusioniam-fusiondirectory-nginx fusioniam-fusiondirectory-php-fpm
+```
+
 ### Start reverse proxy
 
 On your host, start a reverse proxy that will connect to containers.

build/centos8/Makefile

@@ -10,6 +10,7 @@ all:
 	make -B openldap
 	make -B whitepages
 	make -B servicedesk
+	make -B fusiondirectory
 
 base:
 	$(CTN) build --no-cache -t $(IMAGENAME):$(VVERSION) .
@@ -17,6 +18,9 @@ base:
 clean:
 	$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
 
+fusiondirectory:
+	cd fusiondirectory ; make -B all
+
 llng:
 	cd lemonldap-ng ; make -B all
 

build/centos8/fusiondirectory/DEPENDENCY

+fusioniam-centos8

build/centos8/fusiondirectory/Dockerfile

+ARG DEPEND
+ARG VERSION
+
+FROM $DEPEND:$VERSION
+
+EXPOSE 8080
+
+COPY ansible/ ./
+
+RUN bash ./run-playbook.sh install.yaml &&\
+    sed -i 's/listen *80/listen 8080/g' /etc/nginx/nginx.conf ;\
+    sed -i 's/:80/:8080/g' /etc/nginx/nginx.conf ;\
+    sed -i 's/user *nginx/user fusioniam/g' /etc/nginx/nginx.conf ;\
+    sed -i 's@fastcgi_pass.*@fastcgi_pass unix:/var/run/php-fpm/www.sock;@g' /etc/nginx/default.d/php.conf ;\
+    chown -R fusioniam:fusioniam /var/cache/fusiondirectory ;\
+    rm -f install.yaml 

build/centos8/fusiondirectory/Makefile

+FVERSION=../../VERSION
+FDEPEND=DEPENDENCY
+
+CTN=`which podman >/dev/null 2>&1 && echo podman || echo docker`
+IMAGENAME="fusioniam-centos8-fusiondirectory"
+VDEPEND=`cat $(FDEPEND)`
+VVERSION=`cat $(FVERSION)`
+
+
+all: 
+	make -B fusiondirectory
+
+clean:
+	$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
+
+fusiondirectory:
+	$(CTN) build --build-arg DEPEND="$(VDEPEND)" --build-arg VERSION="$(VVERSION)" -t $(IMAGENAME):$(VVERSION) .
+

build/centos8/fusiondirectory/ansible/deploy.yaml

+---
+- hosts: localhost
+  vars:
+    CUSTOMERID: "{{ lookup('env', 'CUSTOMERID') | default(omit) }}"
+    LDAP_HOST: "{{ lookup('env', 'LDAP_HOST') | default('localhost',true) }}"
+    LDAP_PORT: "{{ lookup('env', 'LDAP_PORT') | default('33389',true) }}"
+    LDAP_PROTO: "{{ lookup('env', 'LDAP_PROTO') | default('ldap',true) }}"
+    LDAP_STARTTLS: "{{ lookup('env', 'LDAP_STARTTLS') | default('false',true) }}"
+    SSO_DOMAIN: "{{ lookup('env', 'SSO_DOMAIN') | default(omit) }}"
+    VHOST_NAME: "{{ lookup('env', 'FUSIONDIRECTORY_NAME') | default(omit) }}"
+    FUSIONDIRECTORY_LDAP_PASSWORD: "{{ lookup('env', 'FUSIONDIRECTORY_LDAP_PASSWORD') | default(omit) }}"
+    FUSIONDIRECTORY_LDAP_USERNAME: "{{ lookup('env', 'FUSIONDIRECTORY_LDAP_USERNAME') | default(omit) }}"
+  tasks:
+  - name: Assert variables
+    assert:
+      that:
+        - '"{{ item.value }}" is defined'
+        - '{{ item.value | length }} > 0'
+      quiet: True
+      fail_msg: '{{ item.name }} is missing or empty'
+    loop:
+      - name: 'CUSTOMERID'
+        value: '{{ CUSTOMERID }}'
+      - name: 'LDAP_HOST'
+        value: '{{ LDAP_HOST }}'
+      - name: 'LDAP_PORT'
+        value: '{{ LDAP_PORT }}'
+      - name: 'LDAP_PROTO'
+        value: '{{ LDAP_PROTO }}'
+      - name: 'LDAP_STARTTLS'
+        value: '{{ LDAP_STARTTLS }}'
+      - name: 'SSO_DOMAIN'
+        value: '{{ SSO_DOMAIN }}'
+      - name: 'VHOST_NAME'
+        value: '{{ VHOST_NAME }}'
+      - name: 'FUSIONDIRECTORY_LDAP_PASSWORD'
+        value: '{{ FUSIONDIRECTORY_LDAP_PASSWORD }}'
+      - name: 'FUSIONDIRECTORY_LDAP_USERNAME'
+        value: '{{ FUSIONDIRECTORY_LDAP_USERNAME }}'
+
+  - name: Deploy fusiondirectory.conf file
+    template:
+      src: fusiondirectory.conf.j2
+      dest: /etc/fusiondirectory/fusiondirectory.conf
+      mode: u=rw,g=r,o=r
+
+  - name: Deploy vhost
+    template:
+      src: fusiondirectory-nginx.conf.j2
+      dest: /etc/nginx/conf.d/fusiondirectory.conf
+      mode: u=rw,g=r,o=r

