Add stub LDAP API type and integration test

The goal here was to start on an integration test to get us closer to the red
test that we want so we can start working on LDAP.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

apis/supervisor/idp/v1alpha1/register.go.tmpl

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go.tmpl

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -0,0 +1,86 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: ldapidentityproviders.idp.supervisor.pinniped.dev
+spec:
+  group: idp.supervisor.pinniped.dev
+  names:
+    categories:
+    - pinniped
+    - pinniped-idp
+    - pinniped-idps
+    kind: LDAPIdentityProvider
+    listKind: LDAPIdentityProviderList
+    plural: ldapidentityproviders
+    singular: ldapidentityprovider
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.host
+      name: Host
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LDAPIdentityProvider describes the configuration of an upstream
+          Lightweight Directory Access Protocol (LDAP) identity provider.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec for configuring the identity provider.
+            properties:
+              host:
+                description: 'Host is the hostname of this LDAP identity provider,
+                  i.e., where to connect. For example: ldap.example.com:636.'
+                minLength: 1
+                type: string
+            required:
+            - host
+            type: object
+          status:
+            description: Status of the identity provider.
+            properties:
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the LDAPIdentityProvider.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

deploy/supervisor/z0_crd_overlay.yaml

@@ -22,3 +22,12 @@ metadata:
   name: #@ pinnipedDevAPIGroupWithPrefix("oidcidentityproviders.idp.supervisor")
 spec:
   group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
+
+#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"ldapidentityproviders.idp.supervisor.pinniped.dev"}}), expects=1
+---
+metadata:
+  #@overlay/match missing_ok=True
+  labels: #@ labels()
+  name: #@ pinnipedDevAPIGroupWithPrefix("ldapidentityproviders.idp.supervisor")
+spec:
+  group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")

generated/1.17/README.adoc

@@ -688,6 +688,62 @@ Condition status of a resource (mirrored from the metav1.Condition type added in
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityprovider"]
+==== LDAPIdentityProvider 
+
+LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access Protocol (LDAP) identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityproviderlist[$$LDAPIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec[$$LDAPIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus[$$LDAPIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec"]
+==== LDAPIdentityProviderSpec 
+
+Spec for configuring an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`host`* __string__ | Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus"]
+==== LDAPIdentityProviderStatus 
+
+Status of an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`phase`* __LDAPIdentityProviderPhase__ | Phase summarizes the overall status of the LDAPIdentityProvider.
+|===
+
+
 [id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig"]
 ==== OIDCAuthorizationConfig 
 

generated/1.17/apis/supervisor/idp/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.17/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go

@@ -28,6 +28,99 @@ func (in *Condition) DeepCopy() *Condition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
+func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]LDAPIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
+func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
+func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
+func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
 	*out = *in

generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go

@@ -15,6 +15,10 @@ type FakeIDPV1alpha1 struct {
 	*testing.Fake
 }
 
+func (c *FakeIDPV1alpha1) LDAPIdentityProviders(namespace string) v1alpha1.LDAPIdentityProviderInterface {
+	return &FakeLDAPIdentityProviders{c, namespace}
+}
+
 func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface {
 	return &FakeOIDCIdentityProviders{c, namespace}
 }

generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_ldapidentityprovider.go

@@ -0,0 +1,127 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeLDAPIdentityProviders implements LDAPIdentityProviderInterface
+type FakeLDAPIdentityProviders struct {
+	Fake *FakeIDPV1alpha1
+	ns   string
+}
+
+var ldapidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "ldapidentityproviders"}
+
+var ldapidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "LDAPIdentityProvider"}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *FakeLDAPIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *FakeLDAPIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(ldapidentityprovidersResource, ldapidentityprovidersKind, c.ns, opts), &v1alpha1.LDAPIdentityProviderList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.LDAPIdentityProviderList{ListMeta: obj.(*v1alpha1.LDAPIdentityProviderList).ListMeta}
+	for _, item := range obj.(*v1alpha1.LDAPIdentityProviderList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *FakeLDAPIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(ldapidentityprovidersResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Create(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Update(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeLDAPIdentityProviders) UpdateStatus(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(ldapidentityprovidersResource, "status", c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *FakeLDAPIdentityProviders) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeLDAPIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(ldapidentityprovidersResource, c.ns, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.LDAPIdentityProviderList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *FakeLDAPIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(ldapidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}

generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go

@@ -5,4 +5,6 @@
 
 package v1alpha1
 
+type LDAPIdentityProviderExpansion interface{}
+
 type OIDCIdentityProviderExpansion interface{}

generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go

@@ -13,6 +13,7 @@ import (
 
 type IDPV1alpha1Interface interface {
 	RESTClient() rest.Interface
+	LDAPIdentityProvidersGetter
 	OIDCIdentityProvidersGetter
 }
 
@@ -21,6 +22,10 @@ type IDPV1alpha1Client struct {
 	restClient rest.Interface
 }
 
+func (c *IDPV1alpha1Client) LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface {
+	return newLDAPIdentityProviders(c, namespace)
+}
+
 func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface {
 	return newOIDCIdentityProviders(c, namespace)
 }

generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,178 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
+	scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// LDAPIdentityProvidersGetter has a method to return a LDAPIdentityProviderInterface.
+// A group's client should implement this interface.
+type LDAPIdentityProvidersGetter interface {
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface
+}
+
+// LDAPIdentityProviderInterface has methods to work with LDAPIdentityProvider resources.
+type LDAPIdentityProviderInterface interface {
+	Create(*v1alpha1.LDAPIdentityProvider) (*v1alpha1.LDAPIdentityProvider, error)
+	Update(*v1alpha1.LDAPIdentityProvider) (*v1alpha1.LDAPIdentityProvider, error)
+	UpdateStatus(*v1alpha1.LDAPIdentityProvider) (*v1alpha1.LDAPIdentityProvider, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	List(opts v1.ListOptions) (*v1alpha1.LDAPIdentityProviderList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error)
+	LDAPIdentityProviderExpansion
+}
+
+// lDAPIdentityProviders implements LDAPIdentityProviderInterface
+type lDAPIdentityProviders struct {
+	client rest.Interface
+	ns     string
+}
+
+// newLDAPIdentityProviders returns a LDAPIdentityProviders
+func newLDAPIdentityProviders(c *IDPV1alpha1Client, namespace string) *lDAPIdentityProviders {
+	return &lDAPIdentityProviders{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *lDAPIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *lDAPIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.LDAPIdentityProviderList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *lDAPIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Create(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Body(lDAPIdentityProvider).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Update(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		Body(lDAPIdentityProvider).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *lDAPIdentityProviders) UpdateStatus(lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		SubResource("status").
+		Body(lDAPIdentityProvider).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *lDAPIdentityProviders) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *lDAPIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *lDAPIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

generated/1.17/client/supervisor/informers/externalversions/generic.go

@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
+	case idpv1alpha1.SchemeGroupVersion.WithResource("ldapidentityproviders"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().LDAPIdentityProviders().Informer()}, nil
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 

generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go

@@ -11,6 +11,8 @@ import (
 
 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+	LDAPIdentityProviders() LDAPIdentityProviderInformer
 	// OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 	OIDCIdentityProviders() OIDCIdentityProviderInformer
 }
@@ -26,6 +28,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }
 
+// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+func (v *version) LDAPIdentityProviders() LDAPIdentityProviderInformer {
+	return &lDAPIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer {
 	return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,76 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
+	versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
+	internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderInformer provides access to a shared informer and lister for
+// LDAPIdentityProviders.
+type LDAPIdentityProviderInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.LDAPIdentityProviderLister
+}
+
+type lDAPIdentityProviderInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).Watch(options)
+			},
+		},
+		&idpv1alpha1.LDAPIdentityProvider{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *lDAPIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *lDAPIdentityProviderInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&idpv1alpha1.LDAPIdentityProvider{}, f.defaultInformer)
+}
+
+func (f *lDAPIdentityProviderInformer) Lister() v1alpha1.LDAPIdentityProviderLister {
+	return v1alpha1.NewLDAPIdentityProviderLister(f.Informer().GetIndexer())
+}

generated/1.17/client/supervisor/listers/idp/v1alpha1/expansion_generated.go

@@ -5,6 +5,14 @@
 
 package v1alpha1
 
+// LDAPIdentityProviderListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderLister.
+type LDAPIdentityProviderListerExpansion interface{}
+
+// LDAPIdentityProviderNamespaceListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderNamespaceLister.
+type LDAPIdentityProviderNamespaceListerExpansion interface{}
+
 // OIDCIdentityProviderListerExpansion allows custom methods to be added to
 // OIDCIdentityProviderLister.
 type OIDCIdentityProviderListerExpansion interface{}

generated/1.17/client/supervisor/listers/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,81 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderLister helps list LDAPIdentityProviders.
+type LDAPIdentityProviderLister interface {
+	// List lists all LDAPIdentityProviders in the indexer.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister
+	LDAPIdentityProviderListerExpansion
+}
+
+// lDAPIdentityProviderLister implements the LDAPIdentityProviderLister interface.
+type lDAPIdentityProviderLister struct {
+	indexer cache.Indexer
+}
+
+// NewLDAPIdentityProviderLister returns a new LDAPIdentityProviderLister.
+func NewLDAPIdentityProviderLister(indexer cache.Indexer) LDAPIdentityProviderLister {
+	return &lDAPIdentityProviderLister{indexer: indexer}
+}
+
+// List lists all LDAPIdentityProviders in the indexer.
+func (s *lDAPIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+func (s *lDAPIdentityProviderLister) LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister {
+	return lDAPIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// LDAPIdentityProviderNamespaceLister helps list and get LDAPIdentityProviders.
+type LDAPIdentityProviderNamespaceLister interface {
+	// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+	Get(name string) (*v1alpha1.LDAPIdentityProvider, error)
+	LDAPIdentityProviderNamespaceListerExpansion
+}
+
+// lDAPIdentityProviderNamespaceLister implements the LDAPIdentityProviderNamespaceLister
+// interface.
+type lDAPIdentityProviderNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+func (s lDAPIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+func (s lDAPIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("ldapidentityprovider"), name)
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), nil
+}

generated/1.17/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -0,0 +1,86 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: ldapidentityproviders.idp.supervisor.pinniped.dev
+spec:
+  group: idp.supervisor.pinniped.dev
+  names:
+    categories:
+    - pinniped
+    - pinniped-idp
+    - pinniped-idps
+    kind: LDAPIdentityProvider
+    listKind: LDAPIdentityProviderList
+    plural: ldapidentityproviders
+    singular: ldapidentityprovider
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.host
+      name: Host
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LDAPIdentityProvider describes the configuration of an upstream
+          Lightweight Directory Access Protocol (LDAP) identity provider.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec for configuring the identity provider.
+            properties:
+              host:
+                description: 'Host is the hostname of this LDAP identity provider,
+                  i.e., where to connect. For example: ldap.example.com:636.'
+                minLength: 1
+                type: string
+            required:
+            - host
+            type: object
+          status:
+            description: Status of the identity provider.
+            properties:
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the LDAPIdentityProvider.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

generated/1.18/README.adoc

@@ -688,6 +688,62 @@ Condition status of a resource (mirrored from the metav1.Condition type added in
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityprovider"]
+==== LDAPIdentityProvider 
+
+LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access Protocol (LDAP) identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityproviderlist[$$LDAPIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec[$$LDAPIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus[$$LDAPIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec"]
+==== LDAPIdentityProviderSpec 
+
+Spec for configuring an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`host`* __string__ | Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus"]
+==== LDAPIdentityProviderStatus 
+
+Status of an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`phase`* __LDAPIdentityProviderPhase__ | Phase summarizes the overall status of the LDAPIdentityProvider.
+|===
+
+
 [id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig"]
 ==== OIDCAuthorizationConfig 
 

generated/1.18/apis/supervisor/idp/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.18/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

generated/1.18/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go

@@ -28,6 +28,99 @@ func (in *Condition) DeepCopy() *Condition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
+func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]LDAPIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
+func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
+func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
+func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
 	*out = *in

generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go

@@ -15,6 +15,10 @@ type FakeIDPV1alpha1 struct {
 	*testing.Fake
 }
 
+func (c *FakeIDPV1alpha1) LDAPIdentityProviders(namespace string) v1alpha1.LDAPIdentityProviderInterface {
+	return &FakeLDAPIdentityProviders{c, namespace}
+}
+
 func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface {
 	return &FakeOIDCIdentityProviders{c, namespace}
 }

generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_ldapidentityprovider.go

