feat(settings): write preferredLanguage to FreeIPA + propagate
- AccountSettings's existing language picker now persists to FreeIPA via LDAP modify as svc-gsc-admin (new role 'User Preferred Language Manager' granted `write` on `preferredLanguage`). - Server action also sets NEXT_LOCALE cookie Domain=.gosec.internal so admin.gosec.internal / siblings pick up the change before the next Keycloak token refresh. - src/i18n/request.ts updated to read the Keycloak claim `preferred_language` (resolution: cookie → claim → header → en). Other AccountSettings fields are accepted silently for now; they'll move to FreeIPA / dedicated stores in the Phase 2 cleanup. + ldapts dep for the LDAP client. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Super User
@@ -31,7 +31,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: my-ui
|
||||
image: registry.gosec.internal/gsc-my/ui:v0.1.6
|
||||
image: registry.gosec.internal/gsc-my/ui:v0.1.7
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -104,6 +104,28 @@ spec:
|
||||
secretKeyRef:
|
||||
name: my-ui
|
||||
key: nextauth-secret
|
||||
# FreeIPA LDAP bind for user-attribute writes (preferredLanguage).
|
||||
# Goes through the internal-gateway Envoy → 172.17.3.100:636.
|
||||
- name: FREEIPA_LDAP_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: freeipa-bind
|
||||
key: url
|
||||
- name: FREEIPA_BIND_DN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: freeipa-bind
|
||||
key: bind-dn
|
||||
- name: FREEIPA_BIND_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: freeipa-bind
|
||||
key: bind-password
|
||||
- name: FREEIPA_USERS_BASE_DN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: freeipa-bind
|
||||
key: users-base-dn
|
||||
# gsc-ops-api (mTLS) for chat contacts route. Cert files are
|
||||
# mounted from a separate secret if/when the route is used;
|
||||
# leaving the URL unset disables the contacts provider
|
||||
|
||||
Reference in New Issue
Block a user