From ef102f709cf5f39509fed2bd27a9b2cfd96e6a87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@federated.computer>
Date: Wed, 15 Jan 2025 02:06:15 +0100
Subject: [PATCH] Try to do the right thing to user accounts across all
 services, don't nuke espocrm

---
 bin/convertdomain | 177 ++++++++++------------------------------------
 1 file changed, 37 insertions(+), 140 deletions(-)

diff --git a/bin/convertdomain b/bin/convertdomain
index ed3837b..8c0c234 100755
--- a/bin/convertdomain
+++ b/bin/convertdomain
@@ -88,6 +88,7 @@ convert_calcom() {
   echo -ne "\n* Converting calcom..."
   convert_generic calcom
   /federated/bin/sync-calcomusers
+  start_service_convert "calcom" "nc -z 192.168.0.48 3000 &>/dev/null"
   echo done
 }
 convert_plane() {
@@ -96,6 +97,7 @@ convert_plane() {
   docker exec postgresql psql -U plane -c "UPDATE instances SET domain='$DOMAIN_NEW' WHERE domain='$DOMAIN'"
   docker exec postgresql psql -U plane -c "UPDATE users SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
   docker exec postgresql psql -U plane -c "UPDATE profiles SET company_name='$DOMAIN_NEW' WHERE company_name='$DOMAIN'"
+  start_service_convert "plane" "nc -z 192.168.0.48 80 &>/dev/null"
   echo done
 }
 convert_pdnsmysql() {
@@ -140,8 +142,8 @@ convert_pdnsadmin() {
   start_service_convert "pdnsadmin" "nc -z ${SERVICE_IP} 9494 &> /dev/null"
 
   MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'`
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"update user set username='admin@$DOMAIN_NEW' where id='1';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"update user set email='admin@$DOMAIN_NEW' where id='1';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"UPDATE user SET username=REPLACE(username, '@$DOMAIN', '@$DOMAIN_NEW') WHERE username LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdns -e \"UPDATE user SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN';\""
 
   echo -ne "done."
 }
@@ -685,11 +687,11 @@ convert_baserow() {
   echo -ne "\n* Converting baserow.."
 
   convert_generic baserow
-  docker exec postgresql bash -c "psql -U baserow -c \"update auth_user set username='admin@$DOMAIN_NEW' where username='admin@$DOMAIN'\"" &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
+  docker exec postgresql bash -c "psql -U baserow -c \"UPDATE auth_user SET username=REPLACE(username, '@$DOMAIN','@$DOMAIN_NEW') WHERE username LIKE '%@$DOMAIN'\"" &> /dev/null
+  [ $? -ne 0 ] && fail "Couldn't update auth_user table (username) in baserow"
 
-  docker exec postgresql bash -c "psql -U baserow -c \"update auth_user set email='admin@$DOMAIN_NEW' where email='admin@$DOMAIN'\"" &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't update auth_user table in baserow"
+  docker exec postgresql bash -c "psql -U baserow -c \"UPDATE auth_user SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'\"" &> /dev/null
+  [ $? -ne 0 ] && fail "Couldn't update auth_user table (email) in baserow"
 
   start_service_convert "baserow" "docker exec baserow curl http://localhost:8000 &> /dev/null"
 
@@ -703,11 +705,9 @@ convert_gitea() {
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/gitea/data/data/gitea/conf/app.ini
 
   # Replace users in Gitea postgres database with new domain name
-  for i in `docker exec postgresql bash -c "psql -U gitea -t -c 'select * from email_address;' | grep $DOMAIN" | awk -F\@ '{ print $1 }' | awk '{ print $5 }'`; do
-    USER="$i";
-    docker exec postgresql bash -c "psql -U gitea -c \"update email_address set email='$USER@$DOMAIN_NEW' where email='$USER@$DOMAIN'\""
-    docker exec postgresql bash -c "psql -U gitea -c \"update email_address set lower_email='$USER@$DOMAIN_NEW' where lower_email='$USER@$DOMAIN'\""
-  done
+  LOWER_DOMAIN_NEW="$(echo $DOMAIN_NEW |tr 'A-Z' 'a-z')"
+  docker exec postgresql bash -c "psql -U gitea -c \"UPDATE email_address SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'\""
+  docker exec postgresql bash -c "psql -U gitea -c \"UPDATE email_address SET lower_email=REPLACE(lower_email, '@$DOMAIN', '@$LOWER_DOMAIN_NEW') WHERE lower_email LIKE '%@$DOMAIN'\""
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/gitea/docker-compose.yml | awk '{ print $2 }'`
@@ -716,8 +716,10 @@ convert_gitea() {
   start_service_convert "gitea" "nc -z $SERVICE_IP 3000 &> /dev/null"
 
   # Delete the current admin and create the admin user with new domain name
-  docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1"
-  docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW
+  # FIXME we used to do
+  #docker exec --user 1000 gitea bash -c "gitea admin user delete --id 1"
+  #docker exec --user 1000 gitea gitea admin user create --admin --username gitea --password $ADMINPASS --email admin@$DOMAIN_NEW
+  # here, but that doesn't seem necessary given we fixed the users above?
 
