{
  "name"      : "Identity Service",
  "desc"      : "If you use Microsoft Active Directory to manage your organization's users, you can specify an AD group that can access the ICDx portal.",
  "attributes": {
    "enabled": {
      "name": "Enabled",
      "desc": "Enable Active Directory integration.",
      "enum": null // remove the enum
    },
    "config" : {
      "attributes": {
        "ldap": {
          "desc"      : "The Active Directory configuration for the Identity service.",
          "type"      : "object",
          "attributes": {
            "url"     : {
              "name"       : "Server URL",
              "desc"       : "The Active Directory URL. The LDAPS protocol is strongly recommended, if supported.",
              "requirement": "required",
              "type"       : "string"
            },
            "username": {
              "name"       : "User Name",
              "desc"       : "The Distinguished Name or the User Principal Name of the user to bind to Active Directory.",
              "requirement": "required",
              "max_len"    : 256,
              "type"       : "string"
            },
            "password": {
              "name"       : "Password",
              "desc"       : "The password of the user specified above.",
              "requirement": "required",
              "max_len"    : 256,
              "subtype"    : "password",
              "type"       : "string"
            },
            "base_dn" : {
              "name"       : "Base DN",
              "desc"       : "The root Distinguished Name to use when running queries against the Active Directory server.",
              "requirement": "required",
              "max_len"    : 256,
              "type"       : "string"
            },
            "group"   : {
              "name"       : "AD Group",
              "desc"       : "The Common Name of an Active Directory group that can log on to the ICDx user interface.",
              "requirement": "required",
              "max_len"    : 256,
              "type"       : "string"
            },
            "insecure": {
              "name"       : "Insecure",
              "desc"       : "Enable this for LDAPS to always trust the certificate of the AD server (for test environments).",
              "requirement": "system",
              "type"       : "boolean",
              "default"    : false
            }
          }
        }
      }
    }
  }
}