apiVersion: v1
kind: ConfigMap
metadata:
  name: mp-demo-ldap-init
  namespace: mp-demo
data:
  acl.ldif: |
    dn:  olcDatabase={1}{{ LDAP_BACKEND }},cn=config
    changetype: modify
    replace: olcAccess
    olcAccess: {0}to dn="cn=admin,{{ LDAP_BASE_DN }}"
      by anonymous auth
      by self write
      by * none
    olcAccess: {1}to attrs=userPassword,shadowLastChange
      by dn="cn=idm,ou=Administrators,{{ LDAP_BASE_DN }}" write
      by dn="cn=admin,{{ LDAP_BASE_DN }}" write
      by anonymous auth
      by self write
      by * none
    olcAccess: {2}to dn.base=""
      by * read
    olcAccess: {3}to dn.subtree="ou=people,{{ LDAP_BASE_DN }}"
      by dn="cn=idm,ou=Administrators,{{ LDAP_BASE_DN }}" write
    olcAccess: {4}to dn.subtree="ou=groups,{{ LDAP_BASE_DN }}"
      by dn="cn=idm,ou=Administrators,{{ LDAP_BASE_DN }}" write
    olcAccess: {5}to *
      by dn="cn=admin,{{ LDAP_BASE_DN }}" write
      by dn="cn=idm,ou=Administrators,{{ LDAP_BASE_DN }}" read
      by self read
      by * none
  baseEntry.ldif: |+
    dn: ou=groups,{{ LDAP_BASE_DN }}
    objectClass: top
    objectClass: organizationalUnit
    ou: groups

    dn: ou=people,{{ LDAP_BASE_DN }}
    objectClass: top
    objectClass: organizationalUnit
    ou: people

    dn: ou=administrators,{{ LDAP_BASE_DN }}
    objectClass: top
    objectClass: organizationalUnit
    ou: administrators

    dn: cn=idm,ou=Administrators,dc=example,dc=com
    objectclass: top
    objectclass: person
    cn: idm
    sn: IDM Administrator
    description: Special LDAP acccount used by the IDM
      to access the LDAP data.
    userPassword: {SSHA}R5KF3K4X2FX5gkWKuDxm4M6gZyO0QgNF

  ppolicy.ldif: |
    #load password policy module
    dn: cn=module{0},cn=config
    changetype: modify
    add: olcModuleLoad
    olcModuleLoad: {2}ppolicy

    #configure password policy module
    dn: olcOverlay=ppolicy,olcDatabase={1}{{ LDAP_BACKEND }},cn=config
    changetype: add
    objectClass: olcPPolicyConfig
    objectClass: olcOverlayConfig
    olcOverlay: ppolicy
    olcPPolicyDefault: cn=default,ou=pwpolicies,{{ LDAP_BASE_DN }}
    olcPPolicyHashCleartext: TRUE
    olcPPolicyUseLockout: TRUE
  sssvlv.ldif: |
    #load sssvlv module
    dn: cn=module{0},cn=config
    changetype: modify
    add: olcModuleLoad
    olcModuleLoad: {3}sssvlv

    #configure sssvlv module
    dn: olcOverlay=sssvlv,olcDatabase={1}{{ LDAP_BACKEND }},cn=config
    changetype: add
    objectClass: olcSssVlvConfig
    objectClass: olcOverlayConfig
    olcOverlay: sssvlv