Description Thomas Kintscher 2023-11-22 22:03:41 CET

Created attachment 11150 [details]
self_service_credentials.patch

The self service depends on MemcacheD, PostgreSQL and an SMTP server.

In the UCS appliance these components are always locally installed when installing the self service packages.

In containerized environments (UMS/openDesk) this kind of infrastructure may be provided by the operator. The common pattern is to provide a "bundled" instance of the dependencies which can be enabled in a Helm chart, but to also allow configuring  external instances as a alternative.

The self service:
- hardcodes the path to a MemcacheD socket file (without credentials),
- always accesses PostgreSQL on 'localhost' with a fixed username and database,
- allows only setting an SMTP hostname, but not setting the port, username, password or whether to use TLS.

The current container-umc contains a patch to make all of those settings configurable:

https://git.knut.univention.de/univention/customers/dataport/upx/container-umc/-/blob/9b4349e1d74579d8b5d46dbbe1d84833fe76f8f2/docker/server/self_service_credentials.patch

In the interest of simplified maintenance and a common codebase, it would be great to have the features in the upstream code. The default settings could be chosen to be compatible with the current appliance behavior (as is done in the patch above).