apiVersion: v1 kind: ConfigMap metadata: name: samba-ad-bootstrap namespace: samba-directory data: bootstrap.ldif: | # ----------------------------- # OU structure # ----------------------------- dn: OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: Undercloud description: Root OU for all Undercloud directory objects dn: OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: users description: Human user accounts dn: OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: serviceaccounts description: Non-interactive service accounts dn: OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: groups description: Security and role groups # ----------------------------- # Groups (CREATE FIRST) # ----------------------------- dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: undercloud-users sAMAccountName: undercloud-users description: All standard user accounts groupType: -2147483646 dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: undercloud-administrators sAMAccountName: undercloud-administrators description: Global administrators for Undercloud groupType: -2147483646 dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: fileserver-access sAMAccountName: fileserver-access description: Access control group for SMB file shares groupType: -2147483646 dn: CN=gitea-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: gitea-admins sAMAccountName: gitea-admins description: Administrative access to Gitea groupType: -2147483646 dn: CN=argocd-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: argocd-admins sAMAccountName: argocd-admins description: Administrative access to Argo CD groupType: -2147483646 dn: CN=firewall-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: firewall-admins sAMAccountName: firewall-admins description: Administrative access to firewall systems groupType: -2147483646 dn: CN=bookstack-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: bookstack-admins sAMAccountName: bookstack-admins description: Administrative access to BookStack groupType: -2147483646 dn: CN=nextcloud-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: nextcloud-admins sAMAccountName: nextcloud-admins description: Administrative access to Nextcloud groupType: -2147483646 dn: CN=samba-service,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: samba-service sAMAccountName: samba-service description: Service group for Samba / SMB integration groupType: -2147483646 # ----------------------------- # Users # ----------------------------- dn: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: sebastian sn: Gurlin givenName: Sebastian displayName: Sebastian Gurlin sAMAccountName: sebastian userPrincipalName: sebastian@undercloud.local description: Primary human user account userAccountControl: 512 thumbnailphoto:: /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwc HBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw 4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eH h7/wAARCABTAGADASIAAhEBAxEB/8QAHAAAAQQDAQAAAAAAAAAAAAAAAAQFBgcCAwgB/8QAPhAA AQMDAgMFBQQHCQEAAAAAAQIDBAAFERIhBjFBEyJRcYEHMmGRoRQjQsEkM1JygrHRFSVDU2Jjk7L h8P/EABoBAAIDAQEAAAAAAAAAAAAAAAUGAAMEAgf/xAAvEQABBAECAwcDBAMAAAAAAAABAAIDEQ QFIRIxQQYTUWFxkdEigaEUMuHwI7Hx/9oADAMBAAIRAxEAPwDsuiiioosNSU81D1Nea0j8SfnVb +0u9OxXZTbBS6pptC1IV0RqKTgjcHJG/wAKrOTMvMpJNnv77LnSNKUkZ+CV4wfXFFsbSJZ4+8ug lvL7SQY0xiLSSF0olYPIg14pxCfeUkeZrlNzizjq0yizInyo7o/C42N/iNtx8alVjvl5ufCjMx6 d/eCpzjfbuI1J0Ja1aCkeO+4wRVkuiSRNsuBHkqmdqIHWOE2Fdt64lslnbK7jcY7OOiljJ9Kq7j P20wwytjh5DjroP60pwn6/0qvbxZGZKlyZ7MyOs7qkxnDJZ9UqOtPz9KZzw1MLZctzjFybG/6Mr Kx5oOFD5UQxNJx27yGz57BCsntJNMCIgAPLcrpP2b3927MSGZLut5kNqOTuNTaVfnUwGMmuc7Bf 5HDPHofIX2LzEdDqDt/hIHKuhYj6ZMZD6PdcSFCg+pYRx3hw/a4WEx6JqIy4i0n6mmilNFFFDUb WOOta3lhtpa1ckpJrZ0qMe0O7JtdjWtT7UdDndW85nS2DsCceJIHrXcLON4aOqz5MwhidIegVT3 