From 77e362f6bc053c5d456bf65649f15130ce53547c Mon Sep 17 00:00:00 2001
From: Johannes Bornhold <johannes.bornhold.extern@univention.de>
Date: Wed, 13 Sep 2023 15:55:31 +0200
Subject: [PATCH] fix(univention-management-stack): Use ldap base DN
 "dc=swp-ldap,dc=internal"

---
 .../values-ldap-server.gotmpl                        |  1 +
 .../values-portal-listener.gotmpl                    |  8 ++++----
 .../values-portal-server.gotmpl                      |  2 +-
 .../values-stack-data-swp.gotmpl                     |  3 +++
 .../values-stack-data-ums.gotmpl                     |  1 +
 .../values-udm-rest-api.gotmpl                       | 12 ++++++------
 .../values-umc-server.gotmpl                         |  6 +++---
 7 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
index ab96a512..a7985caf 100644
--- a/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 ---
 ldapServer:
   ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
 
   # TODO: Certificates handling
   # caCert: ""
diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
index 1158fb34..eba91b63 100644
--- a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalListener:
-  adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+  adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
   environment: "staging"
   debugLevel: "4"
   assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
@@ -12,13 +12,13 @@ portalListener:
   umcGetUrl: "http://ums-umc-server/get"
   umcSessionUrl: "http://ums-umc-server/get/session-info"
 
-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
   ldapHost: "ums-ldap-server"
-  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
   ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
   machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
   notifierServer: "ums-ldap-notifier"
-  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=univention-organization,dc=intranet"
+  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
   udmApiUrl: "http://ums-udm-rest-api/udm/"
   udmApiUsername: "cn=admin"
 
diff --git a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
index 65db5b61..8db50b95 100644
--- a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalServer:
-  adminGroup: "cn=Domain Admins,cn=groups,dc=univention,dc=intranet"
+  adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
   authMode: "saml"
   environment: "staging"
   editable: "true"
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
index 182a9e77..818c1869 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
@@ -9,6 +9,9 @@ stackDataSwp:
   udmApiUrl: "http://ums-udm-rest-api/udm/"
   loadDevData: true
 
+stackDataContext:
+  ldapBase: "dc=swp-ldap,dc=internal"
+
 image:
   registry: "{{ .Values.global.imageRegistry }}"
   repository: "{{ .Values.images.umsDataLoader.repository }}"
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
index 2110ecf0..f726416d 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
@@ -10,6 +10,7 @@ stackDataUms:
   loadDevData: true
 
 stackDataContext:
+  ldapBase: "dc=swp-ldap,dc=internal"
   initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
 
   # The SWP configuration brings its own UMC policies.
diff --git a/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl b/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
index 9e2cbe65..2964d5fc 100644
--- a/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
@@ -6,14 +6,14 @@ SPDX-License-Identifier: Apache-2.0
 udmRestApi:
   apiLogLevel: "4"
   authGroups:
-    dcBackup: "cn=DC Backup Hosts,cn=groups,dc=univention-organization,dc=intranet"
-    dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=univention-organization,dc=intranet"
-    domainAdmins: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+    dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
+    dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
+    domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
   ldapHost: "ums-ldap-server"
-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
   # TODO: This should not be required, the machine account is not there
-  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
-  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
+  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
   # TODO: Secret should be entered without b64enc
   ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
   # TODO: Secret should be entered without b64enc
diff --git a/helmfile/apps/univention-management-stack/values-umc-server.gotmpl b/helmfile/apps/univention-management-stack/values-umc-server.gotmpl
index 8a15da5c..febffb39 100644
--- a/helmfile/apps/univention-management-stack/values-umc-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umc-server.gotmpl
@@ -7,10 +7,10 @@ umcServer:
   domainname: "{{ .Values.global.domain }}"
   hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
   ldapHost: "ums-ldap-server"
-  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
   # TODO: This should not be required, the machine account is not there
-  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
-  ldapHostDn: cn=admin,dc=univention-organization,dc=intranet
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
+  ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
   enforceSessionCookie: "true"
 
   # TODO: The keycloak integration is pending