@@ -0,0 +1,129 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeLDAPIdentityProviders implements LDAPIdentityProviderInterface
+type FakeLDAPIdentityProviders struct {
+	Fake *FakeIDPV1alpha1
+	ns   string
+}
+
+var ldapidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "ldapidentityproviders"}
+
+var ldapidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "LDAPIdentityProvider"}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *FakeLDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *FakeLDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(ldapidentityprovidersResource, ldapidentityprovidersKind, c.ns, opts), &v1alpha1.LDAPIdentityProviderList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.LDAPIdentityProviderList{ListMeta: obj.(*v1alpha1.LDAPIdentityProviderList).ListMeta}
+	for _, item := range obj.(*v1alpha1.LDAPIdentityProviderList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *FakeLDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(ldapidentityprovidersResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeLDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(ldapidentityprovidersResource, "status", c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *FakeLDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeLDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(ldapidentityprovidersResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.LDAPIdentityProviderList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *FakeLDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(ldapidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}

generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go

@@ -5,4 +5,6 @@
 
 package v1alpha1
 
+type LDAPIdentityProviderExpansion interface{}
+
 type OIDCIdentityProviderExpansion interface{}

generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go

@@ -13,6 +13,7 @@ import (
 
 type IDPV1alpha1Interface interface {
 	RESTClient() rest.Interface
+	LDAPIdentityProvidersGetter
 	OIDCIdentityProvidersGetter
 }
 
@@ -21,6 +22,10 @@ type IDPV1alpha1Client struct {
 	restClient rest.Interface
 }
 
+func (c *IDPV1alpha1Client) LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface {
+	return newLDAPIdentityProviders(c, namespace)
+}
+
 func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface {
 	return newOIDCIdentityProviders(c, namespace)
 }

generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,182 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
+	scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// LDAPIdentityProvidersGetter has a method to return a LDAPIdentityProviderInterface.
+// A group's client should implement this interface.
+type LDAPIdentityProvidersGetter interface {
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface
+}
+
+// LDAPIdentityProviderInterface has methods to work with LDAPIdentityProvider resources.
+type LDAPIdentityProviderInterface interface {
+	Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.LDAPIdentityProviderList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error)
+	LDAPIdentityProviderExpansion
+}
+
+// lDAPIdentityProviders implements LDAPIdentityProviderInterface
+type lDAPIdentityProviders struct {
+	client rest.Interface
+	ns     string
+}
+
+// newLDAPIdentityProviders returns a LDAPIdentityProviders
+func newLDAPIdentityProviders(c *IDPV1alpha1Client, namespace string) *lDAPIdentityProviders {
+	return &lDAPIdentityProviders{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *lDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *lDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.LDAPIdentityProviderList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *lDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *lDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *lDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *lDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *lDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

generated/1.18/client/supervisor/informers/externalversions/generic.go

@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
+	case idpv1alpha1.SchemeGroupVersion.WithResource("ldapidentityproviders"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().LDAPIdentityProviders().Informer()}, nil
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 

generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go

@@ -11,6 +11,8 @@ import (
 
 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+	LDAPIdentityProviders() LDAPIdentityProviderInformer
 	// OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 	OIDCIdentityProviders() OIDCIdentityProviderInformer
 }
@@ -26,6 +28,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }
 
+// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+func (v *version) LDAPIdentityProviders() LDAPIdentityProviderInformer {
+	return &lDAPIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer {
 	return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,77 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
+	versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned"
+	internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
+	v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderInformer provides access to a shared informer and lister for
+// LDAPIdentityProviders.
+type LDAPIdentityProviderInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.LDAPIdentityProviderLister
+}
+
+type lDAPIdentityProviderInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&idpv1alpha1.LDAPIdentityProvider{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *lDAPIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *lDAPIdentityProviderInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&idpv1alpha1.LDAPIdentityProvider{}, f.defaultInformer)
+}
+
+func (f *lDAPIdentityProviderInformer) Lister() v1alpha1.LDAPIdentityProviderLister {
+	return v1alpha1.NewLDAPIdentityProviderLister(f.Informer().GetIndexer())
+}

generated/1.18/client/supervisor/listers/idp/v1alpha1/expansion_generated.go

@@ -5,6 +5,14 @@
 
 package v1alpha1
 
+// LDAPIdentityProviderListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderLister.
+type LDAPIdentityProviderListerExpansion interface{}
+
+// LDAPIdentityProviderNamespaceListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderNamespaceLister.
+type LDAPIdentityProviderNamespaceListerExpansion interface{}
+
 // OIDCIdentityProviderListerExpansion allows custom methods to be added to
 // OIDCIdentityProviderLister.
 type OIDCIdentityProviderListerExpansion interface{}

generated/1.18/client/supervisor/listers/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,81 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderLister helps list LDAPIdentityProviders.
+type LDAPIdentityProviderLister interface {
+	// List lists all LDAPIdentityProviders in the indexer.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister
+	LDAPIdentityProviderListerExpansion
+}
+
+// lDAPIdentityProviderLister implements the LDAPIdentityProviderLister interface.
+type lDAPIdentityProviderLister struct {
+	indexer cache.Indexer
+}
+
+// NewLDAPIdentityProviderLister returns a new LDAPIdentityProviderLister.
+func NewLDAPIdentityProviderLister(indexer cache.Indexer) LDAPIdentityProviderLister {
+	return &lDAPIdentityProviderLister{indexer: indexer}
+}
+
+// List lists all LDAPIdentityProviders in the indexer.
+func (s *lDAPIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+func (s *lDAPIdentityProviderLister) LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister {
+	return lDAPIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// LDAPIdentityProviderNamespaceLister helps list and get LDAPIdentityProviders.
+type LDAPIdentityProviderNamespaceLister interface {
+	// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+	Get(name string) (*v1alpha1.LDAPIdentityProvider, error)
+	LDAPIdentityProviderNamespaceListerExpansion
+}
+
+// lDAPIdentityProviderNamespaceLister implements the LDAPIdentityProviderNamespaceLister
+// interface.
+type lDAPIdentityProviderNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+func (s lDAPIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+func (s lDAPIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("ldapidentityprovider"), name)
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), nil
+}

generated/1.18/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -0,0 +1,86 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: ldapidentityproviders.idp.supervisor.pinniped.dev
+spec:
+  group: idp.supervisor.pinniped.dev
+  names:
+    categories:
+    - pinniped
+    - pinniped-idp
+    - pinniped-idps
+    kind: LDAPIdentityProvider
+    listKind: LDAPIdentityProviderList
+    plural: ldapidentityproviders
+    singular: ldapidentityprovider
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.host
+      name: Host
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LDAPIdentityProvider describes the configuration of an upstream
+          Lightweight Directory Access Protocol (LDAP) identity provider.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec for configuring the identity provider.
+            properties:
+              host:
+                description: 'Host is the hostname of this LDAP identity provider,
+                  i.e., where to connect. For example: ldap.example.com:636.'
+                minLength: 1
+                type: string
+            required:
+            - host
+            type: object
+          status:
+            description: Status of the identity provider.
+            properties:
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the LDAPIdentityProvider.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

