feat(ox-connector): Update values for deputy permissions

feat(ox-connector): More settings for deputy permissions
feat(ox-connector): Enable deputy permissions
2025-12-06 15:31:38 +01:00 · 2025-11-14 16:00:56 +01:00 · 2025-11-13 08:31:59 +01:00 · 2025-11-11 14:52:25 +01:00 · 2025-11-10 18:34:31 +01:00 · 2025-11-10 18:34:31 +01:00
5 changed files with 37 additions and 29 deletions
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -1110,9 +1110,9 @@ nubusProvisioning:
    createUsers:
      oxConsumer:
        existingSecret:
-          name: ums-provisioning-ox-credentials
+          name: ox-connector-provisioning-api
          keyMapping:
-            registration: "ox-connector.json"
+            registration: registration
    {{- end }}
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
@@ -1658,6 +1658,3 @@ extraSecrets:
  - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
    stringData:
      password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
-  - name: "ums-provisioning-ox-credentials"
-    stringData:
-      ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -392,6 +392,8 @@ appsuite:
        {{- end }}
        open-xchange-authentication-application-storage-rdb: {{ ternary "enabled" "disabled" .Values.functional.groupware.davSupport.enabled }}
        open-xchange-mail-categories: {{ ternary "enabled" "disabled" .Values.functional.groupware.mail.categories.enabled }}
+        # Enable deputy permissions
+        open-xchange-deputy: "enabled"
    properties:
      com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
      com.openexchange.share.guestHostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
@@ -598,6 +600,17 @@ appsuite:
      com.openexchange.authentication.application.storage.rdb.loginNameSource: "mail"
      com.openexchange.authentication.application.storage.rdb.contextLookupNamePart: "full"
      {{- end }}
+      # Required for deputy permissions
+      com.openexchange.dovecot.doveadm.enabled: "true"
+      com.openexchange.dovecot.doveadm.endpoints: "http://dovecot:8080/doveadm/v1"
+      com.openexchange.dovecot.doveadm.endpoints.totalConnections: "100"
+      com.openexchange.dovecot.doveadm.endpoints.maxConnectionsPerRoute: "0"
+      com.openexchange.dovecot.doveadm.endpoints.readTimeout: "20000"
+      com.openexchange.dovecot.doveadm.endpoints.connectTimeout: "5000"
+      com.openexchange.dovecot.doveadm.apiSecret: {{ .Values.secrets.dovecot.doveadm | quote }}
+      com.openexchange.deputy.provider.imap.doveadm.personalNamespace: "/"
+      com.openexchange.deputy.provider.imap.doveadm.sharedNamespace: "shared/"
+      com.openexchange.deputy.provider.imap.doveadm.publicNamespace: "shared/"
    {{- if .Values.certificate.selfSigned }}
    extraEnv:
    - name: "JAVA_OPTS_APPEND"
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -2,6 +2,11 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
+global:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
 {{- if .Values.certificate.selfSigned }}
 extraVolumes:
  - name: "trusted-cert-secret-volume"
@@ -16,40 +21,33 @@ extraVolumeMounts:
    subPath: "ca-certificates.crt"
 {{- end }}

+waitForDependency:
+  image:
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
+    repository: {{ .Values.images.nubusWaitForDependency.repository }}
+    imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+    tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}
+
+oxConnector:
  image:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.oxConnector.registry | quote }}
    repository: {{ .Values.images.oxConnector.repository | quote }}
    pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    tag: {{ .Values.images.oxConnector.tag | quote }}
-  waitForDependency:
-    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
-    repository: {{ .Values.images.nubusWaitForDependency.repository }}
-    imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-    pullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-    - name: {{ . | quote }}
-    {{- end }}
-    tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}

-imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
-  - name: {{ . | quote }}
-{{- end }}
-
-ingress:
-  enabled: false
-
-oxConnector:
+openXchange:
  domainName: {{ .Values.global.domain | quote }}
  logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
  oxDefaultContext: "1"
  oxImapServer: "imap://127.0.0.1:143"
  oxLocalTimezone: "Europe/Berlin"
  oxLanguage: {{ .Values.functional.internationalization.defaultLanguage | quote }}
-  oxMasterAdmin: "admin"
-  oxMasterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
+  auth:
+    username: "admin"
+    password: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
  oxSmtpServer: "smtp://127.0.0.1:587"
  oxSoapServer: {{ printf "http://%s.%s.svc.%s" "open-xchange-core-mw-admin" (.Values.apps.oxAppSuite.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
+  oxDeputyPermissions: true

 provisioningApi:
  connection:
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -427,7 +427,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "ox-connector"
-    version: "0.27.9"
+    version: "0.32.3"
    verify: true
  postfix:
    # providerCategory: "Platform"
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -560,7 +560,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.15.1@sha256:e9c46d93abe6d7a8abcd2dc5cd38f178cd3b78f971f81b34fa5bd27270604db8"
+    tag: "1.16.0-trossner-enable-ocx-deputy@sha256:a08b7ce7e8b71f17f60a1ab63f7e58b1b0ed19802d8c12f37000c36efc40e413"
  nubusOpendeskExtensionA2gMapper:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -588,7 +588,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "10", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.27.9@sha256:e059d4e521284b21b5aa3664e9c3261be1a195d112004542b56a784165f8ea9e"
+    tag: "0.32.3@sha256:8043b424d3dd5d0f004498754531a426e2ca3204e760e32c971ac479b3adf7ff"
  nubusPortalConsumer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -906,7 +906,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "4", "2"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-connector-standalone"
-    tag: "0.27.9@sha256:749a59c7ae9eb7882448fce5441bf05aba84ef4ee6d8107e63d22267faa40763"
+    tag: "0.32.3@sha256:6057c841683186838ea12781d6e98275455ea6ff9ddffcd37d7c786707ded301"
  postfix:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
Author	SHA1	Message	Date
Norbert Tretkowski	4733bf0dff	feat(ox-connector): Update values for deputy permissions	2025-11-14 16:00:56 +01:00
Norbert Tretkowski	47e3bf81c2	feat(ox-connector): More settings for deputy permissions	2025-11-13 08:31:59 +01:00
Norbert Tretkowski	4361ea3798	feat(ox-connector): Enable deputy permissions	2025-11-11 14:52:25 +01:00
Norbert Tretkowski	ea7e6125e9	feat(ox-connector): Update to v0.32.3	2025-11-10 18:34:31 +01:00
Thorsten Roßner	9211f3f900	fix(nubus): Update Nubus customization image to unhide OX deputy settings	2025-11-10 18:34:31 +01:00
Norbert Tretkowski	ec7fa2fba1	feat(ox-connector): Update to v0.32.2	2025-11-10 18:34:31 +01:00