69 lines
1.8 KiB
YAML
69 lines
1.8 KiB
YAML
version: 1
|
|
metadata:
|
|
name: Pre-configured LDAP Outpost
|
|
entries:
|
|
- model: authentik_providers_ldap.ldapprovider
|
|
identifiers:
|
|
name: ldap-provider
|
|
attrs:
|
|
base_dn: "@AUTHENTIK_LDAP_DC_DOMAIN@"
|
|
search_group: null
|
|
authorization_flow:
|
|
!Find [authentik_flows.flow, [slug, default-authentication-flow]]
|
|
invalidation_flow:
|
|
!Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
|
|
|
|
- model: authentik_core.token
|
|
identifiers:
|
|
identifier: ldap-outpost-static-token
|
|
attrs:
|
|
intent: api
|
|
key: !Env AUTHENTIK_TOKEN
|
|
user: 1
|
|
|
|
- model: authentik_outposts.outpost
|
|
identifiers:
|
|
name: LDAP Outpost
|
|
attrs:
|
|
type: ldap
|
|
providers:
|
|
- !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
|
|
token:
|
|
!Find [authentik_core.token, [identifier, ldap-outpost-static-token]]
|
|
config:
|
|
log_level: info
|
|
authentik_host: https://sso.test.helcel.net/
|
|
refresh_interval: minutes=5
|
|
authentik_host_insecure: false
|
|
|
|
- model: authentik_core.user
|
|
state: present
|
|
identifiers:
|
|
username: "ldap-service"
|
|
attrs:
|
|
name: "LDAP Bind Service Account"
|
|
type: "service_account"
|
|
path: "goauthentik.io"
|
|
is_active: true
|
|
password: !Env DEFAULT_LDAP_PASSWORD
|
|
attributes:
|
|
ak_recovery_immutable: true
|
|
|
|
- model: authentik_rbac.role
|
|
state: present
|
|
identifiers:
|
|
name: "LDAP Search Role"
|
|
attrs:
|
|
permissions:
|
|
- "authentik_providers_ldap.search_full_directory"
|
|
|
|
- model: authentik_core.group
|
|
state: present
|
|
identifiers:
|
|
name: "LDAP Search Group"
|
|
attrs:
|
|
users:
|
|
- !Find [authentik_core.user, [username, "ldap-service"]]
|
|
roles:
|
|
- !Find [authentik_rbac.role, [name, "LDAP Search Role"]]
|