diff --git a/modules/utilities/unix/authentication/ldap_server/manifests/install.pp b/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
index a8df2bcb2..8096270d5 100644
--- a/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
+++ b/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
@@ -5,6 +5,10 @@ class ldap_server::install {
$organization = $secgen_parameters['organization'][0]
$admin_password = $secgen_parameters['admin_password'][0]
+ # Convert domain to LDAP DN format (e.g., "secgen.local" -> "dc=secgen,dc=local")
+ $domain_parts = split($domain, '\.')
+ $base_dn = $domain_parts.map |$part| { "dc=${part}" }.join(',')
+
# Pre-seed debconf values to make slapd installation non-interactive
# This prevents prompts during package installation
exec { 'preseed-slapd':
@@ -48,6 +52,14 @@ class ldap_server::install {
package { 'phpldapadmin':
ensure => installed,
}
+
+ ->
+ # Configure phpLDAPadmin base DN to match LDAP domain
+ exec { 'configure-phpldapadmin-base-dn':
+ command => "/bin/sed -i \"s/\\$servers->setValue('server','base',array('dc=example,dc=com'));/\\$servers->setValue('server','base',array('${base_dn}'));/\" /etc/phpldapadmin/config.php",
+ onlyif => "/bin/grep -q \"dc=example,dc=com\" /etc/phpldapadmin/config.php",
+ path => ['/bin', '/usr/bin'],
+ }
->
# Enable PHP module in Apache (version-agnostic)
# Uses find to locate the installed PHP module and enables it
diff --git a/scenarios/labs/systems_security/3_ss_conf.xml b/scenarios/labs/systems_security/3_ss_conf.xml
index bbc89f9fc..8b156e7d7 100644
--- a/scenarios/labs/systems_security/3_ss_conf.xml
+++ b/scenarios/labs/systems_security/3_ss_conf.xml
@@ -120,6 +120,8 @@
+
+