Ocq7cXXXvEofZdZSP3RkfVNR6E0VHcc6ktqssqLOjzlJQ8wpxK0vNKC0LBPMEUtgcOqVLWlwoZb DhQCvbVgn3R1OKfosqCBtNO1D8f0LxbKM2RISWmyT+d02W2M9LZ+xLYTMaVyZcTqHp1T5jFPdqt 1ngpNoiOth5l0y5DbgLiWU6dBSlQ/F3h4460uRJjxEKjwmuzQditQypfr0HwrG3sRzNkOtxmkOP MqSVpG52/8obPI6SzVD+81zh5kUbu7DuInbrQ9Ov3TTP/AEcFcOzuSSOTjMgf9U5NQu7TnDK7X+ y4cV9J97sjrz4nJxn0qVzSUg6diOopAmZcXz9lbzLJ2S042HR9c0SgjDRbgD6k/wAqqDM4jTRw+ lH+UlkSXbtb4kyYyxJOgsvFR7NxK0dUqAxukg4Vtz5VaPsx4hZXamoDskOJQdDa1EBQ8ArBI9Qe lQbTbE2KdHklpEpvQ8tUQZQ0rUEjmcE94504pFY0PQZiXWlo0ylhpLiD3VkpXpx/Fp25isGVjty IXN5AHbw+3umTS9RdiTtePq4hv4/f2XRFHSohwDxdGv0NLLig1MbAC2ydz8RUvHKlGeB8Lyx4oh el4uTHkxh8ZsFI7nNYgQnJUhYQ2gZJJqjuO+IXOI4F6GcRkxCWknrpWk5+lSL2zP3+S6mDDjqXC TuvQoFSj4aeeKry2pWY06MtKkrXCkJ0nY/q1Hr5UzaTp8bcc5DiC7p5JD7SavK7IGMyw0EX5n4T l7Mrg+iPCSiQttpDbiHQFd3CcnccuRFTuc5b37m5IcLqJaWy2hxSyUgHmdI90+Qqr+EEPW7httD uzs1XagY3Q2cYH8WAfICpRdZa27tJAVsHCK2PxO9kDhtsf9pTlzZIWvazcWLB5bg+yenIT6ElQC Xm/wBpBz8+o9a22hWmawpXXKT9R+dMcCdIcc0sKVrJwkJzk1KLa+C6lmWplyUASkpHukDI1KHPl yrPOHxgtduh2FiRPmD222iOe4u+V7FR+VB1pW5Ic+zspUQVkZJ+CR1NRu63NxLbkS2tKisK2WrP 3rv7x6D4DbzqZyZltuiWpCi4lLmUhxsZQCDj3TuBSCbw6XCosKbeA56T3h/Cd614s7Af83seStf CYSRFv5jn7cwFDYeU2e7H/ZbA/wCRNbeHpTkCM7cHkhyG04gdksd1ThUAkjwxzyPD409t2F4W+f HbQoOOBtOFDGO+Mk0k4riNR7G5BighEeMVFX7StQVqI8dv5VrlnY9rmN3s/igtGM8sLS7bw9bK1 PTYMG/yFxJEq2yGH1AKI7Rs4UfDBA9DVr+zziuTeS5GlOxXilOUusOA58xzHqKpi9QH5nFUiPFb U64+9lIA56t8/Wro9mvBTPD0ISHwFzVjKleHwoXrTMduO0vNvIFePzSbuzJzHZLgzZgO/h/30Um vVoh3eEuNLbCgRsrqk+INVHxDaLrwzcUKlYnWlStBU6jWUoOxGeY2J61diRtikl2t0W5wlxZaNb SxuKXsHOdjnhcLaeY+E2aro8eazibs8cj8qgwyibcXlRz32HuzfZ6tb7EeKCMYPhil8y3rfuMuQ 84mPHD6wXVjnudkj8R8qc+MuHXeHLm9crVr1KbZ1KKCe63qGc+RSD5UgmXeFdI7VwcaafQsaSWn sdmrqnYlI8eVMkOU6UNLDY5efsvM9Q004jniQUbB6116haXLg3GbUxbkFls7LdUfvHPM9B8BSvh x8oucck7awM/A7U2rFse/VyH2T4OICx8xv9KcLXDdU62qI8xIKVA4QrCufgcVplEYjIO1+Pygre 9MjXjeiKA+F5bIrsKEth5pSC1MdQMjmNsEU6Fl5yV90FqOQRp/+2pxmRlMzHX3Xeyi6tRUep5kA dTSC5XhJZUiOns2uX+pXmfyrCyR0lcIu/bdd5mO3jc+S20dh1NdR4ApeJjUaNIakurfIb1KCcbA EZGo7n+VMNwRabozJaiS2kPPIUhDbp7MkkEAb7dfH0pNElpcnIjk7PBTZP7wI/OkHA9rcuvFkeO tOptpWtZ6bH+tXjFbEx73OIoX/R9lvwpHZj44ywGzQu7G987VncBcLsRSLtKTqmOtoB1D3SEgHH qDU2PI1g0hLbQQBgJGBWRxvShPM+Z/E4r2PCxI8WIMYK+VnRRRVK2JFcYjM2GuO6DhQ2I5g/CqH +zNxOLpNonRikSVlBdb7hcO+lShyJB67Hc710FtUN9oPDbU5LN0jt/pkZ1K8j8QB5UU0vLbE8sd yd18D0KW+0OnOyYRJH+5vPzHUKn5LN5ac12cWh9AOyFpIdPo4cfI0mf4k4hh/cXDt4BJ5Oxho9C By+dP4tNwfukmNEiOuaXVJ2Gw3NSmxcD3VzuzH+wZPNvGoHzB2pklyIY28T3A+u5Xn2Li5OQ7gb Ga5bCgo3b71Nk8Htvh9pxTEhbSwnSUFJAUMjl40iVc4clOmSyuOv8AzGe8n1Sdx6GrYh8DWOMw4 yiOhtLqkrdS2gJStQzg48dzypU3wbYEA5gtnzAoXHq2My/pN302RyTshlSuDuIVQFHfkKVM9hI1 iXEUiWltQXqZOSMHqnmPlVmezCyCJIuE9TekPOkt7fhO4/nT+jhOxoIUiElCk8ik4I+VO8SO3Hb 0IBx8Tkmsudqv6mPgaKRrRezRwZu8kINcq8UpooooKm9FFFFRRFeYBSQRmiiook0dlpClKS2kEn cgc6UjrRRXblRAAAvaKKK4V6KKKKiiKKKKii//2Q== dn: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: glados sn: Glados givenName: Glados displayName: Glados sAMAccountName: glados userPrincipalName: glados@undercloud.local description: Administrative AI persona account userAccountControl: 512 dn: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: shodan sn: Shodan givenName: Shodan displayName: Shodan sAMAccountName: shodan userPrincipalName: shodan@undercloud.local description: Administrative AI persona account userAccountControl: 512 dn: CN=lam,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: lam sn: Service givenName: LAM displayName: LAM sAMAccountName: lam userPrincipalName: lam@undercloud.local mail: lam@undercloud.local description: LDAP Account Manager service account userAccountControl: 512 dn: CN=argocd,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: argocd sn: Service givenName: ArgoCD displayName: ArgoCD sAMAccountName: argocd userPrincipalName: argocd@undercloud.local mail: argocd@undercloud.local