Ldap WIP

modules/server/containers/data/authentik/ldap.yaml

@@ -32,3 +32,30 @@ entries:
         !Find [authentik_core.token, [identifier, ldap-outpost-static-token]]
       config:
         log_level: info
+
+  - model: authentik_core.user
+    state: present
+    identifiers:
+      username: "ldap-service"
+    attrs:
+      name: "LDAP Bind Service Account"
+      is_active: true
+      password: !Env DEFAULT_LDAP_PASSWORD
+      attributes:
+        ak_recovery_immutable: true
+
+  - model: authentik_core.group
+    state: present
+    identifiers:
+      name: "LDAP Bind Service Account Group"
+    attrs:
+      users:
+        - !Find [authentik_core.user, [username, ldap-service]]
+
+  - model: authentik_policies.policybinding
+    state: present
+    identifiers:
+      target:
+        !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
+      permission: "authentik_providers_ldap.search_full_directory"
+      user: !Find [authentik_core.user, [username, ldap-service]]