build/centos8/fusiondirectory/ansible/files/RPM-GPG-KEY-LTB-project

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+mQGiBEpM/vsRBACPS+MZ7o9qdx4NDquqA6oBy9ROlI/ls5k2vVkW9IZTr5z8jBEk
+zI3vNN2bl5uMKOYpgd416bGYa1RXo4VVS549i+BqECapb+/xp4BBdiGmrMGHFpBj
+EaAE5oQcvAZ/gkJ4gvuRtfVmWZVLPdUun3Y8RUwDkidn7v3ga396n+4O9wCgsuAM
+15R3NedYtq381be+PxbKnSsD/A6MDUOF9hayWxyMixP2iOZ20/P8lfZ5AZ7fzafw
+7sx+47J9CLu4jByIkBqWQbrsioqL03dklvxA5gvEaPB4ShEod5QPvqi0GZdQcq/5
+LnVUfcsEK1OetugYm7FKAj8PuGQGPa8p1F954b+4zHoETnd1lwpYkggp080sfTHs
+s1l3A/9sKDiOW19CLgTOYbm9P90NBlKVTu5Gk3S+2y9mACUBZgocdfbKMATG8JFh
+bGb0CJIAroAt3l08B9C7at+wcq/p83A+HrjBvpAv2hhagqQvQq/ShnLtlQCvVXx5
+d7iMQUGn2pCb3hcDYJ90zT0xh6IjksYFI4sbEASPivkpf9HIprQyQ2xlbWVudCBP
+VURPVCAoTFRCLXByb2plY3QpIDxjbGVtLm91ZG90QGdtYWlsLmNvbT6IYAQTEQIA
+IAUCSkz++wIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEArFH5JtRb/Fya4A
+oKJgXsq3EMpYbQwTOe3pCfDyhSXJAJwJ2Y8Fe8Xd4txkOf92ZDVLB1SDb7kCDQRK
+TP7+EAgAzEYvVE/p21nw5dkgW2kjhpi0ZxBb8WbyBSgtWBuNDbPssrEb75O92CEG
+fXpSEk8hi4J1XEs/xUF+eUR0Z9mI2eHcxoBrxv8Stu3jiVTQhGcBzZ8GwPjZC7+Z
+GaaRL/GaByrbj8aBbH88wpDZLu5YfLD21ChLqrtsU/fzvFw6oMValA5LE4ZwjPVP
+jQhIikMXCqsMOdbvfut2Cp3f7mvQWDIh1GfucQvBz4AcTqdXvVXDDJBNQRZMdCzK
+fLpAfhXbqjSgylag7KyrPDMTxYRqgzsAFeqCktp14NAcKVXAotpcrVfyzFwRGOCD
+EopOAvJy0FmLQZdgdDVlYmsTarq0uwADBQf/QO/nA1fXsNZ28Feh3JVoWoGHij9i
+njMPcxRgBppHUntx7Nfyx616UTvfQpvlFl7vQk44Po5U7WYOwM7ymyx/a/etpvOk
+CQfGsiwBtsPNvRTFx/0UQmLI6AcWvzMS1LpU6oLofJ7PFU4z3VVkEMxeyPkOjmXm
+r3mAqoM38r2nSGFqefHL4Gjp5zt7ovSJPgviutKTFiBTZdIWNYnnlZMkk6Bk5aLm
+qezR2xEis6z4QTkzzjZ2N7iXGvkdU32BJdINFMSL74rHvbkpZbP4NuatZwea85YH
+4EoAVc9NQWsRGMBH1m7nFPZWi+8nYtHrGvD2PDDPvsO9ye6nyErmQrX5vYhJBBgR
+AgAJBQJKTP7+AhsMAAoJEArFH5JtRb/Fa3UAn1vjVKKSR61z6Y0bwtn1schgWr9m
+AKCBf9v5/CF14rlyNfl4xNTHA7og0w==
+=M5DF
+-----END PGP PUBLIC KEY BLOCK-----

