Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k8s-apps/samba-directory/ldif.yaml
shodan 6caf04fc2d .
2026-03-21 15:05:02 +00:00

468 lines
17 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: samba-ad-bootstrap
namespace: samba-directory
data:
bootstrap.ldif: |
# -----------------------------
# OU structure
# -----------------------------
dn: OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: Undercloud
description: Root OU for all Undercloud directory objects
dn: OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: users
description: Human user accounts
dn: OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: serviceaccounts
description: Non-interactive service accounts
dn: OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: groups
description: Security and role groups
# -----------------------------
# Groups (CREATE FIRST)
# -----------------------------
dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: undercloud-users
sAMAccountName: undercloud-users
description: All standard user accounts
groupType: -2147483646
dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: undercloud-administrators
sAMAccountName: undercloud-administrators
description: Global administrators for Undercloud
groupType: -2147483646
dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: fileserver-access
sAMAccountName: fileserver-access
description: Access control group for SMB file shares
groupType: -2147483646
dn: CN=gitea-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: gitea-admins
sAMAccountName: gitea-admins
description: Administrative access to Gitea
groupType: -2147483646
dn: CN=argocd-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: argocd-admins
sAMAccountName: argocd-admins
description: Administrative access to Argo CD
groupType: -2147483646
dn: CN=firewall-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: firewall-admins
sAMAccountName: firewall-admins
description: Administrative access to firewall systems
groupType: -2147483646
dn: CN=bookstack-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: bookstack-admins
sAMAccountName: bookstack-admins
description: Administrative access to BookStack
groupType: -2147483646
dn: CN=nextcloud-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: nextcloud-admins
sAMAccountName: nextcloud-admins
description: Administrative access to Nextcloud
groupType: -2147483646
dn: CN=samba-service,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: group
cn: samba-service
sAMAccountName: samba-service
description: Service group for Samba / SMB integration
groupType: -2147483646
# -----------------------------
# Users
# -----------------------------
dn: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: sebastian
sn: Gurlin
givenName: Sebastian
displayName: Sebastian Gurlin
sAMAccountName: sebastian
userPrincipalName: sebastian@undercloud.local
description: Primary human user account
userAccountControl: 512
thumbnailphoto:: /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwc
HBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw
4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eH
h7/wAARCABTAGADASIAAhEBAxEB/8QAHAAAAQQDAQAAAAAAAAAAAAAAAAQFBgcCAwgB/8QAPhAA
AQMDAgMFBQQHCQEAAAAAAQIDBAAFERIhBjFBEyJRcYEHMmGRoRQjQsEkM1JygrHRFSVDU2Jjk7L
h8P/EABoBAAIDAQEAAAAAAAAAAAAAAAUGAAMEAgf/xAAvEQABBAECAwcDBAMAAAAAAAABAAIDEQ
QFIRIxQQYTUWFxkdEigaEUMuHwI7Hx/9oADAMBAAIRAxEAPwDsuiiioosNSU81D1Nea0j8SfnVb
+0u9OxXZTbBS6pptC1IV0RqKTgjcHJG/wAKrOTMvMpJNnv77LnSNKUkZ+CV4wfXFFsbSJZ4+8ug
lvL7SQY0xiLSSF0olYPIg14pxCfeUkeZrlNzizjq0yizInyo7o/C42N/iNtx8alVjvl5ufCjMx6
d/eCpzjfbuI1J0Ja1aCkeO+4wRVkuiSRNsuBHkqmdqIHWOE2Fdt64lslnbK7jcY7OOiljJ9Kq7j
P20wwytjh5DjroP60pwn6/0qvbxZGZKlyZ7MyOs7qkxnDJZ9UqOtPz9KZzw1MLZctzjFybG/6Mr
Kx5oOFD5UQxNJx27yGz57BCsntJNMCIgAPLcrpP2b3927MSGZLut5kNqOTuNTaVfnUwGMmuc7Bf
5HDPHofIX2LzEdDqDt/hIHKuhYj6ZMZD6PdcSFCg+pYRx3hw/a4WEx6JqIy4i0n6mmilNFFFDUb
WOOta3lhtpa1ckpJrZ0qMe0O7JtdjWtT7UdDndW85nS2DsCceJIHrXcLON4aOqz5MwhidIegVT3
Ocq7cXXXvEofZdZSP3RkfVNR6E0VHcc6ktqssqLOjzlJQ8wpxK0vNKC0LBPMEUtgcOqVLWlwoZb
DhQCvbVgn3R1OKfosqCBtNO1D8f0LxbKM2RISWmyT+d02W2M9LZ+xLYTMaVyZcTqHp1T5jFPdqt
1ngpNoiOth5l0y5DbgLiWU6dBSlQ/F3h4460uRJjxEKjwmuzQditQypfr0HwrG3sRzNkOtxmkOP
MqSVpG52/8obPI6SzVD+81zh5kUbu7DuInbrQ9Ov3TTP/AEcFcOzuSSOTjMgf9U5NQu7TnDK7X+
y4cV9J97sjrz4nJxn0qVzSUg6diOopAmZcXz9lbzLJ2S042HR9c0SgjDRbgD6k/wAqqDM4jTRw+
lH+UlkSXbtb4kyYyxJOgsvFR7NxK0dUqAxukg4Vtz5VaPsx4hZXamoDskOJQdDa1EBQ8ArBI9Qe
lQbTbE2KdHklpEpvQ8tUQZQ0rUEjmcE94504pFY0PQZiXWlo0ylhpLiD3VkpXpx/Fp25isGVjty
IXN5AHbw+3umTS9RdiTtePq4hv4/f2XRFHSohwDxdGv0NLLig1MbAC2ydz8RUvHKlGeB8Lyx4oh
el4uTHkxh8ZsFI7nNYgQnJUhYQ2gZJJqjuO+IXOI4F6GcRkxCWknrpWk5+lSL2zP3+S6mDDjqXC
TuvQoFSj4aeeKry2pWY06MtKkrXCkJ0nY/q1Hr5UzaTp8bcc5DiC7p5JD7SavK7IGMyw0EX5n4T
l7Mrg+iPCSiQttpDbiHQFd3CcnccuRFTuc5b37m5IcLqJaWy2hxSyUgHmdI90+Qqr+EEPW7httD
uzs1XagY3Q2cYH8WAfICpRdZa27tJAVsHCK2PxO9kDhtsf9pTlzZIWvazcWLB5bg+yenIT6ElQC
Xm/wBpBz8+o9a22hWmawpXXKT9R+dMcCdIcc0sKVrJwkJzk1KLa+C6lmWplyUASkpHukDI1KHPl
yrPOHxgtduh2FiRPmD222iOe4u+V7FR+VB1pW5Ic+zspUQVkZJ+CR1NRu63NxLbkS2tKisK2WrP
3rv7x6D4DbzqZyZltuiWpCi4lLmUhxsZQCDj3TuBSCbw6XCosKbeA56T3h/Cd614s7Af83seStf
CYSRFv5jn7cwFDYeU2e7H/ZbA/wCRNbeHpTkCM7cHkhyG04gdksd1ThUAkjwxzyPD409t2F4W+f
HbQoOOBtOFDGO+Mk0k4riNR7G5BighEeMVFX7StQVqI8dv5VrlnY9rmN3s/igtGM8sLS7bw9bK1
PTYMG/yFxJEq2yGH1AKI7Rs4UfDBA9DVr+zziuTeS5GlOxXilOUusOA58xzHqKpi9QH5nFUiPFb
U64+9lIA56t8/Wro9mvBTPD0ISHwFzVjKleHwoXrTMduO0vNvIFePzSbuzJzHZLgzZgO/h/30Um
vVoh3eEuNLbCgRsrqk+INVHxDaLrwzcUKlYnWlStBU6jWUoOxGeY2J61diRtikl2t0W5wlxZaNb
SxuKXsHOdjnhcLaeY+E2aro8eazibs8cj8qgwyibcXlRz32HuzfZ6tb7EeKCMYPhil8y3rfuMuQ
84mPHD6wXVjnudkj8R8qc+MuHXeHLm9crVr1KbZ1KKCe63qGc+RSD5UgmXeFdI7VwcaafQsaSWn
sdmrqnYlI8eVMkOU6UNLDY5efsvM9Q004jniQUbB6116haXLg3GbUxbkFls7LdUfvHPM9B8BSvh
x8oucck7awM/A7U2rFse/VyH2T4OICx8xv9KcLXDdU62qI8xIKVA4QrCufgcVplEYjIO1+Pygre
9MjXjeiKA+F5bIrsKEth5pSC1MdQMjmNsEU6Fl5yV90FqOQRp/+2pxmRlMzHX3Xeyi6tRUep5kA
dTSC5XhJZUiOns2uX+pXmfyrCyR0lcIu/bdd5mO3jc+S20dh1NdR4ApeJjUaNIakurfIb1KCcbA
EZGo7n+VMNwRabozJaiS2kPPIUhDbp7MkkEAb7dfH0pNElpcnIjk7PBTZP7wI/OkHA9rcuvFkeO
tOptpWtZ6bH+tXjFbEx73OIoX/R9lvwpHZj44ywGzQu7G987VncBcLsRSLtKTqmOtoB1D3SEgHH
qDU2PI1g0hLbQQBgJGBWRxvShPM+Z/E4r2PCxI8WIMYK+VnRRRVK2JFcYjM2GuO6DhQ2I5g/CqH
+zNxOLpNonRikSVlBdb7hcO+lShyJB67Hc710FtUN9oPDbU5LN0jt/pkZ1K8j8QB5UU0vLbE8sd
yd18D0KW+0OnOyYRJH+5vPzHUKn5LN5ac12cWh9AOyFpIdPo4cfI0mf4k4hh/cXDt4BJ5Oxho9C
By+dP4tNwfukmNEiOuaXVJ2Gw3NSmxcD3VzuzH+wZPNvGoHzB2pklyIY28T3A+u5Xn2Li5OQ7gb
Ga5bCgo3b71Nk8Htvh9pxTEhbSwnSUFJAUMjl40iVc4clOmSyuOv8AzGe8n1Sdx6GrYh8DWOMw4
yiOhtLqkrdS2gJStQzg48dzypU3wbYEA5gtnzAoXHq2My/pN302RyTshlSuDuIVQFHfkKVM9hI1
iXEUiWltQXqZOSMHqnmPlVmezCyCJIuE9TekPOkt7fhO4/nT+jhOxoIUiElCk8ik4I+VO8SO3Hb
0IBx8Tkmsudqv6mPgaKRrRezRwZu8kINcq8UpooooKm9FFFFRRFeYBSQRmiiook0dlpClKS2kEn
cgc6UjrRRXblRAAAvaKKK4V6KKKKiiKKKKii//2Q==
dn: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: glados
sn: Glados
givenName: Glados
displayName: Glados
sAMAccountName: glados
userPrincipalName: glados@undercloud.local
description: Administrative AI persona account
userAccountControl: 512
dn: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: shodan
sn: Shodan
givenName: Shodan
displayName: Shodan
sAMAccountName: shodan
userPrincipalName: shodan@undercloud.local
description: Administrative AI persona account
userAccountControl: 512
dn: CN=lam,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: lam
sn: Service
givenName: LAM
displayName: LAM
sAMAccountName: lam
userPrincipalName: lam@undercloud.local
mail: lam@undercloud.local
description: LDAP Account Manager service account
userAccountControl: 512
dn: CN=argocd,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: argocd
sn: Service
givenName: ArgoCD
displayName: ArgoCD
sAMAccountName: argocd
userPrincipalName: argocd@undercloud.local
mail: argocd@undercloud.local
description: ArgoCD service account
userAccountControl: 512
dn: CN=gitea,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: gitea