   # Configure SSO to Authelia
   GITEA_CLIENT_SECRET=$(cat /federated/apps/gitea/.gitea.client.secret)
@@ -755,8 +757,8 @@ convert_castopod() {
   start_service_convert "castopod" "nc -z $SERVICE_IP 8000 &> /dev/null"
 
   MYSQL_ROOTPASSWORD=`cat /federated/apps/pdnsmysql/.env | grep MYSQL_ROOT_PASSWORD | awk -F= '{ print $2 }'`
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"update cp_auth_identities set secret='admin@$DOMAIN_NEW' where id='1';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"update cp_users set username='admin@$DOMAIN_NEW' where id='1';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"UPDATE cp_auth_identities SET secret=REPLACE(secret, '@$DOMAIN', '@$DOMAIN_NEW) WHERE secret LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD castopod -e \"UPDATE cp_users SET username=REPLACE(username, '@$DOMAIN', '@$DOMAIN_NEW') WHERE username LIKE '%@$DOMAIN';\""
 
   echo -ne "done."
 }
@@ -803,12 +805,12 @@ convert_wordpress() {
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
   sed -i "s#WORDPRESS_BLOG_NAME=.*#WORDPRESS_BLOG_NAME=$ORG_NEW#g" /federated/apps/wordpress/.env
 
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set user_login='admin@$DOMAIN_NEW' where ID='1';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set user_email='admin@$DOMAIN_NEW' where ID='1';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_usermeta set meta_value='admin@$DOMAIN_NEW' where meta_value='admin@$DOMAIN';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_users set display_name='admin@$DOMAIN_NEW' where ID='1';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_options set option_value = '$ORG_NEW Blog' where option_name = 'blogname';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"update wp_options set option_value = 'admin@$DOMAIN_NEW' where option_name = 'admin_email';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_users SET user_login=REPLACE(user_login, '@$DOMAIN', '@$DOMAIN_NEW') WHERE user_login LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_users SET user_email=REPLACE(user_email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE user_email LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_usermeta SET meta_value=REPLACE(meta_value, '@$DOMAIN', '@$DOMAIN_NEW') WHERE meta_value LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_users SET display_name=REPLACE(display_name, '@$DOMAIN', '@$DOMAIN_NEW') WHERE display_name LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_options SET option_value = '$ORG_NEW Blog' WHERE option_name = 'blogname';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD wordpress -e \"UPDATE wp_options SET option_value = 'admin@$DOMAIN_NEW' WHERE option_name = 'admin_email';\""
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/wordpress/docker-compose.yml | awk '{ print $2 }'`
@@ -841,7 +843,7 @@ convert_bookstack() {
   convert_generic bookstack
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/bookstack/data/config/www/.env
 
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD bookstack -e \"update users set email='admin@$DOMAIN_NEW' where id = 1;\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD bookstack -e \"UPDATE users SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN';\""
 
   # Setup external_auth_id for each user in bookstack users table
   BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
@@ -849,11 +851,10 @@ convert_bookstack() {
 #    docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
 #  done
 
-  for i in $(docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "select name from users;"); do
-    NAME_LOWERCASE=$(echo "$i" | tr '[:upper:]' '[:lower:]');
-    docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "update users set email = '$NAME_LOWERCASE@$DOMAIN_NEW' where name = '$i';";
-    docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "update users set external_auth_id = '$NAME_LOWERCASE@$DOMAIN_NEW' where name = '$i';";
-  done
+  LOWER_DOMAIN="$(echo $DOMAIN |tr 'A-Z' 'a-z')"
+  LOWER_DOMAIN_NEW="$(echo $DOMAIN_NEW |tr 'A-Z' 'a-z')"
+  docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "UPDATE users SET email=REPLACE(email, '@$LOWER_DOMAIN', '@$LOWER_DOMAIN_NEW') WHERE email LIKE '%@$LOWER_DOMAIN';";
+  docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "UPDATE users SET external_auth_id=REPLACE(external_auth_id, '@$LOWER_DOMAIN', '@$LOWER_DOMAIN_NEW) WHERE external_auth_id LIKE '%@$LOWER_DOMAIN';";
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/bookstack/docker-compose.yml | awk '{ print $2 }'`
@@ -869,7 +870,7 @@ convert_freescout() {
 