build/centos8/fusiondirectory/ansible/files/RPM-GPG-KEY-remi2018

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFpYvNcBEAC2zo9//ebrNepP/TKSCSwRb2V1VGRLL8SS1RrthG26xr/VTxDC
+p7ZSxYdEcFl/f0ppjrjTp9LPrPqKL+Hjjw1eDJjRWNOXgSNW/uD5TO5vrbTiIzmb
+QIWdMoZ7RUc1pJNHn5DtCjp/6Cm7ntijqxcNYOYd4TEAvv9DPHrj5mYCgLQJ++BT
+oONap0cLCRTcEH8q+GqLfwgnLEJ2g7HJYtmlte6YsuKK23GjpvQaNoAzA72aCr47
+JKVhH1k1Fzaw1M8tTURe5WWZvxGT/lD+pl0Cf39X7bbatR1r9RiijGROhMfndyO/
+wqTKLk6gY6Lm5pj6RTKFg+6AUixcUOn0t2zWY7V4VFNnsxACLcQx04zp9T0lRofc
+FCN0HQAMBzo52stezMvLJlncuMYgHuzbkCf7Avan15MwzOO8rrq5v2tokm6tB0Mf
+SRK7HT04gBVxJT9Y9IiACr7iCcIJcgysbHsR7LbJay+15xWDA6ywdeXt50MKxUpl
+MWeqMnCCdQSNMFRp9hdoKZuo/7PUI+4Wc6ShiFH+WqZ33E6EZbVowC/NHvhrftTP
+yo+t6h/ok6l5j+gLYA+Y9VNtt9kfC7rhl1c+3oh01zkO/WVEFy7RDLOm8ah75oMF
+2hKP4FSfX3cX7n9baPhKcFHx2namblICnoNBAIDvG9H6/6EYVhTMzDOI2QARAQAB
+tClSZW1pJ3MgUlBNIHJlcG9zaXRvcnkgPHJlbWlAcmVtaXJlcG8ubmV0PokCTgQT
+AQgAOBYhBGs4/qcjH4f1K5yp2FVQl1lfEXNaBQJaWLzXAhsDBQsJCAcCBhUICQoL
+AgQWAgMBAh4BAheAAAoJEFVQl1lfEXNaM5gP/0k2snbeOKSS93DXz8gnItcU8isw
+jfy+DA8Oum0vItugVtAnykLgB1h0KyVokuT9QII1KfourxVS4UZo+1QsEAxT/JS0
+DT1kWC69kdZzx2j6N5fatBQ/xq8btIHpPl/guaaxgz4db3Hnzly+Gjako1zRUK28
+F87i41fAjgky5qbjozqodBfmRCFRqUzX23MtP/b3+GYz4WL4KSPg/OmiPwosYH41
+faVH34eFTrXFehOMyjTuAR5MZty+nQUO1gUJrmPYaKiRHnymz0aRPOF8YVpFxVV/
+wQBRUGzNpK/UkQPja5w0Ec3EuOoDd3Vn0P1QCSOmicrCkGd6bEcPqL6tIlT0NQ1H
+uKv6HJWAlorivFVhfIku+nyBmv5A9j28A80ut8tlRoHIm7RJiPc8INBd7hguNreh
+M+iHzGWIrfg255AYt8T+h2LQkMcrIap93U/UYq8d9VKDkJ1uQ+sMtET8wk2RkHhu
+GJwJmEFzLUNQ7e156yr3N1BS7caa5grguW1UxOeV2NoFX2e3Wm2VygZymNwa6mZO
+7gQPyIY3iWw4WHj5oFKSAYqHcjWOgBQm2V1mGgDJB5j9noI0hJNH533QKK1C/D/g
