From 97b59fb35123069f0271b503932d68b8a282f4a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@federated.computer>
Date: Tue, 14 Jan 2025 05:57:21 +0100
Subject: [PATCH] Handle subdomains and converting from one 'final' domain to
 another

---
 bin/convertdomain | 171 +++++++++++++---------------------------------
 1 file changed, 47 insertions(+), 124 deletions(-)

diff --git a/bin/convertdomain b/bin/convertdomain
index 752f540..fb244fb 100755
--- a/bin/convertdomain
+++ b/bin/convertdomain
@@ -14,7 +14,25 @@
 check_gluerecords() {
   echo -ne "\n* Checking glue records for $DOMAIN_NEW.."
 
-  NS_PARENT="$(dig @8.8.8.8 +short NS "$DOMAIN_LAST." | head -n 1)"
+  local DOMAIN_PARENT=$(echo $DOMAIN_NEW |cut -d. -f2-)
+  local NS_PARENT=""
+  while true; do
+    NS_PARENT="$(dig @8.8.8.8 +short NS "$DOMAIN_PARENT." | head -n 1)"
+    [ -n "$NS_PARENT" ] && break
+    if ! echo $DOMAIN_PARENT |grep -q '\.'; then
+      failcheck "Could not determine parent NS for $DOMAIN_NEW"
+    fi
+    # When handling a subdomain, the parent NS may not be at the next
+    # level -- imagine
+    # DOMAIN_NEW=fed.a.b.c.d.com
+    # d.com has:
+    # c NS whatever
+    # c.d.com has
+    # b A something
+    # a.b A something
+    # fed.a.b NS something
+    DOMAIN_PARENT="$(echo $DOMAIN_PARENT |cut -d. -f2-)"
+  done
   CHECK_NS1=`dig +noall +authority +additional +norecurse @"$NS_PARENT" NS "$DOMAIN_NEW". | grep NS | grep -i ns1.$DOMAIN_NEW`
   [ $? -ne 0 ] && failcheck "Couldn't find glue / authoritative NS record ns1.$DOMAIN_NEW"
 
@@ -56,11 +74,7 @@ do_serviceprep() {
 
   # Remove first lines of ldap config, replace dc= with new domain, replace domain name
   sed -n '/^dn: ou=people,dc=federatedcomputer,dc=cloud$/,$p' /federated/apps/ldap/data/root/convertdomain.ldif > /federated/apps/ldap/data/root/convertdomain1.ldif
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/ldap/data/root/convertdomain1.ldif
-  fi
+  sed -i "s#dc=federatedcomputer,dc=cloud#$DOMAIN_NEW_LDAP_dc#g" /federated/apps/ldap/data/root/convertdomain1.ldif
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/ldap/data/root/convertdomain1.ldif
 }
 convert_pdnsmysql() {
@@ -199,11 +213,7 @@ convert_mail() {
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/mail/.env
   cp /federated/certs/certs/$DOMAIN_NEW.crt /federated/certs/private/$DOMAIN_NEW.key /federated/apps/mail/data/root/certs/
   
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/mail/.env
-  fi
+  sed -i "s#$DOMAIN_LDAP_dc#dc=$DOMAIN_NEW_LDAP_dc#g" /federated/apps/mail/.env
 
   # Grab the container IP from docker-compose 
   SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'`
@@ -327,7 +337,6 @@ convert_nextcloud() {
 }
 EOF
 
-if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
 cat > /federated/apps/nextcloud/data/config.sh <<EOF
 #!/bin/sh
 
