feat(nubus): Configure migration scripts from ldap 2.4 to 2.5

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -143,6 +143,56 @@ nubusLdapServer:
   persistence:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
     size: {{ .Values.persistence.size.nubus.ldapServerData | quote }}
+  extraVolumes:
+    - name: "migration-scripts"
+      secret:
+        secretName: "ums-ldap-server-migration"
+        defaultMode: 0555
+  extraVolumeMounts:
+    - name: "migration-scripts"
+      mountPath: "/entrypoint.d/30-purge.sh"
+      subPath: "30-purge.sh"
+    - name: "migration-scripts"
+      mountPath: "/entrypoint.d/95-slapadd-24-ldiff.sh"
+      subPath: "95-slapadd-24-ldif.sh"
+  extraSecrets:
+    - name: "ums-ldap-server-migration"
+      stringData:
+        30-purge.sh: |
+          #!/usr/bin/env bash
+
+          me=$(basename "$0")
+          echo "- Running ${me}"
+
+          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
+            echo "- Cleaning up /var/lib/univention-ldap."
+            cd /var/lib/univention-ldap
+            rm -rf internal
+            rm -rf ldap
+            ls -l
+          else
+            echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
+          fi
+        95-slapadd-24-ldif.sh: |
+          #!/usr/bin/env bash
+
+          me=$(basename "$0")
+          echo "- Running ${me}"
+
+          ls -l /var/lib/univention-ldap
+
+          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
+            echo "- slapadd-ing /var/lib/univention-ldap/ldap-24-export.ldif, but not before deleting the directories /var/lib/univention-ldap/ldap and ./internal"
+            rm -rf /var/lib/univention-ldap/ldap
+            rm -rf /var/lib/univention-ldap/internal
+            mkdir /var/lib/univention-ldap/ldap
+            mkdir /var/lib/univention-ldap/internal
+            /usr/sbin/slapadd -l /var/lib/univention-ldap/ldap-24-export.ldif
+            mv /var/lib/univention-ldap/ldap-24-export.ldif /var/lib/univention-ldap/ldap-24-export.ldif-imported
+          else
+            echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
+          fi
+
 
 nubusPortalFrontend:
   additionalAnnotations:

helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl

@@ -10,16 +10,6 @@ image:
   pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   tag: {{ .Values.images.oxConnector.tag | quote }}
 
-  waitForDependency:
-    registry: {{ .Values.global.imageRegistry | default .Values.images.nubusWaitForDependency.registry | quote }}
-    repository: {{ .Values.images.nubusWaitForDependency.repository }}
-    imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-    pullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-    - name: {{ . | quote }}
-    {{- end }}
-    tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}
-
 imagePullSecrets:
 {{- range .Values.global.imagePullSecrets }}
   - name: {{ . | quote }}
@@ -29,8 +19,16 @@ ingress:
   enabled: false
 
 oxConnector:
+  caCert: "ucctempldapstring"
+  debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }}
   domainName: {{ .Values.global.domain | quote }}
-  logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
+  ldapHost: "{{ .Values.ldap.host }}-primary"
+  logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
+  ldapPassword: {{ .Values.secrets.nubus.ldapSecret | quote }}
+  ldapBaseDn: "dc=swp-ldap,dc=internal"
+  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
+  tlsMode: "off"
+  notifierServer: {{ .Values.ldap.notifierHost | quote }}
   oxDefaultContext: "1"
   oxImapServer: "imap://127.0.0.1:143"
   oxLocalTimezone: "Europe/Berlin"
@@ -40,13 +38,6 @@ oxConnector:
   oxSmtpServer: "smtp://127.0.0.1:587"
   oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
 
-provisioningApi:
-  connection:
-    baseUrl: "http://ums-provisioning-api"
-  auth:
-    username: "ox-connector"
-    password: {{ .Values.secrets.oxConnector.provisioningApiPassword | quote }}
-
 resources:
   {{ .Values.resources.oxConnector | toYaml | nindent 2 }}
 

helmfile/environments/default/charts.yaml

@@ -261,11 +261,10 @@ charts:
     # upstreamRepository: "nubus/charts/nubus"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "19", "3"]
-    # TODO: return back mirror registry and repository, set the correct version before merging
+    registry: "registry.opencode.de"
-    registry: "artifacts.software-univention.de"
+    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
-    repository: "nubus-dev/charts"
     name: "nubus"
-    version: "0.59.0-pre-acaceres-register-ox-connector"
+    version: "0.57.3"
     verify: true
   opendeskKeycloakBootstrap:
     # providerCategory: "Platform"
@@ -341,7 +340,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ox-connector"
-    version: "0.14.2"
+    version: "0.4.2"
     verify: true
   postfix:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml

@@ -743,7 +743,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "4", "2"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-connector-standalone"
-    tag: "0.14.2@sha256:105a076bda63e6723a631bbe4e312273ea8ad6cae14e4aa8a46df4604aebfe4c"
+    tag: "0.4.2@sha256:308489c0c0e0436bbbedbd757f78875d44468992c46c8d371c584dc778b30770"
   postfix:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/secrets.gotmpl

@@ -19,8 +19,6 @@ secrets:
     shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
     sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }}
     synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }}
-  oxConnector:
-    provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }}
   nubus:
     ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
     ldapSearch: