From 3ce17c4c6b28372a2645030751df2c162153362d Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Wed, 20 Nov 2024 14:19:08 +0100
Subject: [PATCH 01/10] feat (migrate) : use dynamic env USER_DOMAIN

---
 .../apps/account-provider/ldap/migrate          | 17 ++++++++++++++---
 .../apps/nethserver-ejabberd/migrate            |  2 +-
 .../apps/nethserver-nextcloud/migrate           |  2 +-
 .../apps/nethserver-sogo/migrate                |  2 +-
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate b/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
index e2edbf64..5d247f65 100755
--- a/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
+++ b/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
@@ -22,6 +22,13 @@
 
 set -e
 
+fqdn=${USER_DOMAIN:?}
+ldap_suffix=dc=$(echo "$fqdn" | sed 's/\./,dc=/g')
+# Extract the hostname (part before the first dot)
+host=${USER_DOMAIN%%.*}
+# Extract the domain (part after the first dot)
+domain=${USER_DOMAIN#*.}
+
 ldapservice_password=$(< /var/lib/nethserver/secrets/ldapservice)
 (
     umask 077
@@ -32,8 +39,8 @@ ldapservice_password=$(< /var/lib/nethserver/secrets/ldapservice)
     cat - >import.env <<EOF
 LDAP_SVCUSER=ldapservice
 LDAP_SVCPASS=${ldapservice_password}
-LDAP_DOMAIN=directory.nh
-LDAP_SUFFIX=dc=directory,dc=nh
+LDAP_DOMAIN=${fqdn}
+LDAP_SUFFIX=${ldap_suffix}
 EOF
 
     # Generate .ldif data dump
@@ -43,6 +50,10 @@ EOF
 # NS8 apps require a displayName attribute is set. Copy gecos attribute
 # value to displayName, assuming it is not already present.
 sed -i '/^gecos: / { h ; s/^gecos:/displayName:/ ; G }' dump-mdb0.ldif
+# replace dc=directory,dc=nh by ldap_suffix
+sed -i "s/dc=directory,dc=nh/${ldap_suffix}/g" dump-mdb0.ldif
+# replace dc: directory by dc: host
+sed -i "s/dc: directory/dc: $host/" dump-mdb0.ldif 
 
 # Send import.env
 rsync -i import.env "${RSYNC_ENDPOINT:?}"/data/state/import.env
@@ -58,7 +69,7 @@ if [[ "${MIGRATE_ACTION}" != "finish" ]]; then
 fi
 
 # Remove temporary external user domain
-ns8-action --attach cluster remove-external-domain "$(printf '{"domain":"%s"}' "directory.nh")" || :
+ns8-action --attach cluster remove-external-domain "$(printf '{"domain":"%s"}' $fqdn)" || :
 
 # Commit DC migration
 rsync -v "${RSYNC_ENDPOINT}"/terminate
diff --git a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-ejabberd/migrate b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-ejabberd/migrate
index be0c496c..d072faa8 100755
--- a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-ejabberd/migrate
+++ b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-ejabberd/migrate
@@ -71,7 +71,7 @@ Host=$(/sbin/e-smith/config get DomainName)
 # Search for Samba or LDAP domain
 domain=$(/sbin/e-smith/config getprop sssd Realm | tr '[:upper:]' '[:lower:]')
 if [ -z "$domain" ]; then
-   domain="directory.nh"
+   domain=${USER_DOMAIN:?}
 fi
 
 # we find admin users from jabberadmins group
diff --git a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-nextcloud/migrate b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-nextcloud/migrate
index 73993c09..036c8fe3 100755
--- a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-nextcloud/migrate
+++ b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-nextcloud/migrate
@@ -122,7 +122,7 @@ ns8-action --attach wait "${IMPORT_TASK_ID}"
 # Search for Samba or LDAP domain
 domain=$(/sbin/e-smith/config getprop sssd Realm | tr '[:upper:]' '[:lower:]')
 if [ -z "$domain" ]; then
-   domain="directory.nh"
+   domain=${USER_DOMAIN:?}
 fi
 
 if [ -z "${host}" ]; then
diff --git a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-sogo/migrate b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-sogo/migrate
index b52681cd..c6050a20 100755
--- a/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-sogo/migrate
+++ b/root/usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-sogo/migrate
@@ -89,7 +89,7 @@ ns8-action --attach wait "${IMPORT_TASK_ID}"
 # Search for Samba or LDAP domain
 domain=$(/sbin/e-smith/config getprop sssd Realm | tr '[:upper:]' '[:lower:]')
 if [ -z "$domain" ]; then
-   domain="directory.nh"
+   domain=${USER_DOMAIN:?}
 fi
 
 # we find admin users

From aeabd0b5bf40eee5039078f1532cf34d80464e23 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Wed, 20 Nov 2024 14:22:49 +0100
Subject: [PATCH 02/10] feat(ns8-join): add dynamic baseDN for openldap

---
 root/usr/sbin/ns8-join | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/root/usr/sbin/ns8-join b/root/usr/sbin/ns8-join
index c444a297..20351caa 100755
--- a/root/usr/sbin/ns8-join
+++ b/root/usr/sbin/ns8-join
@@ -75,11 +75,15 @@ def call(api_endpoint, action, token, data, tlsverify):
 
     return None
 
+# default value, must be unique per cluster
+ldap_user_domain = 'defaultLdap-' + subprocess.check_output(['/usr/bin/hostname', '-f'], encoding='utf-8').strip()
 
 parser = argparse.ArgumentParser()
 parser.add_argument('host')
 parser.add_argument('username', default="admin")
 parser.add_argument('password', default="Nethesis,1234")
+# user domain used to rename the directory.nh to another baseDN
+parser.add_argument('user_domain', default=ldap_user_domain)
 parser.add_argument('--no-tlsverify', dest='tlsverify', action='store_false', default=True)
 
 args = parser.parse_args()
@@ -248,8 +252,8 @@ if account_provider_config['isAD'] == '1':
             subprocess.run(['/usr/sbin/ns8-leave'])
             sys.exit(1)
 elif account_provider_config['isLdap'] == '1' and '127.0.0.1' in account_provider_config['LdapURI']:
-    # Configure OpenLDAP as account provider of an external user domain:
-    account_provider_domain = "directory.nh"
+    # Configure OpenLDAP as account provider of an external user domain: (retrieve the baseDN from the UI, directory.nh is obsoleted)
+    account_provider_domain = args.user_domain.lower()
     account_provider_external = ""
     add_external_domain_request = {
         "domain": account_provider_domain,

From 717e2e8805872b74b59f540afc30b2093ece56aa Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Wed, 20 Nov 2024 14:23:04 +0100
Subject: [PATCH 03/10] feat(connection): add LdapUserDomain support for
 ns8-join and validation

---
 api/connection/read     | 18 ++++++++++++++++--
 api/connection/update   |  6 ++++--
 api/connection/validate | 26 ++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/api/connection/read b/api/connection/read
index 19393869..0293455a 100755
--- a/api/connection/read
+++ b/api/connection/read
@@ -23,16 +23,30 @@
 import sys
 import subprocess
 import simplejson
-
+import os
 
 def get_config():
+    props = {}
+
     # ns8 config
     bash_command = "/sbin/e-smith/config getjson ns8"
     process = subprocess.Popen(bash_command.split(), stdout=subprocess.PIPE)
     output, error = process.communicate()
     ns8_config = simplejson.loads(output)
+    props.update({"ns8": ns8_config})
+
+    # slapd config
+    if os.path.isfile('/etc/e-smith/db/configuration/defaults/slapd/type'):
+        bash_command = "/sbin/e-smith/config getjson slapd"
+        process = subprocess.Popen(bash_command.split(), stdout=subprocess.PIPE)
+        output, error = process.communicate()
+        slapd_config = simplejson.loads(output)
+        props.update({"slapd": slapd_config})
+    else :
+        props.update({"slapd": {}})
+
+    return props
 
-    return {"ns8": ns8_config}
 
 
 try:
diff --git a/api/connection/update b/api/connection/update
index f27df033..9bd0a5e9 100755
--- a/api/connection/update
+++ b/api/connection/update
@@ -30,6 +30,8 @@ host=$(echo $data | jq -r '.Host')
 user=$(echo $data | jq -r '.User')
 password=$(echo $data | jq -r '.Password')
 tls_verify=$(echo $data | jq -r '.TLSVerify')
+# user domain used to rename the directory.nh to another baseDN
+ldap_user_domain=$(echo $data | jq -r '.LdapUserDomain')
 
 if [[ "$action" == "login" ]]; then
     # execute ns8-join
@@ -38,9 +40,9 @@ if [[ "$action" == "login" ]]; then
     trap 'rm -f $tmp_output' EXIT
     echo "=========== Join cluster" $(date -R) >>/var/log/ns8-migration.log
     if [ "$tls_verify" = "disabled" ]; then
-        /usr/sbin/ns8-join --no-tlsverify "$host" "$user" "$password" &>"${tmp_output}"
+        /usr/sbin/ns8-join --no-tlsverify "$host" "$user" "$password" "$ldap_user_domain" &>"${tmp_output}"
     else
-        /usr/sbin/ns8-join "$host" "$user" "$password" &>"${tmp_output}"
+        /usr/sbin/ns8-join "$host" "$user" "$password" "$ldap_user_domain" &>"${tmp_output}"
     fi
 
     if [ "$?" -gt 0 ]; then
diff --git a/api/connection/validate b/api/connection/validate
index c62742f5..58140963 100755
--- a/api/connection/validate
+++ b/api/connection/validate
@@ -22,11 +22,25 @@
 
 import sys
 import simplejson
+import re
 
 
 def invalid_attribute(parameter, error):
     return {"parameter": parameter, "error": error, "value": ""}
 
+def is_valid_fqdn(domain):
+    # Regex breakdown:
+    # - ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+  # Domain labels
+    # - [a-zA-Z0-9]{2,63}$  # TLD with 2-63 characters
+    fqdn_pattern = r'^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,63}$'
+
+    # Check overall domain length
+    if not domain or len(domain) > 255:
+        return False
+
+    # Validate using regex
+    return re.match(fqdn_pattern, domain) is not None
+
 
 input_json = simplejson.load(sys.stdin)
 invalid_attributes = []
@@ -36,11 +50,13 @@ host_p = 'Host'
 user_p = 'User'
 password_p = 'Password'
 tls_verify_p = 'TLSVerify'
+ldap_user_domain_p = 'LdapUserDomain'
 
 host = ''
 user = ''
 password = ''
 tls_verify = ''
+ldap_user_domain = ''
 
 # action
 
@@ -76,6 +92,16 @@ else:
     if tls_verify not in ['enabled', 'disabled']:
         invalid_attributes.append(invalid_attribute(tls_verify_p, "invalid"))
 
+# ldap user domain
+if (ldap_user_domain_p not in input_json) or (not input_json[ldap_user_domain_p]):
+    invalid_attributes.append(invalid_attribute(ldap_user_domain_p, "empty"))
+else:
+    ldap_user_domain = input_json[ldap_user_domain_p]
+
+    # check if the domain is a valid domain
+    if not is_valid_fqdn(ldap_user_domain):
+        invalid_attributes.append(invalid_attribute(ldap_user_domain_p, "invalid"))
+
 # output
 success = len(invalid_attributes) == 0
 

From 54973270e20db43c9c12a84598412264994c4506 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Wed, 20 Nov 2024 14:48:50 +0100
Subject: [PATCH 04/10] feat(dashboard): add ldapUserDomain input and
 validation for local LDAP configuration

---
 ui/src/views/Dashboard.vue | 55 +++++++++++++++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 7 deletions(-)