@@ -336,11 +345,11 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
 /var/www/html/occ app:enable user_ldap
 /var/www/html/occ ldap:create-empty-config
 /var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN_NEW'
-/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,$DOMAIN_NEW_LDAP_dc
 /var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_NEW_LDAP_dc
+/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=$DOMAIN_NEW_LDAP_dc
+/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_NEW_LDAP_dc
 /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
 /var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
 /var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
@@ -396,76 +405,6 @@ PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
 /var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN_NEW\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN_NEW\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN_NEW\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN_NEW\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN_NEW\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN_NEW\"}}"
 /var/www/html/occ config:import configs.json
 EOF
-else
-cat > /federated/apps/nextcloud/data/config.sh <<EOF
-#!/bin/sh
-
-PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
-
-/var/www/html/occ app:enable user_ldap
-/var/www/html/occ ldap:create-empty-config
-/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN_NEW'
-/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
-/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
-/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=posixGroup)))'
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
-/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
-/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
-/var/www/html/occ ldap:set-config s01 ldapPagingSize 500 
-/var/www/html/occ ldap:set-config s01 ldapPort 636
-/var/www/html/occ ldap:set-config s01 ldapTLS 1 
-/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
-/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
-/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0 
-/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
-/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto 
-/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0 
-/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0 
-/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1 
-/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1 
-/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
-/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
-/var/www/html/occ config:system:set overwriteprotocol --value=https
-/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
-/var/www/html/occ config:system:delete trusted_domains
-/var/www/html/occ config:system:set trusted_domains 1 --value=*
-/var/www/html/occ group:adduser admin admin
-/var/www/html/occ user:delete nextcloud
-/var/www/html/occ app:enable mail
-/var/www/html/occ app:enable calendar
-/var/www/html/occ app:enable contacts
-/var/www/html/occ app:enable notes
-/var/www/html/occ app:enable deck
-/var/www/html/occ app:enable tasks
-/var/www/html/occ app:enable bookmarks
-/var/www/html/occ app:enable forms
-/var/www/html/occ app:enable spreed
-/var/www/html/occ app:enable side_menu
-/var/www/html/occ app:enable external 
-/var/www/html/occ app:enable richdocuments
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments public_wopi_url
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments wopi_url
-/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
-/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
-/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN_NEW\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN_NEW\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN_NEW\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN_NEW\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN_NEW\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN_NEW\"}}"
-/var/www/html/occ config:import configs.json
-EOF
-fi
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
@@ -588,11 +527,7 @@ modules:
         local_private_key_file: /data/$DOMAIN_NEW.key
 EOF
 
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/matrix/data/matrix/homeserver.yaml
-  fi
+  sed -i "s#dc=federatedcomputer,dc=cloud#$DOMAIN_NEW_LDAP_dc#g" /federated/apps/matrix/data/matrix/homeserver.yaml
   chown -R 991:991 /federated/apps/matrix/data/matrix
 
 #  sed -i "s#server_name: \"matrix.$DOMAIN\"#server_name: \"matrix.$DOMAIN_NEW\"#g" /federated/apps/matrix/data/matrix/homeserver.yaml
@@ -702,11 +637,7 @@ convert_panel() {
 
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/docker-compose.yml
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/panel/.env
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/panel/.env
-  fi
+  sed -i "s#$DOMAIN_LDAP_dc#$DOMAIN_NEW_LDAP_dc#g" /federated/apps/panel/.env
   sed -i "s#SITE_NAME=.*#SITE_NAME=$ORG_NEW Panel#g" /federated/apps/panel/.env
 
   # Grab the container IP from docker-compose
@@ -741,11 +672,9 @@ convert_jitsi() {
 
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/docker-compose.yml
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/jitsi/.env
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_MIDDLE,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env
-  else
-    sed -i "s#DC=federatedcomputer,DC=cloud#DC=$DOMAIN_FIRST,DC=$DOMAIN_LAST#g" /federated/apps/jitsi/.env
-  fi
+  # FIXME check if Jitsi really needs upper-case DC. If we can use lower case dc like everywhere else,
+  # we can avoid generating DOMAIN_NEW_LDAP_DC
+  sed -i "s#$DOMAIN_LDAP_DC#$DOMAIN_NEW_LDAP_DC#g" /federated/apps/jitsi/.env
 
   start_service_convert "jitsi" "nc -z 192.168.0.25 443 &> /dev/null"
 
