apiVersion: v1
data:
  # Leave as true untill LDAP has been successfuly set up - enables manual login
  admin.enabled: "true"
  dex.config: |
    connectors:
    - type: ldap
      name: LDAP
      id: ldap
      config:
        # Ldap server address (choice of port depends on your set-up, see docs)
        host: "ldap.undercloud.local:389"
        insecureNoSSL: true
        insecureSkipVerify: true
        startTLS: false
        # Variable name stores ldap bindDN in argocd-secret
        bindDN: "cn=argocd,ou=serviceaccounts,ou=users,dc=undercloud,dc=local"
        # Variable name stores ldap bind password in argocd-secret
        bindPW: "$dex.ldap.bindPW"
        usernamePrompt: username 
        # Ldap user search attributes
        userSearch:
          baseDN: "cn=users,dc=undercloud,dc=local"
          filter: "(objectClass=inetOrgPerson)"
          username: uid
          idAttr: uid
          emailAttr: mail
          nameAttr: cn
        groupSearch:
          baseDN: "dc=undercloud,dc=local"
          filter: "(objectClass=groupOfUniqueNames)"
          userMatchers:
          - userAttr: uid
            groupAttr: uniqueMember
          # Represents group name.
          nameAttr: name
  # This will prevent ldap login to redirect to itself.
  url: argocd.apps.undercloud.dev