+n9TUOF0G7XthASeYxBHut3y8JalOXWKj+cmXf6+Nw37Q0X6bu+CcEiQN2L8sKwE0
+AYmegXGCr9nQi4AkuQINBFpYvNcBEADHD25KtshnEgQLXgexLk5K3WBjCDR/d/vg
+no5Tl/6lWRQqpwFAo6N1fCAKoUhlFhdsxR40dNAA8QPYT/EK9c7j/PbknGzp0+dY
+vSa7HNQ71JeoEjv/y+UFnZA6ZvDspkNCkj35hc8tDXpJtf3Vbv3gaA7gZ6fpw9OT
+/xA6P1leMB1JQm9QEgeiHeNH0rLLpHmfMjMippl3JxL5S4N7FzXmJtnYxpgEn9k/
+MMGg4zLisCZeJoT/VU8usjFuV3PPXNnVir3iBv2TwJM9qjcZ48YWfy4ZkFXf+SH0
+1fkVkBmmuRs316rIftjnjBWXNaA/StpM2OCCx7ktnj+rIX9Pxnvlz9izDKhqHcUB
+cUS3gVkMH7NBTuoP/vIFbenpbOPqRdCVS7u1fpk180T5zyyEEcyzEgWaqCz5soR1
+EG7zRTnPb6u9FTsOX9XU6zhOrYd4SZRWFlvkMtcPpW0o126RVAQ8uys0pH2fR3e1
+rRWngKs2dAOrKbbITLtXqrXZjlZOWMJS5pDbu8RsMwJDc7yHAJ1O0pYE2SC8vgqg
+ZjHZeJ8mrobVcvMXnLCzyri8ZcuIDKGscmiOznN666t2yaYYIf2EmkrzjKxh09M8
+NdpNG/LxyIn3kAG4vObjmKZ0r2BHlsdyJ33wN1qSWtFKeZrc8JnQJbT3eHE0VMP7
+/UjxADwqZQARAQABiQI2BBgBCAAgFiEEazj+pyMfh/UrnKnYVVCXWV8Rc1oFAlpY
+vNcCGwwACgkQVVCXWV8Rc1qyQw//W4DqpkzQMjcnTrjwPq5daxJSQnPKhatVQj2o
+bdb0yRo+Qd8YoTFlldQJY1+zzRiiQ7qO40DZWU/mejgMajmOX2tjFozCa3ENbb6r
+w49BlSbrMyI2kAOtwSTehrzprgzblQhcQy0mM4oxRePQcRZynN4nYA8afb5ROjzN
+Cb4+UAlnTKGukzakmRiPKUInepdTUnA/4UZFQEHj2nb8iP/RxeI1bCMOQoxQMhYh
+dpsCoCOKcmvNYZPVjz3/tmdjet+5WLtzy4xcYqOJQ6aNF4ggjBfuMYRuiFjpMazm
+FS1kDcYtcEAOV6tZ+dlsHYJdoJh52ghUs/kxPJlZM+VzFv/10ToWpCNVwqC+BDXC
+gXUZYxo5XIwUzIbUlHuhVcGsCxEgndaf5qzu0UWGoLdmLgo56yg4ivUATGRnm92T
+WXgjHzSuJhsVEmriswqxd1h4R9EF1TWNhwc4RhrvomzDTuXIy3kAaORqVxCZgbxj
+sSY0+jqkX/AEU0cR4aiD4fEvMPeHJwoo0vnS1nETi2KZrhEnGa6JhJxe91V0vAxR
+9tBx2KLkl4uYHJELoH9JOcv4WMFMgdoA2MjcIzhH5Cc4t+vQC2cK8lLT7IiGfI57
+vhFCsz+GEqHusDfQgLAp0onI9wwCUwtiFZh4jMOJvk6HMGaGVSP30zh1bGqIPjFS
+qk7agVI=
+=sJgk
+-----END PGP PUBLIC KEY BLOCK-----

