sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 23:41:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(nubus): Support for custom UDM commands

Browse Source
This commit is contained in:
Thorsten Roßner
2025-02-05 15:13:56 +01:00
parent 9c79c44453
commit aff8edbde2
9 changed files with 25 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
helmfile/apps/element/values-synapse-admin.yaml.gotmpl
View File

@@ -48,9 +48,9 @@ configuration:
serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }} serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
ldap: ldap:
base: {{ .Values.ldap.baseDn | quote }} base: {{ .Values.ldap.baseDn | quote }}
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal" bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}"
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }} bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal)" filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }})"
uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }} uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }}
cron: cron:
image: image:

8
helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
View File

@@ -24,21 +24,21 @@ configuration:
name: "description" name: "description"
uid: "uid" uid: "uid"
base: {{ .Values.ldap.baseDn | quote }} base: {{ .Values.ldap.baseDn | quote }}
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal" bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}"
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }} bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
check_interval_seconds: 60 check_interval_seconds: 60
type: mapped-ldap type: mapped-ldap
uri: "ldap://ums-ldap-server:389" uri: "ldap://ums-ldap-server:389"
spaces: spaces:
- groups: - groups:
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal" - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
powerLevel: 50 powerLevel: 50
- externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,dc=swp-ldap,dc=internal" - externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}"
id: "c3122e32-4e05-4bf8-8a5d-66679076ed36" id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
name: "openDesk" name: "openDesk"
subspaces: subspaces:
- groups: - groups:
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal" - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
powerLevel: 50 powerLevel: 50
id: "e7889d96-5baa-4e21-be6e-12c66b2e9565" id: "e7889d96-5baa-4e21-be6e-12c66b2e9565"
name: "openDesk Element Admins" name: "openDesk Element Admins"

7
helmfile/apps/nubus/values-nubus.yaml.gotmpl
View File

@@ -1119,7 +1119,6 @@ nubusStackDataUms:
portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}" portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}"
portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }} portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }}
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }} portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }}
oxDefaultContext: "1" oxDefaultContext: "1"
ldapSearchUsers: ldapSearchUsers:
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }} {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
@@ -1159,6 +1158,12 @@ nubusStackDataUms:
{{- else }} {{- else }}
deployDate: false deployDate: false
{{- end }} {{- end }}
# executes a list of UDM commands as step `03-custom-initializer.yaml` of the opendesk-nubus customization
# Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader
udmCustomInitializer: []
# executes a list of UDM commands as step `97-custom-finalizer.yaml` of the opendesk-nubus customization
# Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader
udmCustomFinalizer: []
nubusUmcServer: nubusUmcServer:
additionalAnnotations: additionalAnnotations:

4
helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
View File

@@ -23,8 +23,8 @@ dovecot:
enabled: true enabled: true
host: {{ .Values.ldap.host | quote }} host: {{ .Values.ldap.host | quote }}
port: 389 port: 389
base: "dc=swp-ldap,dc=internal" base: "{{ .Values.ldap.baseDn }}"
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_dovecot,cn=users,{{ .Values.ldap.baseDn }}"
password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }} password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
oidc: oidc:
enabled: true enabled: true

2
helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
View File

@@ -25,7 +25,7 @@ appsuite:
auth: auth:
type: "adminDN" type: "adminDN"
adminDN: adminDN:
dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
uiSettings: uiSettings:

4
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
View File

@@ -330,8 +330,8 @@ appsuite:
/opt/open-xchange/etc/system.properties: /opt/open-xchange/etc/system.properties:
SERVER_NAME: "oxserver" SERVER_NAME: "oxserver"
/opt/open-xchange/etc/ldapauth.properties: /opt/open-xchange/etc/ldapauth.properties:
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal" java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/{{ .Values.ldap.baseDn }}"
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" bindDN: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
bindOnly: "false" bindOnly: "false"
/opt/open-xchange/etc/antivirus.properties: /opt/open-xchange/etc/antivirus.properties:

6
helmfile/apps/openproject/values.yaml.gotmpl
View File

@@ -56,8 +56,8 @@ environment:
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389" OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }}
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap" OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,{{ .Values.ldap.baseDn }}"
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "{{ .Values.ldap.baseDn }}"
OPENPROJECT_SEED_LDAP_OPENDESK_FILTER: OPENPROJECT_SEED_LDAP_OPENDESK_FILTER:
"(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))" "(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))"
OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true" OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true"
@@ -66,7 +66,7 @@ environment:
OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn" OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn"
OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress" OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress"
OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin" OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin"
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "{{ .Values.ldap.baseDn }}"
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER: OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER:
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))" "(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"

8
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -76,10 +76,10 @@ customConfigs:
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }} xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
xwiki.authentication.ldap.port: 389 xwiki.authentication.ldap.port: 389
## Authentication to the LDAP server ## Authentication to the LDAP server
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,{{ .Values.ldap.baseDn }}"
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }} xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }}
## Base DN used for searching for users ## Base DN used for searching for users
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" xwiki.authentication.ldap.base_DN: "{{ .Values.ldap.baseDn }}"
## Allow short update cycles of the LDAP group cache ## Allow short update cycles of the LDAP group cache
xwiki.authentication.ldap.groupcache_expiration: 300 xwiki.authentication.ldap.groupcache_expiration: 300
## Mapping for XWiki attributes to the respective LDAP attributes ## Mapping for XWiki attributes to the respective LDAP attributes
@@ -162,7 +162,7 @@ properties:
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443 "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping. ## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping.
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal" "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
## SMTP settings ## SMTP settings
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}" "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
@@ -202,7 +202,7 @@ properties:
1 1
## Base DN under which groups should be searched for ## Base DN under which groups should be searched for
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
"dc=swp-ldap,dc=internal" "{{ .Values.ldap.baseDn }}"
## LDAP filter to only synchronize some groups ## LDAP filter to only synchronize some groups
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))" "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"

2
helmfile/environments/default/images.yaml.gotmpl
View File

@@ -528,7 +528,7 @@ images:
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
tag: "1.10.0@sha256:b8df7c3f2257316f95945c8af53d0023e937c7295b8e5a4f73d6679c4df6c93e" tag: "1.11.0@sha256:738f41b5faaeb79ac5300d8c2230e0e8ec88c3e1f43eb34e27787b152c5cebe1"
nubusOpenPolicyAgent: nubusOpenPolicyAgent:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"