From a0d4c4fcbc2eaeae621817c62b6d7579a3b9f4fd Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <ace@haxalot.com>
Date: Sun, 27 Nov 2022 22:39:39 +0100
Subject: [PATCH] Fix and improve LDAP configuration

With these changes, LDAP auth should be possible to set up for more
people without needing to manually edit the resulting configmap.
---
 templates/configmap-env.yaml | 9 ++++++---
 values.yaml                  | 5 +++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml
index 5d0b96d..89d947e 100644
--- a/templates/configmap-env.yaml
+++ b/templates/configmap-env.yaml
@@ -281,13 +281,16 @@ data:
   {{- if .Values.externalAuth.ldap.enabled }}
   LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
   LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
-  LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
+  LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }}
   LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
+  {{- if .Values.externalAuth.ldap.tls_no_verify }}
+  LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }}
+  {{- end }}
   {{- if .Values.externalAuth.ldap.base }}
   LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
   {{- end }}
-  {{- if .Values.externalAuth.ldap.bind_on }}
-  LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
+  {{- if .Values.externalAuth.ldap.bind_dn }}
+  LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }}
   {{- end }}
   {{- if .Values.externalAuth.ldap.password }}
   LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
diff --git a/values.yaml b/values.yaml
index 07171fc..9587f05 100644
--- a/values.yaml
+++ b/values.yaml
@@ -265,10 +265,11 @@ externalAuth:
   ldap:
     enabled: false
     # host: myservice.namespace.svc
-    # port: 389
+    # port: 636
     # method: simple_tls
+    # tls_no_verify: true
     # base:
-    # bind_on:
+    # bind_dn:
     # password:
     # uid: cn
     # mail: mail