generated/1.19/README.adoc

@@ -688,6 +688,62 @@ Condition status of a resource (mirrored from the metav1.Condition type added in
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityprovider"]
+==== LDAPIdentityProvider 
+
+LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access Protocol (LDAP) identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityproviderlist[$$LDAPIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec[$$LDAPIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus[$$LDAPIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec"]
+==== LDAPIdentityProviderSpec 
+
+Spec for configuring an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`host`* __string__ | Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus"]
+==== LDAPIdentityProviderStatus 
+
+Status of an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`phase`* __LDAPIdentityProviderPhase__ | Phase summarizes the overall status of the LDAPIdentityProvider.
+|===
+
+
 [id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig"]
 ==== OIDCAuthorizationConfig 
 

generated/1.19/apis/supervisor/idp/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.19/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

generated/1.19/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go

@@ -28,6 +28,99 @@ func (in *Condition) DeepCopy() *Condition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
+func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]LDAPIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
+func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
+func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
+func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
 	*out = *in

generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go

@@ -15,6 +15,10 @@ type FakeIDPV1alpha1 struct {
 	*testing.Fake
 }
 
+func (c *FakeIDPV1alpha1) LDAPIdentityProviders(namespace string) v1alpha1.LDAPIdentityProviderInterface {
+	return &FakeLDAPIdentityProviders{c, namespace}
+}
+
 func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface {
 	return &FakeOIDCIdentityProviders{c, namespace}
 }

generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_ldapidentityprovider.go

@@ -0,0 +1,129 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeLDAPIdentityProviders implements LDAPIdentityProviderInterface
+type FakeLDAPIdentityProviders struct {
+	Fake *FakeIDPV1alpha1
+	ns   string
+}
+
+var ldapidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "ldapidentityproviders"}
+
+var ldapidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "LDAPIdentityProvider"}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *FakeLDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *FakeLDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(ldapidentityprovidersResource, ldapidentityprovidersKind, c.ns, opts), &v1alpha1.LDAPIdentityProviderList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.LDAPIdentityProviderList{ListMeta: obj.(*v1alpha1.LDAPIdentityProviderList).ListMeta}
+	for _, item := range obj.(*v1alpha1.LDAPIdentityProviderList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *FakeLDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(ldapidentityprovidersResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeLDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(ldapidentityprovidersResource, "status", c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *FakeLDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeLDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(ldapidentityprovidersResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.LDAPIdentityProviderList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *FakeLDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(ldapidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}

generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go

@@ -5,4 +5,6 @@
 
 package v1alpha1
 
+type LDAPIdentityProviderExpansion interface{}
+
 type OIDCIdentityProviderExpansion interface{}

generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go

@@ -13,6 +13,7 @@ import (
 
 type IDPV1alpha1Interface interface {
 	RESTClient() rest.Interface
+	LDAPIdentityProvidersGetter
 	OIDCIdentityProvidersGetter
 }
 
@@ -21,6 +22,10 @@ type IDPV1alpha1Client struct {
 	restClient rest.Interface
 }
 
+func (c *IDPV1alpha1Client) LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface {
+	return newLDAPIdentityProviders(c, namespace)
+}
+
 func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface {
 	return newOIDCIdentityProviders(c, namespace)
 }

generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,182 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
+	scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// LDAPIdentityProvidersGetter has a method to return a LDAPIdentityProviderInterface.
+// A group's client should implement this interface.
+type LDAPIdentityProvidersGetter interface {
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface
+}
+
+// LDAPIdentityProviderInterface has methods to work with LDAPIdentityProvider resources.
+type LDAPIdentityProviderInterface interface {
+	Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.LDAPIdentityProviderList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error)
+	LDAPIdentityProviderExpansion
+}
+
+// lDAPIdentityProviders implements LDAPIdentityProviderInterface
+type lDAPIdentityProviders struct {
+	client rest.Interface
+	ns     string
+}
+
+// newLDAPIdentityProviders returns a LDAPIdentityProviders
+func newLDAPIdentityProviders(c *IDPV1alpha1Client, namespace string) *lDAPIdentityProviders {
+	return &lDAPIdentityProviders{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *lDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *lDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.LDAPIdentityProviderList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *lDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *lDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *lDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *lDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *lDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

generated/1.19/client/supervisor/informers/externalversions/generic.go

@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
+	case idpv1alpha1.SchemeGroupVersion.WithResource("ldapidentityproviders"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().LDAPIdentityProviders().Informer()}, nil
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 

generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go

@@ -11,6 +11,8 @@ import (
 
 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+	LDAPIdentityProviders() LDAPIdentityProviderInformer
 	// OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 	OIDCIdentityProviders() OIDCIdentityProviderInformer
 }
@@ -26,6 +28,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }
 
+// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+func (v *version) LDAPIdentityProviders() LDAPIdentityProviderInformer {
+	return &lDAPIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer {
 	return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,77 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
+	versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned"
+	internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
+	v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderInformer provides access to a shared informer and lister for
+// LDAPIdentityProviders.
+type LDAPIdentityProviderInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.LDAPIdentityProviderLister
+}
+
+type lDAPIdentityProviderInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&idpv1alpha1.LDAPIdentityProvider{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *lDAPIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *lDAPIdentityProviderInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&idpv1alpha1.LDAPIdentityProvider{}, f.defaultInformer)
+}
+
+func (f *lDAPIdentityProviderInformer) Lister() v1alpha1.LDAPIdentityProviderLister {
+	return v1alpha1.NewLDAPIdentityProviderLister(f.Informer().GetIndexer())
+}

generated/1.19/client/supervisor/listers/idp/v1alpha1/expansion_generated.go

@@ -5,6 +5,14 @@
 
 package v1alpha1
 
+// LDAPIdentityProviderListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderLister.
+type LDAPIdentityProviderListerExpansion interface{}
+
+// LDAPIdentityProviderNamespaceListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderNamespaceLister.
+type LDAPIdentityProviderNamespaceListerExpansion interface{}
+
 // OIDCIdentityProviderListerExpansion allows custom methods to be added to
 // OIDCIdentityProviderLister.
 type OIDCIdentityProviderListerExpansion interface{}

