#--------------------------------
# Enable ldap auth method
#--------------------------------

# retrieve the bindpass from Vault
data "vault_generic_secret" "ldap_bindpass" {
  path = "kv/service/glauth/services/svc_vault"
}

# create the ldap backend
resource "vault_ldap_auth_backend" "ldap" {
  path        = "ldap"
  url         = "ldap://ldap.service.consul"
  userdn      = "dc=main,dc=unkin,dc=net"
  userattr    = "uid"
  upndomain   = "main.unkin.net"
  discoverdn  = false
  groupdn     = "ou=groups,dc=main,dc=unkin,dc=net"
  groupfilter = "(memberOf=ou=vault_access,ou=groups,dc=main,dc=unkin,dc=net)"
  binddn      = "svc_vault"
  bindpass    = data.vault_generic_secret.ldap_bindpass.data["pass"]
}