diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index e6ce6bf..284c79a 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -7,6 +7,14 @@ nsca_password: HISTORY_PURGED_SECRET
 RSYSLOG_SERVER: internal.monitoring.atlantishq.de
 influxdb_telegraf_password: HISTORY_PURGED_SECRET
 
+ldap_password: flanigan
+ldap_dc: "atlantishq"
+ldap_org: "atlantishq de"
+ldap_suffix: "dc=atlantishq,dc=de"
+ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de"
+ldap_user_dn: "ou=People,dc=atlantishq,dc=de"
+ldap_connection_url: ldap://192.168.122.112
+
 extra_root_keys:
     - "# no extra keys"
 
diff --git a/group_vars/usermanagement.yaml b/group_vars/usermanagement.yaml
index a550e92..e3f85f3 100644
--- a/group_vars/usermanagement.yaml
+++ b/group_vars/usermanagement.yaml
@@ -1,14 +1,7 @@
 ---
-ldap_password: flanigan
-ldap_dc: "atlantishq"
-ldap_org: "atlantishq de"
-ldap_suffix: "dc=atlantishq,dc=de"
-ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de"
-ldap_user_dn: "ou=People,dc=atlantishq,dc=de"
-ldap_connection_url: ldap://192.168.122.112
-
 extra_internal_iptables_ports_allow:
     - { "protocol" : "tcp", "port" : 389, "comment" : "ldap" }
+    - { "protocol" : "tcp", "port" : 22, "comment" : "ssh from backup" }
 
 extra_sheppy_pubkeys: |
     ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaABPy9h009vUQj+gewvhIO9kDpUBkkW5dGz6HsDxp6FLeZ0KOMTPZyRkwPHkC3Jee8vkTl2fFi7wjXhkWSpPe7H/RFdn6nHf5RSvM4aEwhkjD7E1lvf9lLRUXnISeFXFOdD3hpRXqT5yVP9O1S3Rk3b+i9HPlcw1vDmFHS5mZ+rXmxQSyHD8uuyCEL1Ri5IOz9XxycaJ/MHX2XaHWU+xgrQ2uvWrvhnibB3bhtf94GrHJQXRfjUc4nF3SG3937Fkdit5LozuDE3/mLoNN6PwXz13Z2acClpjiyOZQxpa2+TpwE5i2rWoZwsXv//yzohHbA30+qYSxJYQrYZ1XRyOSPFWSp3wwcuj8yMMqMJT2e75ZyWaHuoYuindOFW4VMR7pFppssnnbdLHvJGe5PZMSDxlyhUtkAK4p1nf2nEng3VjCBcn6UWK1po5DQmcLwkd0cQbWTLxHjH4sAtfyp7A8jsGLXrhWraMOOoU0JVkamZrq2BuSyaC5S7+KdvGCg3U= backupvm