build/centos8/fusiondirectory/ansible/files/php-fpm.www.conf

+[www]
+user = fusioniam
+group = fusioniam
+listen = /run/php-fpm/www.sock
+listen.acl_users = apache,nginx,fusioniam
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 120
+pm.start_servers = 12
+pm.min_spare_servers = 6
+pm.max_spare_servers = 20
+slowlog = /var/log/php-fpm/www-slow.log
+php_admin_value[error_log] = /var/log/php-fpm/www-error.log
+php_admin_flag[log_errors] = on
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

build/centos8/fusiondirectory/ansible/install.yaml

+---
+- hosts: localhost
+  tasks:
+  - name: Install LTB repository
+    yum_repository:
+      name: LTB-project-packages-noarch
+      description: LTB project packages (noarch) YUM repo
+      file: ltb-project
+      baseurl: https://ltb-project.org/rpm/$releasever/noarch
+      gpgcheck: yes
+
+  - name: Install LTB GPG key
+    copy:
+      src: RPM-GPG-KEY-LTB-project
+      dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Import LTB GPG key
+    rpm_key:
+      key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      state: present
+
+  - name: Install EPEL
+    yum:
+     name: epel-release
+     state: installed
+
+  - name: Install DNF plugin core
+    package:
+     name: dnf-plugins-core
+     state: installed
+
+  - name: Enable PowerTools
+    shell: yum config-manager --set-enabled powertools
+
+  - name: Install Remi GPG key
+    copy:
+      src: RPM-GPG-KEY-remi2018
+      dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Import Remi GPG key
+    rpm_key:
+      key: /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
+      state: present
+
+  - name: Install Remi repo
+    yum:
+     name: "https://rpms.remirepo.net/enterprise/remi-release-8.rpm"
+     state: 'present'
+
+  - name: Enable PHP 7.4 Remi repo
+    shell: dnf -y module install php:remi-7.4
+    
+  - name: Install required packages
+    yum:
+      name:
+       - nginx
+       - git
+       - php
+       - php-Smarty
+       - php-fpm
+       - php-ldap
+       - perl-Path-Class
+       - perl-LDAP
+       - perl-MIME-Base64
+       - perl-Digest-SHA
+       - perl-Crypt-CBC
+       - perl-Bytes-Random-Secure
+       - perl-Archive-Extract
+       - perl-File-Copy-Recursive
+       - perl-XML-Twig
+      state: present
+
+  - name: Install php-fpm configuration
+    copy:
+      src: php-fpm.www.conf
+      dest: /etc/php-fpm.d/www.conf
+
+  - name: Create directories
+    file:
+      path: "{{ item }}"
+      state: directory
+    with_items:
+      - '/etc/fusiondirectory'
+      - '/etc/ldap/schema/fusiondirectory'
+      - '/usr/share/fusiondirectory'
+      - '/usr/local/share/fusiondirectory'
+      - '/var/cache/fusiondirectory'
+
+  - name: Clone FD git repository
+    git:
+      repo: 'https://gitlab.fusiondirectory.org/fusiondirectory/fd.git'
+      dest: '/usr/src/fd'
+      version: '1.4-dev'
+
+  - name: Install binaries
+    copy:
+      src: /usr/src/fd/contrib/bin/{{ item }}
+      dest: /usr/local/bin/
+      owner: root
+      group: root
+      mode: 0755
+      remote_src: yes
+    with_items:
+      - fusiondirectory-insert-schema
+      - fusiondirectory-setup
+
+  - name: Install Smarty plugins
+    copy:
+      src: /usr/src/fd/contrib/smarty/plugins/
+      dest: /usr/share/php/smarty3/plugins/
+      owner: root
+      group: root
+      mode: 0644
+      remote_src: yes
+
+  - name: Install source files
+    copy:
+      src: /usr/src/fd/{{ item }}
+      dest: /usr/local/share/fusiondirectory/
+      owner: root
+      group: root
+      mode: 0755
+      remote_src: yes
+      directory_mode: yes
+    with_items:
+      - html
+      - ihtml
+      - locale
+      - plugins
+      - setup
+      - include
+
+  - name: Check directories
+    command: /usr/local/bin/fusiondirectory-setup --set-fd_home=/usr/local/share/fusiondirectory --yes --check-directories
+
+  - name: Update cache and locales
+    command: /usr/local/bin/fusiondirectory-setup --set-fd_home=/usr/local/share/fusiondirectory --yes --update-cache --update-locales --write-vars

