From 7b9e27cfe6e9812fa68e0e8fbeadbc7b454b822f Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Mon, 23 Sep 2024 22:49:53 +1000
Subject: [PATCH] feat: enable retrieving bindpass from vault

- set bindpass/binddn/url correctly for ldap
- retrieve bindpass from vault
---
 auth_backend_ldap.tf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/auth_backend_ldap.tf b/auth_backend_ldap.tf
index a49d979..71eb6c3 100644
--- a/auth_backend_ldap.tf
+++ b/auth_backend_ldap.tf
@@ -1,13 +1,22 @@
 #--------------------------------
 # Enable ldap auth method
 #--------------------------------
+
+# retrieve the bindpass from Vault
+data "vault_generic_secret" "ldap_bindpass" {
+  path = "kv/service/glauth/services/svc_vault"
+}
+
+# create the ldap backend
 resource "vault_ldap_auth_backend" "ldap" {
   path        = "ldap"
-  url         = "ldap://ldap.query.consul"
+  url         = "ldap://ldap.service.consul"
   userdn      = "dc=main,dc=unkin,dc=net"
   userattr    = "uid"
   upndomain   = "main.unkin.net"
   discoverdn  = false
   groupdn     = "ou=groups,dc=main,dc=unkin,dc=net"
   groupfilter = "(memberOf=ou=vault_access,ou=groups,dc=main,dc=unkin,dc=net)"
+  binddn      = "svc_vault"
+  bindpass    = data.vault_generic_secret.ldap_bindpass.data["pass"]
 }