diff --git a/ui/src/views/Dashboard.vue b/ui/src/views/Dashboard.vue
index 2b7d52db..99499cee 100644
--- a/ui/src/views/Dashboard.vue
+++ b/ui/src/views/Dashboard.vue
@@ -140,6 +140,35 @@
               />
             </div>
           </div>
+          <!-- ldap_userdomain -->
+          <div v-if="isLdapEnabled && accountProviderConfig.location == 'local' && accountProviderConfig.type == 'ldap'">
+            <div
+              class="page-description"
+            >
+              {{
+                $t("dashboard.ldap_user_domain_description")
+              }}
+            </div>
+          </div>
+          <div v-if="isLdapEnabled && accountProviderConfig.location == 'local' && accountProviderConfig.type == 'ldap'">
+            <div :class="['form-group', { 'has-error': error.ldapUserDomain }]">
+              <label class="col-sm-2 control-label" for="ldap-userdomain">{{
+                $t("dashboard.ldap_user_domain")
+              }}</label>
+              <div class="col-sm-5">
+                <input
+                  type="text"
+                  v-model="config.ldapUserDomain"
+                  id="ldap-userdomain"
+                  ref="ldapUserDomain"
+                  class="form-control"
+                />
+                <span v-if="error.ldapUserDomain" class="help-block">{{
+                  $t("validation.ldap_user_domain_" + error.ldapUserDomain)
+                }}</span>
+              </div>
+          </div>
+            </div>
           <!-- connect button -->
           <div class="form-group">
             <label class="col-sm-2 control-label">
@@ -1088,8 +1117,10 @@ export default {
         tlsVerify: false,
         leaderNode: "",
         adminUsername: "",
-        adminPassword: ""
+        adminPassword: "",
+        ldapUserDomain: "",
       },
+      isLdapEnabled: false,
       installedApps: [],
       apps: [],
       currentApp: null,
@@ -1143,7 +1174,8 @@ export default {
         ctiVirtualHost: "",
         sogoVirtualHost: "",
         webtopVirtualHost: "",
-        userDomains: ""
+        userDomains: "",
+        ldapUserDomain: "",
       }
     };
   },
@@ -1201,7 +1233,9 @@ export default {
     }
   },
   mounted() {
-    this.connectionRead();
+    // get connection info we need to retrieve the account provider info first
+    // to check if it's local or remote and ldap or ad
+    this.getAccountProviderInfo();
   },
   methods: {
     togglePassword() {
@@ -1442,6 +1476,7 @@ export default {
     },
     connectionRead() {
       const context = this;
+      context.config.ldapUserDomain = "";
       context.loading.connectionRead = true;
       nethserver.exec(
         ["nethserver-ns8-migration/connection/read"],
@@ -1463,15 +1498,16 @@ export default {
     },
     connectionReadSuccess(output) {
       const ns8Config = output.configuration.ns8.props;
+      const slapd = output.configuration.slapd.props;
       this.config.isConnected = ns8Config.Host != "";
       this.config.leaderNode = ns8Config.Host;
       this.config.adminUsername = ns8Config.User;
       this.config.adminPassword = ns8Config.Password;
       this.config.tlsVerify = ns8Config.TLSVerify == "enabled";
       this.loading.connectionRead = false;
-
+      this.isLdapEnabled = slapd.status === "enabled";
       if (this.config.isConnected) {
-        this.getAccountProviderInfo();
+        this.listApplications();
       } else {
         this.$nextTick(() => {
           this.$refs.leaderNode.focus();
@@ -1482,6 +1518,7 @@ export default {
       this.error.leaderNode = "";
       this.error.adminUsername = "";
       this.error.adminPassword = "";
+      this.error.ldapUserDomain = "";
       this.error.leaderNode = "";
       this.loading.connectionUpdate = true;
       this.error.connectionUpdate = "";
@@ -1492,7 +1529,8 @@ export default {
         Host: this.config.leaderNode,
         User: this.config.adminUsername,
         Password: this.config.adminPassword,
-        TLSVerify: this.config.tlsVerify ? "enabled" : "disabled"
+        TLSVerify: this.config.tlsVerify ? "enabled" : "disabled",
+        LdapUserDomain: this.config.ldapUserDomain
       };
 
       const context = this;
@@ -1530,6 +1568,9 @@ export default {
         } else if (param === "Password") {
           this.error.adminPassword = attr.error;
           this.$refs.adminPassword.focus();
+        } else if (param === "LdapUserDomain") {
+          this.error.ldapUserDomain = attr.error;
+          this.$refs.ldapUserDomain.focus();
         }
       }
     },
@@ -1856,7 +1897,7 @@ export default {
           accountProviderConfig.location = location;
           context.accountProviderConfig = accountProviderConfig;
           context.loading.accountProviderInfo = false;
-          context.listApplications();
+          context.connectionRead();
         },
         function (error) {
           const errorMessage = context.$i18n.t(

From 573cb09b399463ab6c50576b6ac77f68e437ca09 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Thu, 21 Nov 2024 15:59:42 +0100
Subject: [PATCH 05/10] feat(i18n): add LDAP user domain messages and
 validation errors

