attributes:
  domain:
    value: ''
    label: 'Domain name'
    description: 'Name of the Keystone domain'
    weight: 20
    type: "text"
    regex:
      source: '^[a-zA-Z0-9._-]+$'
      error: "Domain name contains unexpected value. Must only contain letters, numbers and characters . / _ / -"
  url:
    value: ''
    label: 'LDAP URL'
    description: 'URL for connecting to the LDAP server.'
    weight: 25
    type: "text"
    regex:
      source: '^ldap[si]?:\/\/([a-zA-Z0-9._-]+)(:[0-9]+)?$'
      error: "LDAP URL is not valid. Should be e.g. 'ldap://example.com'."
  ldap_proxy:
    value: false
    label: "LDAP proxy"
    description: "Enable LDAP proxy."
    weight: 26
    type: "checkbox"
  use_tls:
    value: false
    label: "Use TLS"
    description: "Enable TLS for communicating with the LDAP server."
    weight: 27
    type: "checkbox"
  ca_chain:
    type: "textarea"
    weight: 28
    value: ''
    label: "CA Chain"
    description: "CA trust chain in PEM format."
    restrictions:
      - condition: 'settings:ldap.use_tls.value == false'
        action: "disable"
    regex:
      source: '^(-----BEGIN CERTIFICATE-----)(.*[\r\n])+(-----END CERTIFICATE-----[\s\S]*?)$|^$'
      error: "Please provide certificate in PEM format or leave this field empty"
  suffix:
    value: 'cn=example,cn=com'
    label: 'LDAP Suffix'
    description: 'LDAP server suffix.'
    weight: 29
    type: "text"
  user:
    value: 'cn=admin,dc=local'
    label: 'LDAP User'
    description: 'User BindDN to query the LDAP server.'
    weight: 30
    type: "text"
  password:
    value: ''
    label: 'LDAP User Password'
    description: 'Password for the BindDN to query the LDAP server.'
    weight: 35
    type: "password"
    regex:
      source: '^\S+$'
      error: "Password must not contain spaces."
  query_scope:
    value: 'one'
    label: 'LDAP Query Scope'
    description: 'The LDAP scope for queries.'
    weight: 40
    type: "radio"
    values:
      - data: 'one'
        label: 'one'
        description: 'onelevel/singleLevel scope for LDAP queries'
      - data: 'sub'
        label: 'sub'
        description: 'subtree/wholeSubtree scope for LDAP queries'
  user_tree_dn:
    value: 'ou=Users,dc=example,dc=com'
    label: 'Users Tree DN'
    description: 'Search base for users.'
    weight: 45
    type: "text"
  user_filter:
    value: ''
    label: 'User Filter'
    description: 'LDAP search filter for users.'
    weight: 46
    type: "text"
  user_objectclass:
    value: 'inetOrgPerson'
    label: 'User Object Class'
    description: 'LDAP objectclass for users.'
    weight: 50
    type: "text"
  user_id_attribute:
    value: 'cn'
    label: 'User ID Attribute'
    description: 'LDAP attribute mapped to user id.'
    weight: 55
    type: "text"
  user_name_attribute:
    value: 'sn'
    label: 'User Name Attribute'
    description: 'LDAP attribute mapped to user name.'
    weight: 60
    type: "text"
  user_pass_attribute:
    value: 'userPassword'
    label: 'User Password Attribute'
    description: 'LDAP attribute mapped to password.'
    weight: 65
    type: "text"
  user_enabled_attribute:
    value: 'enabled'
    label: 'User Enabled/Disabled Attribute'
    description: 'LDAP attribute mapped to enabled/disabled.'
    weight: 66
    type: "text"
  group_tree_dn:
    value: 'ou=Groups,dc=example,dc=com'
    label: 'Groups Tree DN'
    description: 'Search base for groups.'
    weight: 75
    type: "text"
  group_filter:
    value: ''
    label: 'Group Filter'
    description: 'LDAP search filter for groups.'
    weight: 80
    type: "text"
  group_objectclass:
    value: 'groupOfNames'
    label: 'Group Object Class'
    description: 'LDAP objectclass for groups.'
    weight: 85
    type: "text"
  group_id_attribute:
    value: 'cn'
    label: 'Group ID Attribute'
    description: 'LDAP attribute mapped to group id.'
    weight: 90
    type: "text"
  group_name_attribute:
    value: 'ou'
    label: 'Group Name Attribute'
    description: 'LDAP attribute mapped to group name.'
    weight: 95
    type: "text"
  group_member_attribute:
    value: 'member'
    label: 'Group Member Attribute'
    description: 'LDAP attribute that maps user to group.'
    weight: 100
    type: "text"
  group_desc_attribute:
    value: 'description'
    label: 'Group description Attribute'
    description: 'LDAP attribute mapped to description.'
    weight: 105
    type: "text"
  page_size:
    value: '0'
    label: 'Page Size Attribute'
    description: 'Maximum results per page.'
    weight: 110
    type: "text"
    regex:
      source: '^[0-9]+$'
      error: "Page size contains unexpected value. It must contain only numbers."
  chase_referrals:
    value: 'False'
    label: 'Chase referrals Attribute'
    description: 'Referral chasing behavior for queries.'
    weight: 115
    type: "text"
    regex:
      source: '^[Ff]alse$|^[Tt]rue$'
      error: "Chase referrals must contains boolean values: False or True."
  additional_domains:
    type: "textarea"
    weight: 120
    value: ''
    label: "List of additional Domains"
    description: "Blocks of additional domains/parameters that should be created."
  ldap_proxy_custom_conf:
    type: "textarea"
    weight: 125
    value: ''
    label: "List of custom LDAP proxy configs"
    description: "List of custom LDAP proxy configs."