@@ -1043,10 +972,10 @@ ESPOCRM_CONFIG_LDAP_HOST=ldap.$DOMAIN_NEW
 ESPOCRM_CONFIG_LDAP_PORT=636
 ESPOCRM_CONFIG_LDAP_SECURITY=SSL
 ESPOCRM_CONFIG_LDAP_AUTH=true
-ESPOCRM_CONFIG_LDAP_USERNAME=cn=admin,dc=federatedcomputer,dc=cloud
+ESPOCRM_CONFIG_LDAP_USERNAME=cn=admin,$DOMAIN_NEW_LDAP_dc
 ESPOCRM_CONFIG_LDAP_PASSWORD=$LDAP_SECRET
 ESPOCRM_CONFIG_LDAP_ACCOUNT_CANONICAL_FORM=Dn
-ESPOCRM_CONFIG_LDAP_BASE_DN=dc=federatedcomputer,dc=cloud
+ESPOCRM_CONFIG_LDAP_BASE_DN=$DOMAIN_NEW_LDAP_dc
 ESPOCRM_CONFIG_LDAP_BIND_REQUIRES_DN=true
 ESPOCRM_CONFIG_LDAP_CREATE_ESPO_USER=true
 ESPOCRM_CONFIG_LDAP_PORTAL_USER_LDAP_AUTH=true
@@ -1062,12 +991,6 @@ chmod 600 /federated/apps/espocrm/.env
   docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on espocrm.* to 'espocrm'@'%';\""
   docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'"
 
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/espocrm/.env
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/espocrm/.env
-  fi
-
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/espocrm/docker-compose.yml | awk '{ print $2 }'`
 
@@ -1146,11 +1069,7 @@ convert_authelia() {
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/data/config/configuration.yml
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/authelia/data/config/idproviders.yml
 
-  if [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_MIDDLE,dc=$DOMAIN_LAST#g" /federated/apps/authelia/.env
-  else
-    sed -i "s#dc=federatedcomputer,dc=cloud#dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST#g" /federated/apps/authelia/.env
-  fi
+  sed -i "s#$DOMAIN_LDAP_dc#$DOMAIN_NEW_LDAP_dc#g" /federated/apps/authelia/.env
 
   # Configure SSO to Authelia
   # Delete the entries in the pdns settings table
@@ -1216,18 +1135,22 @@ ORG_NEW=$2
 EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
 [ $? -ne 0 ] && failcheck "Couldn't run dig, dns is not working"
 
-# Setup DOMAIN variable for domain or subdomain
-DOMAIN_ARRAY=(${DOMAIN_NEW//./ })
-if [ "${#DOMAIN_ARRAY[@]}" -eq "2" ]; then
-  DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
-  DOMAIN_LAST=${DOMAIN_ARRAY[1]}
-elif [ "${#DOMAIN_ARRAY[@]}" -eq "3" ]; then
-  DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
-  DOMAIN_MIDDLE=${DOMAIN_ARRAY[1]}
-  DOMAIN_LAST=${DOMAIN_ARRAY[2]}
-else
+# Setup DOMAIN variables for domain or subdomain
+if ! echo $DOMAIN_NEW |grep -q '\.'; then
   failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com"
 fi
+if [ -e /federated/apps/panel/.env ]; then
+	DOMAIN_LDAP_dc="$(cat /federated/apps/panel/.env |grep ^LDAP_BASE_DN= |cut -d= -f2-)"
+else
+	# This is likely a newly provisioned domain with hardcodes
+	DOMAIN_LDAP_dc="dc=federatedcomputer,dc=cloud"
+fi
+DOMAIN_LDAP_DC="${DOMAIN_LDAP_dc//dc=/DC=}"
+DOMAIN_NEW_LDAP_dc="dc=${DOMAIN_NEW//./,dc=}"
+DOMAIN_NEW_LDAP_DC="DC=${DOMAIN_NEW//./,DC=}"
+DOMAIN_LDAP_dc="dc=${DOMAIN//./,dc=}"
+DOMAIN_LDAP_DC="DC=${DOMAIN//./,DC=}"
+
 ADMINPASS=`cat /federated/bin/.adminpass | head -1`
 LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`