---
 ui/public/i18n/language.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ui/public/i18n/language.json b/ui/public/i18n/language.json
index 35be915c..5426344d 100644
--- a/ui/public/i18n/language.json
+++ b/ui/public/i18n/language.json
@@ -100,7 +100,9 @@
     "no_skip": "Enable migration",
     "error_on_skip": "There was an error when changing the skip flag.",
     "app_migrated_with_ad": "This app is migrated together with Local Active Directory app",
-    "enable_forge_sogo": "To successfully migrate SOGo, ensure NethForge repository is enabled under NS8 Settings"
+    "enable_forge_sogo": "To successfully migrate SOGo, ensure NethForge repository is enabled under NS8 Settings",
+    "ldap_user_domain_description": "This machine uses an openLDAP account provider. The previous base DN directory.nh cannot be used any more, it must be renamed to a unique base DN like ldap.domain.tld",
+    "ldap_user_domain": "LDAP user domain"
   },
   "validation": {
     "leader_node_empty": "Leader node is required",
@@ -109,7 +111,9 @@
     "virtual_host_empty": "Virtual host is required",
     "virtualhost_cannot_be_the_same": "Virtual host cannot be the same",
     "ad_ip_address_empty": "Active Directory IP address is required",
-    "admin_password_not_allowed":"The `|` character is not allowed"
+    "admin_password_not_allowed":"The `|` character is not allowed",
+    "ldap_user_domain_empty": "LDAP user domain is required",
+    "ldap_user_domain_invalid": "Invalid LDAP user domain"
   },
   "docs": {},
   "are_you_sure": "Are you sure",

From 4524d266e5127613afacda63942bd0758f1cd5a6 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Fri, 22 Nov 2024 10:27:14 +0100
Subject: [PATCH 06/10] feat(ns8-join): require user_domain argument for
 OpenLDAP configuration

---
 root/usr/sbin/ns8-join | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/root/usr/sbin/ns8-join b/root/usr/sbin/ns8-join
index 20351caa..9449e89e 100755
--- a/root/usr/sbin/ns8-join
+++ b/root/usr/sbin/ns8-join
@@ -75,15 +75,13 @@ def call(api_endpoint, action, token, data, tlsverify):
 
     return None
 
-# default value, must be unique per cluster
-ldap_user_domain = 'defaultLdap-' + subprocess.check_output(['/usr/bin/hostname', '-f'], encoding='utf-8').strip()
 
 parser = argparse.ArgumentParser()
 parser.add_argument('host')
 parser.add_argument('username', default="admin")
 parser.add_argument('password', default="Nethesis,1234")
 # user domain used to rename the directory.nh to another baseDN
-parser.add_argument('user_domain', default=ldap_user_domain)
+parser.add_argument('user_domain', default="")
 parser.add_argument('--no-tlsverify', dest='tlsverify', action='store_false', default=True)
 
 args = parser.parse_args()
@@ -253,6 +251,9 @@ if account_provider_config['isAD'] == '1':
             sys.exit(1)
 elif account_provider_config['isLdap'] == '1' and '127.0.0.1' in account_provider_config['LdapURI']:
     # Configure OpenLDAP as account provider of an external user domain: (retrieve the baseDN from the UI, directory.nh is obsoleted)
+    if not args.user_domain:
+        print("ns8-join: user_domain is required for OpenLDAP account provider", file=sys.stderr)
+        sys.exit(1)
     account_provider_domain = args.user_domain.lower()
     account_provider_external = ""
     add_external_domain_request = {

From 76712188d6895bf58a8ad04d011c1a502dc62050 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Fri, 22 Nov 2024 12:56:34 +0100
Subject: [PATCH 07/10] Translation review of Giacomo Sanchietti

Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
---
 ui/public/i18n/language.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/public/i18n/language.json b/ui/public/i18n/language.json
index 5426344d..fedbfe37 100644
--- a/ui/public/i18n/language.json
+++ b/ui/public/i18n/language.json
@@ -101,7 +101,7 @@
     "error_on_skip": "There was an error when changing the skip flag.",
     "app_migrated_with_ad": "This app is migrated together with Local Active Directory app",
     "enable_forge_sogo": "To successfully migrate SOGo, ensure NethForge repository is enabled under NS8 Settings",
-    "ldap_user_domain_description": "This machine uses an openLDAP account provider. The previous base DN directory.nh cannot be used any more, it must be renamed to a unique base DN like ldap.domain.tld",
+    "ldap_user_domain_description": "This machine uses a local OpenLDAP account provider. You must choose a new name for the domain, something like ldap.domain.tld. The name must be unique inside the NethServer 8 cluster",
     "ldap_user_domain": "LDAP user domain"
   },
   "validation": {

From d7c767b8f594bce26de9721fa9d244e390e97fec Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Fri, 22 Nov 2024 13:00:48 +0100
Subject: [PATCH 08/10] feat(connection): streamline get_config function to
 initialize props with default slapd status

---
 api/connection/read | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/api/connection/read b/api/connection/read
index 0293455a..3a6f4291 100755
--- a/api/connection/read
+++ b/api/connection/read
@@ -26,14 +26,12 @@ import simplejson
 import os
 
 def get_config():
-    props = {}
-
     # ns8 config
     bash_command = "/sbin/e-smith/config getjson ns8"
     process = subprocess.Popen(bash_command.split(), stdout=subprocess.PIPE)
     output, error = process.communicate()
     ns8_config = simplejson.loads(output)
-    props.update({"ns8": ns8_config})
+    props = {"ns8": ns8_config, "slapd": {"props":{"status": "disabled"}}}
 
     # slapd config
     if os.path.isfile('/etc/e-smith/db/configuration/defaults/slapd/type'):
@@ -41,14 +39,10 @@ def get_config():
         process = subprocess.Popen(bash_command.split(), stdout=subprocess.PIPE)
         output, error = process.communicate()
         slapd_config = simplejson.loads(output)
-        props.update({"slapd": slapd_config})
-    else :
-        props.update({"slapd": {}})
+        props["slapd"] = slapd_config
 
     return props
 
-
-
 try:
     config = get_config()
     output = simplejson.dumps({'configuration': config})

From 17f5cd1c12d575ee9b19acc5c73e17969df632f6 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Fri, 22 Nov 2024 13:00:55 +0100
Subject: [PATCH 09/10] feat(dashboard): update LdapUserDomain assignment to
 use dummy value when LDAP is disabled

---
 ui/src/views/Dashboard.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/views/Dashboard.vue b/ui/src/views/Dashboard.vue
index 99499cee..664cb885 100644
--- a/ui/src/views/Dashboard.vue
+++ b/ui/src/views/Dashboard.vue
@@ -1530,7 +1530,7 @@ export default {
         User: this.config.adminUsername,
         Password: this.config.adminPassword,
         TLSVerify: this.config.tlsVerify ? "enabled" : "disabled",
-        LdapUserDomain: this.config.ldapUserDomain
+        LdapUserDomain: this.isLdapEnabled ? this.config.ldapUserDomain : "ad.provider.is.used" // dummy value to validate, not used with ad
       };
 
       const context = this;

From dcbdfc2fee58aa4c4d90e5a7ff4dfaf27be1a55b Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Mon, 25 Nov 2024 11:03:14 +0100
Subject: [PATCH 10/10] Regex to check if it starts by  dc

Co-authored-by: Davide Principi <davide.principi@nethesis.it>
---
 .../nethserver-ns8-migration/apps/account-provider/ldap/migrate | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate b/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
index 5d247f65..ae84d408 100755
--- a/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
+++ b/root/usr/share/nethesis/nethserver-ns8-migration/apps/account-provider/ldap/migrate
@@ -53,7 +53,7 @@ sed -i '/^gecos: / { h ; s/^gecos:/displayName:/ ; G }' dump-mdb0.ldif
 # replace dc=directory,dc=nh by ldap_suffix
 sed -i "s/dc=directory,dc=nh/${ldap_suffix}/g" dump-mdb0.ldif
 # replace dc: directory by dc: host
-sed -i "s/dc: directory/dc: $host/" dump-mdb0.ldif 
+sed -i "s/^dc: directory/dc: $host/" dump-mdb0.ldif 
 
 # Send import.env
 rsync -i import.env "${RSYNC_ENDPOINT:?}"/data/state/import.env