   convert_generic freescout
 
-  docker exec postgresql bash -c "psql -U freescout -c \"update users set email='admin@$DOMAIN_NEW' where id='1'\""
+  docker exec postgresql bash -c "psql -U freescout -c \"UPDATE users SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'\""
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/freescout/docker-compose.yml | awk '{ print $2 }'`
@@ -901,85 +902,7 @@ convert_espocrm() {
   ESPOCRM_CLIENT_SECRET=$(cat /federated/apps/espocrm/.env | grep ESPOCRM_CONFIG_OIDC_CLIENT_SECRET | awk -F= '{ print $2 }')
   ESPOCRM_IMAGE_VERSION=$(cat /federated/apps/espocrm/.env | grep IMAGE_VERSION | awk -F\" '{ print $2 }')
 
-  rm -rf /federated/apps/espocrm
-  mkdir -p /federated/apps/espocrm/data/var/www/html
-
-cat > /federated/apps/espocrm/docker-compose.yml <<EOF
-version: '3.7'
-
-services:
-  espocrm:
-    image: espocrm/espocrm:\${IMAGE_VERSION}
-    container_name: espocrm
-    hostname: espocrm.$DOMAIN_NEW
-    restart: always
-    extra_hosts:
-      - "authelia.$DOMAIN_NEW:$EXTERNALIP"
-    networks:
-      core:
-        ipv4_address: 192.168.0.39
-    env_file:
-      - ./.env
-    volumes:
-      - ./data/var/www/html:/var/www/html
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.espocrm.rule=Host(\`espocrm.$DOMAIN_NEW\`)"
-      - "traefik.http.routers.espocrm.entrypoints=websecure"
-      - "traefik.http.routers.espocrm.tls.certresolver=letsencrypt"
-
-networks:
-  core:
-    external: true
-EOF
-
-ESPOCRM_SECRET=$(create_password);
-
-cat > /federated/apps/espocrm/.env <<EOF
-IMAGE_VERSION="$ESPOCRM_IMAGE_VERSION"
-ESPOCRM_DATABASE_HOST=pdnsmysql.$DOMAIN_NEW
-ESPOCRM_DATABASE_NAME=espocrm
-ESPOCRM_DATABASE_USER=espocrm
-ESPOCRM_DATABASE_PASSWORD=$ESPOCRM_SECRET
-ESPOCRM_ADMIN_USERNAME=admin@$DOMAIN_NEW
-ESPOCRM_ADMIN_PASSWORD=$ADMINPASS
-ESPOCRM_CONFIG_SMTP_PORT=587
-ESPOCRM_CONFIG_SMTP_AUTH=true
-ESPOCRM_CONFIG_SMTP_SECURITY=TLS
-ESPOCRM_CONFIG_SMTP_USERNAME=$SMTPUSER
-ESPOCRM_CONFIG_SMTP_PASSWORD=$ADMINPASS
-ESPOCRM_CONFIG_SMTP_SERVER=mail.$DOMAIN_NEW
-ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS=espocrm@$DOMAIN_NEW
-ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP
-ESPOCRM_CONFIG_LDAP_USER_NAME_ATTRIBUTE=mail
-ESPOCRM_CONFIG_LDAP_USER_FIRST_NAME_ATTRIBUTE=givenName
-ESPOCRM_CONFIG_LDAP_USER_LAST_NAME_ATTRIBUTE=sn
-ESPOCRM_CONFIG_LDAP_USER_TITLE_ATTRIBUTE=cn
-ESPOCRM_CONFIG_LDAP_USER_EMAIL_ADDRESS_ATTRIBUTE=mail
-ESPOCRM_CONFIG_LDAP_USER_PHONE_NUMBER_ATTRIBUTE=cn
-ESPOCRM_CONFIG_LDAP_USER_OBJECT_CLASS=inetOrgPerson
-ESPOCRM_CONFIG_LDAP_HOST=ldap.$DOMAIN_NEW
-ESPOCRM_CONFIG_LDAP_PORT=636
-ESPOCRM_CONFIG_LDAP_SECURITY=SSL
-ESPOCRM_CONFIG_LDAP_AUTH=true
-ESPOCRM_CONFIG_LDAP_USERNAME=cn=admin,$DOMAIN_NEW_LDAP_dc
-ESPOCRM_CONFIG_LDAP_PASSWORD=$LDAP_SECRET
-ESPOCRM_CONFIG_LDAP_ACCOUNT_CANONICAL_FORM=Dn
-ESPOCRM_CONFIG_LDAP_BASE_DN=$DOMAIN_NEW_LDAP_dc
-ESPOCRM_CONFIG_LDAP_BIND_REQUIRES_DN=true
-ESPOCRM_CONFIG_LDAP_CREATE_ESPO_USER=true
-ESPOCRM_CONFIG_LDAP_PORTAL_USER_LDAP_AUTH=true
-ESPOCRM_SITE_URL="https://espocrm.$DOMAIN_NEW"
-EOF
-chmod 600 /federated/apps/espocrm/.env
-
-  # Create database and user in mysql
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database espocrm;'"
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop user espocrm;'"
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'create database espocrm;'"
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"CREATE USER 'espocrm'@'%' IDENTIFIED BY '$ESPOCRM_SECRET';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on espocrm.* to 'espocrm'@'%';\""
-  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'"
+  convert_generic espocrm
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/espocrm/docker-compose.yml | awk '{ print $2 }'`
@@ -987,32 +910,13 @@ chmod 600 /federated/apps/espocrm/.env
   # Start service with command to make sure it's up before proceeding
   start_service_convert "espocrm" "nc -z $SERVICE_IP 80 &> /dev/null"
 
-  # Configure SSO to Authelia
-cat >> /federated/apps/espocrm/.env <<EOF
-ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
-ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
-ESPOCRM_CONFIG_OIDC_FALLBACK=true
-ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
-ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
-ESPOCRM_CONFIG_OIDC_AUTHORIZATION_ENDPOINT=https://authelia.$DOMAIN_NEW/api/oidc/authorization
-ESPOCRM_CONFIG_OIDC_TOKEN_ENDPOINT=https://authelia.$DOMAIN_NEW/api/oidc/token
-ESPOCRM_CONFIG_OIDC_JWKS_ENDPOINT=https://authelia.$DOMAIN_NEW/jwks.json
-ESPOCRM_CONFIG_OIDC_LOGOUT_URL=https://authelia.$DOMAIN_NEW/logout
-ESPOCRM_CONFIG_OIDC_CREATE_USER=true
-ESPOCRM_CONFIG_OIDC_ALLOW_ADMIN_USER=true
-ESPOCRM_CONFIG_OIDC_SYNC=false
-ESPOCRM_CONFIG_OIDC_SYNC_TEAMS=false
-ESPOCRM_CONFIG_OIDC_ALLOW_REGULAR_USER_FALLBACK=false
-ESPOCRM_CONFIG_OIDC_AUTHORIZATION_PROMPT=consent
-EOF
-
-  # Add in Scopes after authenticationMethod
-  sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php
-  sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
-  sed -i "/authenticationMethod/a  \  'oidcScopes' => [\n\    0 => 'profile',\n\    1 => 'email',\n\    2 => 'groups',\n\    3 => 'openid'\n\  ]," /federated/apps/espocrm/data/var/www/html/data/config.php
-
-  # Set auth method to Oidc only
-  sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE user SET user_name=REPLACE(user_name, '@$DOMAIN', '@$DOMAIN_NEW') WHERE user_name LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE email_account SET email_address=REPLACE(email_address, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email_address LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE email_account SET username=REPLACE(username, '@$DOMAIN', '@$DOMAIN_NEW') WHERE username LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE email_account SET smtp_username=REPLACE(smtp_username, '@$DOMAIN', '@$DOMAIN_NEW') WHERE smtp_username LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE email_address SET name=REPLACE(name, '@$DOMAIN', '@$DOMAIN_NEW') WHERE name LIKE '%@$DOMAIN';\""
+  docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD espocrm -e \"UPDATE email_address SET lower=REPLACE(lower, '@$DOMAIN', '@$DOMAIN_NEW') WHERE lower LIKE '%@$DOMAIN';\""
+  # FIXME did we catch every possible place for email addresses above?
 
   run_command "/federated/bin/stop espocrm"
   run_command "/federated/bin/start espocrm"
@@ -1123,13 +1027,6 @@ EXTERNALIP=`dig @resolver4.opendns.com myip.opendns.com +short 2> /dev/null`
 if ! echo $DOMAIN_NEW |grep -q '\.'; then
   failcheck "$DOMAIN_NEW is not a valid domain.com or sub.domain.com"
 fi
-if [ -e /federated/apps/panel/.env ]; then
-	DOMAIN_LDAP_dc="$(cat /federated/apps/panel/.env |grep ^LDAP_BASE_DN= |cut -d= -f2-)"
-else
-	# This is likely a newly provisioned domain with hardcodes
-	DOMAIN_LDAP_dc="dc=federatedcomputer,dc=cloud"
-fi
-DOMAIN_LDAP_DC="${DOMAIN_LDAP_dc//dc=/DC=}"
 DOMAIN_NEW_LDAP_dc="dc=${DOMAIN_NEW//./,dc=}"
 DOMAIN_NEW_LDAP_DC="DC=${DOMAIN_NEW//./,DC=}"
 DOMAIN_LDAP_dc="dc=${DOMAIN//./,dc=}"