generated/1.19/client/supervisor/listers/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,86 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderLister helps list LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderLister interface {
+	// List lists all LDAPIdentityProviders in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister
+	LDAPIdentityProviderListerExpansion
+}
+
+// lDAPIdentityProviderLister implements the LDAPIdentityProviderLister interface.
+type lDAPIdentityProviderLister struct {
+	indexer cache.Indexer
+}
+
+// NewLDAPIdentityProviderLister returns a new LDAPIdentityProviderLister.
+func NewLDAPIdentityProviderLister(indexer cache.Indexer) LDAPIdentityProviderLister {
+	return &lDAPIdentityProviderLister{indexer: indexer}
+}
+
+// List lists all LDAPIdentityProviders in the indexer.
+func (s *lDAPIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+func (s *lDAPIdentityProviderLister) LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister {
+	return lDAPIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// LDAPIdentityProviderNamespaceLister helps list and get LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderNamespaceLister interface {
+	// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha1.LDAPIdentityProvider, error)
+	LDAPIdentityProviderNamespaceListerExpansion
+}
+
+// lDAPIdentityProviderNamespaceLister implements the LDAPIdentityProviderNamespaceLister
+// interface.
+type lDAPIdentityProviderNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+func (s lDAPIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+func (s lDAPIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("ldapidentityprovider"), name)
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), nil
+}

generated/1.19/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -0,0 +1,86 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: ldapidentityproviders.idp.supervisor.pinniped.dev
+spec:
+  group: idp.supervisor.pinniped.dev
+  names:
+    categories:
+    - pinniped
+    - pinniped-idp
+    - pinniped-idps
+    kind: LDAPIdentityProvider
+    listKind: LDAPIdentityProviderList
+    plural: ldapidentityproviders
+    singular: ldapidentityprovider
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.host
+      name: Host
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LDAPIdentityProvider describes the configuration of an upstream
+          Lightweight Directory Access Protocol (LDAP) identity provider.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec for configuring the identity provider.
+            properties:
+              host:
+                description: 'Host is the hostname of this LDAP identity provider,
+                  i.e., where to connect. For example: ldap.example.com:636.'
+                minLength: 1
+                type: string
+            required:
+            - host
+            type: object
+          status:
+            description: Status of the identity provider.
+            properties:
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the LDAPIdentityProvider.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

generated/1.20/README.adoc

@@ -688,6 +688,62 @@ Condition status of a resource (mirrored from the metav1.Condition type added in
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityprovider"]
+==== LDAPIdentityProvider 
+
+LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access Protocol (LDAP) identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityproviderlist[$$LDAPIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec[$$LDAPIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus[$$LDAPIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityproviderspec"]
+==== LDAPIdentityProviderSpec 
+
+Spec for configuring an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`host`* __string__ | Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityproviderstatus"]
+==== LDAPIdentityProviderStatus 
+
+Status of an LDAP identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-ldapidentityprovider[$$LDAPIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`phase`* __LDAPIdentityProviderPhase__ | Phase summarizes the overall status of the LDAPIdentityProvider.
+|===
+
+
 [id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig"]
 ==== OIDCAuthorizationConfig 
 

generated/1.20/apis/supervisor/idp/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.20/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

generated/1.20/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go

@@ -28,6 +28,99 @@ func (in *Condition) DeepCopy() *Condition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
+func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]LDAPIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
+func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
+func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
+func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
 	*out = *in

generated/1.20/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go

@@ -15,6 +15,10 @@ type FakeIDPV1alpha1 struct {
 	*testing.Fake
 }
 
+func (c *FakeIDPV1alpha1) LDAPIdentityProviders(namespace string) v1alpha1.LDAPIdentityProviderInterface {
+	return &FakeLDAPIdentityProviders{c, namespace}
+}
+
 func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface {
 	return &FakeOIDCIdentityProviders{c, namespace}
 }

generated/1.20/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_ldapidentityprovider.go

@@ -0,0 +1,129 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "go.pinniped.dev/generated/1.20/apis/supervisor/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeLDAPIdentityProviders implements LDAPIdentityProviderInterface
+type FakeLDAPIdentityProviders struct {
+	Fake *FakeIDPV1alpha1
+	ns   string
+}
+
+var ldapidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "ldapidentityproviders"}
+
+var ldapidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "LDAPIdentityProvider"}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *FakeLDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *FakeLDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(ldapidentityprovidersResource, ldapidentityprovidersKind, c.ns, opts), &v1alpha1.LDAPIdentityProviderList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.LDAPIdentityProviderList{ListMeta: obj.(*v1alpha1.LDAPIdentityProviderList).ListMeta}
+	for _, item := range obj.(*v1alpha1.LDAPIdentityProviderList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *FakeLDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(ldapidentityprovidersResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeLDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(ldapidentityprovidersResource, "status", c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *FakeLDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeLDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(ldapidentityprovidersResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.LDAPIdentityProviderList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *FakeLDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(ldapidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}

generated/1.20/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go

@@ -5,4 +5,6 @@
 
 package v1alpha1
 
+type LDAPIdentityProviderExpansion interface{}
+
 type OIDCIdentityProviderExpansion interface{}

generated/1.20/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go

@@ -13,6 +13,7 @@ import (
 
 type IDPV1alpha1Interface interface {
 	RESTClient() rest.Interface
+	LDAPIdentityProvidersGetter
 	OIDCIdentityProvidersGetter
 }
 
@@ -21,6 +22,10 @@ type IDPV1alpha1Client struct {
 	restClient rest.Interface
 }
 
+func (c *IDPV1alpha1Client) LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface {
+	return newLDAPIdentityProviders(c, namespace)
+}
+
 func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface {
 	return newOIDCIdentityProviders(c, namespace)
 }

generated/1.20/client/supervisor/clientset/versioned/typed/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,182 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1alpha1 "go.pinniped.dev/generated/1.20/apis/supervisor/idp/v1alpha1"
+	scheme "go.pinniped.dev/generated/1.20/client/supervisor/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// LDAPIdentityProvidersGetter has a method to return a LDAPIdentityProviderInterface.
+// A group's client should implement this interface.
+type LDAPIdentityProvidersGetter interface {
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface
+}
+
+// LDAPIdentityProviderInterface has methods to work with LDAPIdentityProvider resources.
+type LDAPIdentityProviderInterface interface {
+	Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.LDAPIdentityProviderList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error)
+	LDAPIdentityProviderExpansion
+}
+
+// lDAPIdentityProviders implements LDAPIdentityProviderInterface
+type lDAPIdentityProviders struct {
+	client rest.Interface
+	ns     string
+}
+
+// newLDAPIdentityProviders returns a LDAPIdentityProviders
+func newLDAPIdentityProviders(c *IDPV1alpha1Client, namespace string) *lDAPIdentityProviders {
+	return &lDAPIdentityProviders{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *lDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *lDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.LDAPIdentityProviderList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *lDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *lDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *lDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *lDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *lDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

generated/1.20/client/supervisor/informers/externalversions/generic.go

@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
+	case idpv1alpha1.SchemeGroupVersion.WithResource("ldapidentityproviders"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().LDAPIdentityProviders().Informer()}, nil
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 

generated/1.20/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go

@@ -11,6 +11,8 @@ import (
 
 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+	LDAPIdentityProviders() LDAPIdentityProviderInformer
 	// OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 	OIDCIdentityProviders() OIDCIdentityProviderInformer
 }
@@ -26,6 +28,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }
 
+// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+func (v *version) LDAPIdentityProviders() LDAPIdentityProviderInformer {
+	return &lDAPIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer {
 	return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

generated/1.20/client/supervisor/informers/externalversions/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,77 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	idpv1alpha1 "go.pinniped.dev/generated/1.20/apis/supervisor/idp/v1alpha1"
+	versioned "go.pinniped.dev/generated/1.20/client/supervisor/clientset/versioned"
+	internalinterfaces "go.pinniped.dev/generated/1.20/client/supervisor/informers/externalversions/internalinterfaces"
+	v1alpha1 "go.pinniped.dev/generated/1.20/client/supervisor/listers/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderInformer provides access to a shared informer and lister for
+// LDAPIdentityProviders.
+type LDAPIdentityProviderInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.LDAPIdentityProviderLister
+}
+
+type lDAPIdentityProviderInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&idpv1alpha1.LDAPIdentityProvider{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *lDAPIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *lDAPIdentityProviderInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&idpv1alpha1.LDAPIdentityProvider{}, f.defaultInformer)
+}
+
+func (f *lDAPIdentityProviderInformer) Lister() v1alpha1.LDAPIdentityProviderLister {
+	return v1alpha1.NewLDAPIdentityProviderLister(f.Informer().GetIndexer())
+}

generated/1.20/client/supervisor/listers/idp/v1alpha1/expansion_generated.go

@@ -5,6 +5,14 @@
 
 package v1alpha1
 
+// LDAPIdentityProviderListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderLister.
+type LDAPIdentityProviderListerExpansion interface{}
+
+// LDAPIdentityProviderNamespaceListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderNamespaceLister.
+type LDAPIdentityProviderNamespaceListerExpansion interface{}
+
 // OIDCIdentityProviderListerExpansion allows custom methods to be added to
 // OIDCIdentityProviderLister.
 type OIDCIdentityProviderListerExpansion interface{}

generated/1.20/client/supervisor/listers/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,86 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/1.20/apis/supervisor/idp/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderLister helps list LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderLister interface {
+	// List lists all LDAPIdentityProviders in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister
+	LDAPIdentityProviderListerExpansion
+}
+
+// lDAPIdentityProviderLister implements the LDAPIdentityProviderLister interface.
+type lDAPIdentityProviderLister struct {
+	indexer cache.Indexer
+}
+
+// NewLDAPIdentityProviderLister returns a new LDAPIdentityProviderLister.
+func NewLDAPIdentityProviderLister(indexer cache.Indexer) LDAPIdentityProviderLister {
+	return &lDAPIdentityProviderLister{indexer: indexer}
+}
+
+// List lists all LDAPIdentityProviders in the indexer.
+func (s *lDAPIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+func (s *lDAPIdentityProviderLister) LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister {
+	return lDAPIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// LDAPIdentityProviderNamespaceLister helps list and get LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderNamespaceLister interface {
+	// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha1.LDAPIdentityProvider, error)
+	LDAPIdentityProviderNamespaceListerExpansion
+}
+
+// lDAPIdentityProviderNamespaceLister implements the LDAPIdentityProviderNamespaceLister
+// interface.
+type lDAPIdentityProviderNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+func (s lDAPIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+func (s lDAPIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("ldapidentityprovider"), name)
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), nil
+}

generated/1.20/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -0,0 +1,86 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: ldapidentityproviders.idp.supervisor.pinniped.dev
+spec:
+  group: idp.supervisor.pinniped.dev
+  names:
+    categories:
+    - pinniped
+    - pinniped-idp
+    - pinniped-idps
+    kind: LDAPIdentityProvider
+    listKind: LDAPIdentityProviderList
+    plural: ldapidentityproviders
+    singular: ldapidentityprovider
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.host
+      name: Host
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: LDAPIdentityProvider describes the configuration of an upstream
+          Lightweight Directory Access Protocol (LDAP) identity provider.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec for configuring the identity provider.
+            properties:
+              host:
+                description: 'Host is the hostname of this LDAP identity provider,
+                  i.e., where to connect. For example: ldap.example.com:636.'
+                minLength: 1
+                type: string
+            required:
+            - host
+            type: object
+          status:
+            description: Status of the identity provider.
+            properties:
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the LDAPIdentityProvider.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

generated/latest/apis/supervisor/idp/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&OIDCIdentityProvider{},
 		&OIDCIdentityProviderList{},
+		&LDAPIdentityProvider{},
+		&LDAPIdentityProviderList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/latest/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -0,0 +1,65 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LDAPIdentityProviderPhase string
+
+const (
+	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
+	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
+
+	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
+	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
+
+	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
+	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
+)
+
+// Status of an LDAP identity provider.
+type LDAPIdentityProviderStatus struct {
+	// Phase summarizes the overall status of the LDAPIdentityProvider.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
+}
+
+// Spec for configuring an LDAP identity provider.
+type LDAPIdentityProviderSpec struct {
+	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
+	// +kubebuilder:validation:MinLength=1
+	Host string `json:"host"`
+}
+
+// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
+// Protocol (LDAP) identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
+// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:subresource:status
+type LDAPIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec LDAPIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of LDAPIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type LDAPIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []LDAPIdentityProvider `json:"items"`
+}

generated/latest/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go

@@ -28,6 +28,99 @@ func (in *Condition) DeepCopy() *Condition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
+func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]LDAPIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
+func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
+func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
+func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(LDAPIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
 	*out = *in

generated/latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go

@@ -15,6 +15,10 @@ type FakeIDPV1alpha1 struct {
 	*testing.Fake
 }
 
+func (c *FakeIDPV1alpha1) LDAPIdentityProviders(namespace string) v1alpha1.LDAPIdentityProviderInterface {
+	return &FakeLDAPIdentityProviders{c, namespace}
+}
+
 func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface {
 	return &FakeOIDCIdentityProviders{c, namespace}
 }

generated/latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_ldapidentityprovider.go

