From 4e7a348461532cce9d780141cd7fa536a291948c Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Thu, 14 May 2026 20:41:28 +0200
Subject: [PATCH] Fix ldap

---
 .../containers/data/authentik/ldap.yaml       | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/modules/server/containers/data/authentik/ldap.yaml b/modules/server/containers/data/authentik/ldap.yaml
index 905114c..e46ba5e 100644
--- a/modules/server/containers/data/authentik/ldap.yaml
+++ b/modules/server/containers/data/authentik/ldap.yaml
@@ -39,7 +39,34 @@ entries:
       username: "ldap-service"
     attrs:
       name: "LDAP Bind Service Account"
+      type: "service_account"
+      path: "goauthentik.io"
       is_active: true
       password: !Env DEFAULT_LDAP_PASSWORD
       attributes:
         ak_recovery_immutable: true
+
+  - model: authentik_rbac.role
+    state: present
+    identifiers:
+      name: "LDAP Search Role"
+
+  - model: authentik_core.group
+    state: present
+    identifiers:
+      name: "LDAP Search Group"
+    attrs:
+      users:
+        - !Find [authentik_core.user, [username, "ldap-service"]]
+      roles:
+        - !Find [authentik_rbac.role, [name, "LDAP Search Role"]]
+
+  - model: authentik_providers_ldap.ldapprovider
+    state: present
+    identifiers:
+      name: ldap-provider
+    attrs:
+      object_permissions:
+        - role: !Find [authentik_rbac.role, [name, "LDAP Search Role"]]
+          permissions:
+            - "authentik_providers_ldap.search_full_directory"