diff --git a/helmfile/apps/keycloak/values-keycloak.gotmpl b/helmfile/apps/keycloak/values-keycloak.gotmpl
index 72daf955..0e7380a3 100644
--- a/helmfile/apps/keycloak/values-keycloak.gotmpl
+++ b/helmfile/apps/keycloak/values-keycloak.gotmpl
@@ -34,7 +34,7 @@ keycloakConfigCli:
     - name: "LDAP_USERS_DN"
       value: "cn=users,dc=swp-ldap,dc=internal"
     - name: "LDAP_SERVER_URL"
-      value: {{ .Values.global.ldap.host | quote }}
+      value: {{ .Values.ldap.host | quote }}
     - name: "IDENTIFIER"
       value: "souvap"
     - name: "THEME"
diff --git a/helmfile/apps/nextcloud/values-bootstrap.gotmpl b/helmfile/apps/nextcloud/values-bootstrap.gotmpl
index bf7f6c56..23544f48 100644
--- a/helmfile/apps/nextcloud/values-bootstrap.gotmpl
+++ b/helmfile/apps/nextcloud/values-bootstrap.gotmpl
@@ -36,7 +36,7 @@ config:
     password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
 
   ldapSearch:
-    host: {{ .Values.global.ldap.host | quote }}
+    host: {{ .Values.ldap.host | quote }}
     password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
 
   smtp:
diff --git a/helmfile/apps/open-xchange/values-dovecot.gotmpl b/helmfile/apps/open-xchange/values-dovecot.gotmpl
index bc8c1f7f..8441f21c 100644
--- a/helmfile/apps/open-xchange/values-dovecot.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.gotmpl
@@ -19,7 +19,7 @@ dovecot:
   password: {{ .Values.secrets.dovecot.doveadm | quote }}
   ldap:
     dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
-    host: {{ .Values.global.ldap.host | quote }}
+    host: {{ .Values.ldap.host | quote }}
     password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
   oidc:
     introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
diff --git a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl
index 85529ab4..33ade5f6 100644
--- a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl
@@ -10,7 +10,7 @@ appsuite:
         contactsLdapClient:
           pool:
             host:
-              address: {{ .Values.global.ldap.host | quote }}
+              address: {{ .Values.ldap.host | quote }}
               port: 389
           auth:
             adminDN:
diff --git a/helmfile/apps/open-xchange/values-openxchange.gotmpl b/helmfile/apps/open-xchange/values-openxchange.gotmpl
index 3022f1bc..b25c99ed 100644
--- a/helmfile/apps/open-xchange/values-openxchange.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.gotmpl
@@ -83,7 +83,7 @@ appsuite:
     propertiesFiles:
       "/opt/open-xchange/etc/ldapauth.properties":
         bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
-        java.naming.provider.url: "ldap://{{ .Values.global.ldap.host }}:389/dc=swp-ldap,dc=internal"
+        java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
     uiSettings:
       "io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
       "io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
diff --git a/helmfile/apps/openproject/values.gotmpl b/helmfile/apps/openproject/values.gotmpl
index 54412060..326552be 100644
--- a/helmfile/apps/openproject/values.gotmpl
+++ b/helmfile/apps/openproject/values.gotmpl
@@ -62,7 +62,7 @@ environment:
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
   # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
-  OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.global.ldap.host | quote }}
+  OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
   OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
   OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
   OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
diff --git a/helmfile/apps/provisioning/values-oxconnector.gotmpl b/helmfile/apps/provisioning/values-oxconnector.gotmpl
index 08bcdf7c..542cdaa0 100644
--- a/helmfile/apps/provisioning/values-oxconnector.gotmpl
+++ b/helmfile/apps/provisioning/values-oxconnector.gotmpl
@@ -19,8 +19,8 @@ persistence:
 
 oxConnector:
   domainName: {{ .Values.global.domain | quote }}
-  ldapHost: {{ .Values.global.ldap.host | quote }}
-  notifierServer: {{ .Values.global.ldap.notifierHost | quote }}
+  ldapHost: {{ .Values.ldap.host | quote }}
+  notifierServer: {{ .Values.ldap.notifierHost | quote }}
   #oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
   oxMasterAdmin: "admin"
   oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
index 693dac6c..818a814e 100644
--- a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
@@ -13,7 +13,7 @@ portalListener:
   umcSessionUrl: "http://ums-umc-server/get/session-info"
 
   ldapBaseDn: "dc=swp-ldap,dc=internal"
-  ldapHost: "{{ .Values.global.ldap.host }}"
+  ldapHost: "{{ .Values.ldap.host }}"
   ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
   ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
   machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
index c02e327f..2437d368 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
@@ -13,7 +13,7 @@ stackDataContext:
   domainname: "{{ .Values.global.domain }}"
   externalMailDomain: "{{ .Values.global.domain }}"
   hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
-  ldapHost: "{{ .Values.global.ldap.host }}"
+  ldapHost: "{{ .Values.ldap.host }}"
   ldapBase: "dc=swp-ldap,dc=internal"
   # TODO: This should not be required, the machine account is not there
   # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
diff --git a/helmfile/apps/xwiki/values.gotmpl b/helmfile/apps/xwiki/values.gotmpl
index b893fa82..853dee54 100644
--- a/helmfile/apps/xwiki/values.gotmpl
+++ b/helmfile/apps/xwiki/values.gotmpl
@@ -18,7 +18,7 @@ customConfigs:
   "xwiki.cfg":
     "xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
     ## LDAP Server configuration
-    xwiki.authentication.ldap.server: {{ .Values.global.ldap.host | quote }}
+    xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
     xwiki.authentication.ldap.port: 389
     ## Authentication to the LDAP server
     xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
diff --git a/helmfile/environments/default/_helper.gotmpl b/helmfile/environments/default/_helper.gotmpl
new file mode 100644
index 00000000..4b4f634d
--- /dev/null
+++ b/helmfile/environments/default/_helper.gotmpl
@@ -0,0 +1,10 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+## Define LDAP service (supports "ums_eval" from the CI pipeline)
+ldap:
+  host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
+  notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
+...
diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl
index cc1ce4b6..369665e1 100644
--- a/helmfile/environments/default/global.gotmpl
+++ b/helmfile/environments/default/global.gotmpl
@@ -11,12 +11,6 @@ global:
   #
   domain: {{ env "DOMAIN" | default "souvap.cloud" | quote }}
 
-
-  ## Define LDAP service (supports "ums_eval" from the CI pipeline)
-  ldap:
-    host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
-    notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
-
   ## Define docker registry address.
   #
   imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" | quote }}