@@ -0,0 +1,129 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeLDAPIdentityProviders implements LDAPIdentityProviderInterface
+type FakeLDAPIdentityProviders struct {
+	Fake *FakeIDPV1alpha1
+	ns   string
+}
+
+var ldapidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "ldapidentityproviders"}
+
+var ldapidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "LDAPIdentityProvider"}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *FakeLDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *FakeLDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(ldapidentityprovidersResource, ldapidentityprovidersKind, c.ns, opts), &v1alpha1.LDAPIdentityProviderList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.LDAPIdentityProviderList{ListMeta: obj.(*v1alpha1.LDAPIdentityProviderList).ListMeta}
+	for _, item := range obj.(*v1alpha1.LDAPIdentityProviderList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *FakeLDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(ldapidentityprovidersResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *FakeLDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(ldapidentityprovidersResource, c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeLDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateSubresourceAction(ldapidentityprovidersResource, "status", c.ns, lDAPIdentityProvider), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *FakeLDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteAction(ldapidentityprovidersResource, c.ns, name), &v1alpha1.LDAPIdentityProvider{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeLDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(ldapidentityprovidersResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.LDAPIdentityProviderList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *FakeLDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(ldapidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.LDAPIdentityProvider{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), err
+}

generated/latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go

@@ -5,4 +5,6 @@
 
 package v1alpha1
 
+type LDAPIdentityProviderExpansion interface{}
+
 type OIDCIdentityProviderExpansion interface{}

generated/latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go

@@ -13,6 +13,7 @@ import (
 
 type IDPV1alpha1Interface interface {
 	RESTClient() rest.Interface
+	LDAPIdentityProvidersGetter
 	OIDCIdentityProvidersGetter
 }
 
@@ -21,6 +22,10 @@ type IDPV1alpha1Client struct {
 	restClient rest.Interface
 }
 
+func (c *IDPV1alpha1Client) LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface {
+	return newLDAPIdentityProviders(c, namespace)
+}
+
 func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface {
 	return newOIDCIdentityProviders(c, namespace)
 }

generated/latest/client/supervisor/clientset/versioned/typed/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,182 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
+	scheme "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// LDAPIdentityProvidersGetter has a method to return a LDAPIdentityProviderInterface.
+// A group's client should implement this interface.
+type LDAPIdentityProvidersGetter interface {
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderInterface
+}
+
+// LDAPIdentityProviderInterface has methods to work with LDAPIdentityProvider resources.
+type LDAPIdentityProviderInterface interface {
+	Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.LDAPIdentityProvider, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.LDAPIdentityProviderList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error)
+	LDAPIdentityProviderExpansion
+}
+
+// lDAPIdentityProviders implements LDAPIdentityProviderInterface
+type lDAPIdentityProviders struct {
+	client rest.Interface
+	ns     string
+}
+
+// newLDAPIdentityProviders returns a LDAPIdentityProviders
+func newLDAPIdentityProviders(c *IDPV1alpha1Client, namespace string) *lDAPIdentityProviders {
+	return &lDAPIdentityProviders{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the lDAPIdentityProvider, and returns the corresponding lDAPIdentityProvider object, and an error if there is any.
+func (c *lDAPIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of LDAPIdentityProviders that match those selectors.
+func (c *lDAPIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.LDAPIdentityProviderList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.LDAPIdentityProviderList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested lDAPIdentityProviders.
+func (c *lDAPIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a lDAPIdentityProvider and creates it.  Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Create(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a lDAPIdentityProvider and updates it. Returns the server's representation of the lDAPIdentityProvider, and an error, if there is any.
+func (c *lDAPIdentityProviders) Update(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *lDAPIdentityProviders) UpdateStatus(ctx context.Context, lDAPIdentityProvider *v1alpha1.LDAPIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(lDAPIdentityProvider.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(lDAPIdentityProvider).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the lDAPIdentityProvider and deletes it. Returns an error if one occurs.
+func (c *lDAPIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *lDAPIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched lDAPIdentityProvider.
+func (c *lDAPIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.LDAPIdentityProvider, err error) {
+	result = &v1alpha1.LDAPIdentityProvider{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("ldapidentityproviders").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

generated/latest/client/supervisor/informers/externalversions/generic.go

@@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
+	case idpv1alpha1.SchemeGroupVersion.WithResource("ldapidentityproviders"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().LDAPIdentityProviders().Informer()}, nil
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 

generated/latest/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go

@@ -11,6 +11,8 @@ import (
 
 // Interface provides access to all the informers in this group version.
 type Interface interface {
+	// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+	LDAPIdentityProviders() LDAPIdentityProviderInformer
 	// OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 	OIDCIdentityProviders() OIDCIdentityProviderInformer
 }
@@ -26,6 +28,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
 }
 
+// LDAPIdentityProviders returns a LDAPIdentityProviderInformer.
+func (v *version) LDAPIdentityProviders() LDAPIdentityProviderInformer {
+	return &lDAPIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
 // OIDCIdentityProviders returns a OIDCIdentityProviderInformer.
 func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer {
 	return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

generated/latest/client/supervisor/informers/externalversions/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,77 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
+	versioned "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned"
+	internalinterfaces "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions/internalinterfaces"
+	v1alpha1 "go.pinniped.dev/generated/latest/client/supervisor/listers/idp/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderInformer provides access to a shared informer and lister for
+// LDAPIdentityProviders.
+type LDAPIdentityProviderInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.LDAPIdentityProviderLister
+}
+
+type lDAPIdentityProviderInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredLDAPIdentityProviderInformer constructs a new informer for LDAPIdentityProvider type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredLDAPIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.IDPV1alpha1().LDAPIdentityProviders(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&idpv1alpha1.LDAPIdentityProvider{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *lDAPIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredLDAPIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *lDAPIdentityProviderInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&idpv1alpha1.LDAPIdentityProvider{}, f.defaultInformer)
+}
+
+func (f *lDAPIdentityProviderInformer) Lister() v1alpha1.LDAPIdentityProviderLister {
+	return v1alpha1.NewLDAPIdentityProviderLister(f.Informer().GetIndexer())
+}

generated/latest/client/supervisor/listers/idp/v1alpha1/expansion_generated.go

@@ -5,6 +5,14 @@
 
 package v1alpha1
 
+// LDAPIdentityProviderListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderLister.
+type LDAPIdentityProviderListerExpansion interface{}
+
+// LDAPIdentityProviderNamespaceListerExpansion allows custom methods to be added to
+// LDAPIdentityProviderNamespaceLister.
+type LDAPIdentityProviderNamespaceListerExpansion interface{}
+
 // OIDCIdentityProviderListerExpansion allows custom methods to be added to
 // OIDCIdentityProviderLister.
 type OIDCIdentityProviderListerExpansion interface{}