sn: Service
givenName: Gitea
displayName: Gitea
sAMAccountName: gitea
userPrincipalName: gitea@undercloud.local
mail: gitea@undercloud.local
description: Gitea service account
userAccountControl: 512
dn: CN=firewall,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: firewall
sn: Service
givenName: Firewall
displayName: Firewall
sAMAccountName: firewall
userPrincipalName: firewall@undercloud.local
mail: firewall@undercloud.local
description: Firewall service account
userAccountControl: 512
dn: CN=mailserver,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: mailserver
sn: Service
givenName: Mailserver
displayName: Mailserver
sAMAccountName: mailserver
userPrincipalName: mailserver@undercloud.local
mail: mailserver@undercloud.local
description: Mailserver service account
userAccountControl: 512
dn: CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: bookstack
sn: Service
givenName: BookStack
displayName: BookStack
sAMAccountName: bookstack
userPrincipalName: bookstack@undercloud.local
mail: bookstack@undercloud.local
description: BookStack service account
userAccountControl: 512
dn: CN=nextcloud,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: nextcloud
sn: Service
givenName: Nextcloud
displayName: Nextcloud
sAMAccountName: nextcloud
userPrincipalName: nextcloud@undercloud.local
mail: nextcloud@undercloud.local
description: Nextcloud service account
userAccountControl: 512
dn: CN=jellyfin,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: jellyfin
sn: Service
givenName: Jellyfin
displayName: Jellyfin
sAMAccountName: jellyfin
userPrincipalName: jellyfin@undercloud.local
mail: jellyfin@undercloud.local
description: Jellyfin service account
userAccountControl: 512
dn: CN=bastillion,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: bastillion
sn: Service
givenName: Bastillion
displayName: Bastillion
sAMAccountName: bastillion
userPrincipalName: bastillion@undercloud.local
mail: bastillion@undercloud.local
description: Bastillion service account
userAccountControl: 512
dn: CN=guacamole,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: guacamole
sn: Service
givenName: Guacamole
displayName: Guacamole
sAMAccountName: guacamole
userPrincipalName: guacamole@undercloud.local
mail: guacamole@undercloud.local
description: Guacamole service account
userAccountControl: 512
dn: CN=synapse,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: synapse
sn: Service
givenName: Synapse
displayName: Synapse
sAMAccountName: synapse
userPrincipalName: synapse@undercloud.local
mail: synapse@undercloud.local
description: Synapse service account
userAccountControl: 512
dn: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: samba
sn: Service
givenName: Samba
displayName: Samba
sAMAccountName: samba
userPrincipalName: samba@undercloud.local
mail: samba@undercloud.local
description: Service account for SMB / CSI access
userAccountControl: 512
# -----------------------------
# Memberships (AFTER CREATION)
# -----------------------------
dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local
dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=Domain Admins,CN=Users,DC=undercloud,DC=local
dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local
member: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local
# -----------------------------
# Nest undercloud-administrators into all admin groups
# -----------------------------
dn: CN=gitea-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
dn: CN=argocd-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
dn: CN=firewall-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
dn: CN=bookstack-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
dn: CN=nextcloud-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local
changetype: modify
add: member
member: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local
---
Reference in New Issue View Git Blame Copy Permalink