build/centos8/fusiondirectory/ansible/run-ct.sh

+#!/bin/sh
+set -e
+
+echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd
+echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group
+
+/bin/bash /run-playbook.sh /deploy.yaml
+
+if [ "$1" = "nginx" ]
+then
+        ln -sf /dev/stdout /var/log/nginx/access.log
+        ln -sf /dev/stdout /var/log/nginx/error.log
+        ln -sf /dev/stdout /var/log/nginx/fd.access.log
+        ln -sf /dev/stdout /var/log/nginx/fd.error.log
+        /usr/sbin/nginx -g 'daemon off;'
+elif [ "$1" = "php-fpm" ]
+then
+        ln -sf /dev/stdout /var/log/php-fpm/error.log
+        ln -sf /dev/stdout /var/log/php-fpm/www-error.log
+        /usr/sbin/php-fpm --nodaemonize
+fi
+
+exit 0

build/centos8/fusiondirectory/ansible/templates/fusiondirectory-nginx.conf.j2

+server {
+       listen 8080;
+
+       root /usr/local/share/fusiondirectory/html;
+       index index.php;
+
+       server_name {{ VHOST_NAME }}.{{ SSO_DOMAIN }};
+
+       access_log /var/log/nginx/fd.access.log;
+       error_log /var/log/nginx/fd.error.log;
+
+
+       location ~ \.php(?:$|/) {
+         fastcgi_pass unix:/var/run/php-fpm/www.sock;
+         fastcgi_index index.php;
+               include         fastcgi_params;
+         fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+         fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+         fastcgi_param   PATH_INFO        $fastcgi_path_info;
+         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+       }
+
+       location / {
+               try_files $uri $uri/ =404;
+       }
+}

build/centos8/fusiondirectory/ansible/templates/fusiondirectory.conf.j2

+<?xml version="1.0"?>
+<conf>
+  <!-- Main section **********************************************************
+       The main section defines global settings, which might be overridden by
+       each location definition inside.
+
+       For more information about the configuration parameters, take a look at
+       the FusionDirectory.conf(5) manual page.
+  -->
+  <main default="default"
+        logging="TRUE"
+        displayErrors="TRUE"
+        forceSSL="FALSE"
+        templateCompileDirectory="/var/spool/fusiondirectory/"
+        debugLevel="0"
+    >
+
+    <!-- Location definition -->
+        <location name="default"
+    >
+        <referral URI="{{ LDAP_PROTO }}://{{ LDAP_HOST }}:{{ LDAP_PORT }}" base="dc=fusioniam,dc=org"
+                        adminDn="cn={{ FUSIONDIRECTORY_LDAP_USERNAME }},ou=dsa,o=admin,dc=fusioniam,dc=org"
+                        adminPassword="{{ FUSIONDIRECTORY_LDAP_PASSWORD }}" />
+    </location>
+  </main>
+</conf>