silo/deployments/ldap/silo-groups.ldif

# Create Silo role groups for LDAP-based access control.
# These groups map to Silo roles via auth.ldap.role_mapping in config.yaml.
#
# Group hierarchy:
#   silo-admins  -> admin role  (full access)
#   silo-users   -> editor role (create/modify items)
#   silo-viewers  -> viewer role (read-only)
#
# The initial LDAP user (set via LDAP_USERS env var) is added to silo-admins.
# Additional users can be added with ldapadd or ldapmodify.
#
# Loaded automatically by bitnami/openldap from /docker-entrypoint-initdb.d/
# Note: This runs after the default tree is created (users/groups OUs exist).

# Admin group — initial user is a member
dn: cn=silo-admins,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-admins
description: Silo administrators (full access)
member: cn=siloadmin,ou=users,dc=silo,dc=local

# Editor group
dn: cn=silo-users,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-users
description: Silo editors (create and modify items)
member: cn=placeholder,ou=users,dc=silo,dc=local

# Viewer group
dn: cn=silo-viewers,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-viewers
description: Silo viewers (read-only access)
member: cn=placeholder,ou=users,dc=silo,dc=local