fix(univention-management-stack): Use ldap base DN "dc=swp-ldap,dc=internal"

2025-12-06 07:21:36 +01:00 · 2023-09-13 15:55:31 +02:00
parent 09079a1303
commit 77e362f6bc
7 changed files with 19 additions and 14 deletions
--- a/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 ---
 ldapServer:
  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"

  # TODO: Certificates handling
  # caCert: ""
--- a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalListener:
-  adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+  adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
  environment: "staging"
  debugLevel: "4"
  assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
@@ -12,13 +12,13 @@ portalListener:
  umcGetUrl: "http://ums-umc-server/get"
  umcSessionUrl: "http://ums-umc-server/get/session-info"

-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
  ldapHost: "ums-ldap-server"
-  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
  machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
  notifierServer: "ums-ldap-notifier"
-  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=univention-organization,dc=intranet"
+  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
  udmApiUrl: "http://ums-udm-rest-api/udm/"
  udmApiUsername: "cn=admin"

--- a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalServer:
-  adminGroup: "cn=Domain Admins,cn=groups,dc=univention,dc=intranet"
+  adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
  authMode: "saml"
  environment: "staging"
  editable: "true"
--- a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
@@ -9,6 +9,9 @@ stackDataSwp:
  udmApiUrl: "http://ums-udm-rest-api/udm/"
  loadDevData: true

+stackDataContext:
+  ldapBase: "dc=swp-ldap,dc=internal"
+
 image:
  registry: "{{ .Values.global.imageRegistry }}"
  repository: "{{ .Values.images.umsDataLoader.repository }}"
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
@@ -10,6 +10,7 @@ stackDataUms:
  loadDevData: true

 stackDataContext:
+  ldapBase: "dc=swp-ldap,dc=internal"
  initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"

  # The SWP configuration brings its own UMC policies.
--- a/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
@@ -6,14 +6,14 @@ SPDX-License-Identifier: Apache-2.0
 udmRestApi:
  apiLogLevel: "4"
  authGroups:
-    dcBackup: "cn=DC Backup Hosts,cn=groups,dc=univention-organization,dc=intranet"
-    dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=univention-organization,dc=intranet"
-    domainAdmins: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+    dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
+    dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
+    domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
  ldapHost: "ums-ldap-server"
-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
  # TODO: This should not be required, the machine account is not there
-  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
-  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
+  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
  # TODO: Secret should be entered without b64enc
  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
  # TODO: Secret should be entered without b64enc
--- a/helmfile/apps/univention-management-stack/values-umc-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umc-server.gotmpl
@@ -7,10 +7,10 @@ umcServer:
  domainname: "{{ .Values.global.domain }}"
  hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
  ldapHost: "ums-ldap-server"
-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
  # TODO: This should not be required, the machine account is not there
-  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
-  ldapHostDn: cn=admin,dc=univention-organization,dc=intranet
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
+  ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
  enforceSessionCookie: "true"

  # TODO: The keycloak integration is pending