description: ArgoCD service account userAccountControl: 512 dn: CN=gitea,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: gitea sn: Service givenName: Gitea displayName: Gitea sAMAccountName: gitea userPrincipalName: gitea@undercloud.local mail: gitea@undercloud.local description: Gitea service account userAccountControl: 512 dn: CN=firewall,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: firewall sn: Service givenName: Firewall displayName: Firewall sAMAccountName: firewall userPrincipalName: firewall@undercloud.local mail: firewall@undercloud.local description: Firewall service account userAccountControl: 512 dn: CN=mailserver,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: mailserver sn: Service givenName: Mailserver displayName: Mailserver sAMAccountName: mailserver userPrincipalName: mailserver@undercloud.local mail: mailserver@undercloud.local description: Mailserver service account userAccountControl: 512 dn: CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: bookstack sn: Service givenName: BookStack displayName: BookStack sAMAccountName: bookstack userPrincipalName: bookstack@undercloud.local mail: bookstack@undercloud.local description: BookStack service account userAccountControl: 512 dn: CN=nextcloud,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: nextcloud sn: Service givenName: Nextcloud displayName: Nextcloud sAMAccountName: nextcloud userPrincipalName: nextcloud@undercloud.local mail: nextcloud@undercloud.local description: Nextcloud service account userAccountControl: 512 dn: CN=jellyfin,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: jellyfin sn: Service givenName: Jellyfin displayName: Jellyfin sAMAccountName: jellyfin userPrincipalName: jellyfin@undercloud.local mail: jellyfin@undercloud.local description: Jellyfin service account userAccountControl: 512 dn: CN=bastillion,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: bastillion sn: Service givenName: Bastillion displayName: Bastillion sAMAccountName: bastillion userPrincipalName: bastillion@undercloud.local mail: bastillion@undercloud.local description: Bastillion service account userAccountControl: 512 dn: CN=guacamole,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: guacamole sn: Service givenName: Guacamole displayName: Guacamole sAMAccountName: guacamole userPrincipalName: guacamole@undercloud.local mail: guacamole@undercloud.local description: Guacamole service account userAccountControl: 512 dn: CN=synapse,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: synapse sn: Service givenName: Synapse displayName: Synapse sAMAccountName: synapse userPrincipalName: synapse@undercloud.local mail: synapse@undercloud.local description: Synapse service account userAccountControl: 512 dn: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: samba sn: Service givenName: Samba displayName: Samba sAMAccountName: samba userPrincipalName: samba@undercloud.local mail: samba@undercloud.local description: Service account for SMB / CSI access userAccountControl: 512 # ----------------------------- # Memberships (AFTER CREATION) # ----------------------------- dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=Domain Admins,CN=Users,DC=undercloud,DC=local dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local # ----------------------------- # Nest undercloud-administrators into all admin groups # ----------------------------- dn: CN=gitea-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local dn: CN=argocd-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local dn: CN=firewall-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local dn: CN=bookstack-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local dn: CN=nextcloud-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local ---