generated/latest/client/supervisor/listers/idp/v1alpha1/ldapidentityprovider.go

@@ -0,0 +1,86 @@
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// LDAPIdentityProviderLister helps list LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderLister interface {
+	// List lists all LDAPIdentityProviders in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+	LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister
+	LDAPIdentityProviderListerExpansion
+}
+
+// lDAPIdentityProviderLister implements the LDAPIdentityProviderLister interface.
+type lDAPIdentityProviderLister struct {
+	indexer cache.Indexer
+}
+
+// NewLDAPIdentityProviderLister returns a new LDAPIdentityProviderLister.
+func NewLDAPIdentityProviderLister(indexer cache.Indexer) LDAPIdentityProviderLister {
+	return &lDAPIdentityProviderLister{indexer: indexer}
+}
+
+// List lists all LDAPIdentityProviders in the indexer.
+func (s *lDAPIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// LDAPIdentityProviders returns an object that can list and get LDAPIdentityProviders.
+func (s *lDAPIdentityProviderLister) LDAPIdentityProviders(namespace string) LDAPIdentityProviderNamespaceLister {
+	return lDAPIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// LDAPIdentityProviderNamespaceLister helps list and get LDAPIdentityProviders.
+// All objects returned here must be treated as read-only.
+type LDAPIdentityProviderNamespaceLister interface {
+	// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error)
+	// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha1.LDAPIdentityProvider, error)
+	LDAPIdentityProviderNamespaceListerExpansion
+}
+
+// lDAPIdentityProviderNamespaceLister implements the LDAPIdentityProviderNamespaceLister
+// interface.
+type lDAPIdentityProviderNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all LDAPIdentityProviders in the indexer for a given namespace.
+func (s lDAPIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.LDAPIdentityProvider, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.LDAPIdentityProvider))
+	})
+	return ret, err
+}
+
+// Get retrieves the LDAPIdentityProvider from the indexer for a given namespace and name.
+func (s lDAPIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.LDAPIdentityProvider, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("ldapidentityprovider"), name)
+	}
+	return obj.(*v1alpha1.LDAPIdentityProvider), nil
+}

test/integration/kube_api_discovery_test.go

@@ -170,6 +170,20 @@ func TestGetAPIResourceList(t *testing.T) {
 						Kind:       "OIDCIdentityProvider",
 						Verbs:      []string{"get", "patch", "update"},
 					},
+					{
+						Name:         "ldapidentityproviders",
+						SingularName: "ldapidentityprovider",
+						Namespaced:   true,
+						Kind:         "LDAPIdentityProvider",
+						Verbs:        []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
+						Categories:   []string{"pinniped", "pinniped-idp", "pinniped-idps"},
+					},
+					{
+						Name:       "ldapidentityproviders/status",
+						Namespaced: true,
+						Kind:       "LDAPIdentityProvider",
+						Verbs:      []string{"get", "patch", "update"},
+					},
 				},
 			},
 		},

test/integration/supervisor_login_test.go

@@ -17,12 +17,11 @@ import (
 	"testing"
 	"time"
 
-	v1 "k8s.io/api/core/v1"
-
 	coreosoidc "github.com/coreos/go-oidc/v3/oidc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/oauth2"
+	v1 "k8s.io/api/core/v1"
 
 	configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
@@ -37,6 +36,52 @@ import (
 )
 
 func TestSupervisorLogin(t *testing.T) {
+	tests := []struct {
+		name                 string
+		createIDP            func(t *testing.T)
+		requestAuthorization func(t *testing.T, downstreamAuthorizeURL, downstreamCallbackURL string)
+	}{
+		{
+			name: "oidc",
+			createIDP: func(t *testing.T) {
+				t.Helper()
+				env := library.IntegrationEnv(t)
+				library.CreateTestOIDCIdentityProvider(t, idpv1alpha1.OIDCIdentityProviderSpec{
+					Issuer: env.SupervisorTestUpstream.Issuer,
+					TLS: &idpv1alpha1.TLSSpec{
+						CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),
+					},
+					Client: idpv1alpha1.OIDCClient{
+						SecretName: library.CreateClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,
+					},
+				}, idpv1alpha1.PhaseReady)
+			},
+			requestAuthorization: requestAuthorizationUsingOIDCIdentityProvider,
+		},
+		{
+			name: "ldap",
+			createIDP: func(t *testing.T) {
+				t.Helper()
+				library.CreateTestLDAPIdentityProvider(t, idpv1alpha1.LDAPIdentityProviderSpec{
+					Host: "something",
+				}, "") // TODO: this should be Ready!
+			},
+			requestAuthorization: requestAuthorizationUsingLDAPIdentityProvider,
+		},
+	}
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			testSupervisorLogin(t, test.createIDP, test.requestAuthorization)
+		})
+	}
+}
+
+func testSupervisorLogin(
+	t *testing.T,
+	createIDP func(t *testing.T),
+	requestAuthorization func(t *testing.T, downstreamAuthorizeURL, downstreamCallbackURL string),
+) {
 	env := library.IntegrationEnv(t)
 
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
@@ -119,16 +164,8 @@ func TestSupervisorLogin(t *testing.T) {
 	}, 30*time.Second, 200*time.Millisecond)
 	require.Equal(t, http.StatusOK, jwksRequestStatus)
 
-	// Create upstream OIDC provider and wait for it to become ready.
-	library.CreateTestOIDCIdentityProvider(t, idpv1alpha1.OIDCIdentityProviderSpec{
-		Issuer: env.SupervisorTestUpstream.Issuer,
-		TLS: &idpv1alpha1.TLSSpec{
-			CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),
-		},
-		Client: idpv1alpha1.OIDCClient{
-			SecretName: library.CreateClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,
-		},
-	}, idpv1alpha1.PhaseReady)
+	// Create upstream IDP and wait for it to become ready.
+	createIDP(t)
 
 	// Perform OIDC discovery for our downstream.
 	var discovery *coreosoidc.Provider
@@ -172,18 +209,8 @@ func TestSupervisorLogin(t *testing.T) {
 	require.NoError(t, authorizeResp.Body.Close())
 	expectSecurityHeaders(t, authorizeResp)
 
-	// Open the web browser and navigate to the downstream authorize URL.
-	page := browsertest.Open(t)
-	t.Logf("opening browser to downstream authorize URL %s", library.MaskTokens(downstreamAuthorizeURL))
-	require.NoError(t, page.Navigate(downstreamAuthorizeURL))
-
-	// Expect to be redirected to the upstream provider and log in.
-	browsertest.LoginToUpstream(t, page, env.SupervisorTestUpstream)
-
-	// Wait for the login to happen and us be redirected back to a localhost callback.
-	t.Logf("waiting for redirect to callback")
-	callbackURLPattern := regexp.MustCompile(`\A` + regexp.QuoteMeta(localCallbackServer.URL) + `\?.+\z`)
-	browsertest.WaitForURL(t, page, callbackURLPattern)
+	// Perform parameterized auth code acquisition.
+	requestAuthorization(t, downstreamAuthorizeURL, localCallbackServer.URL)
 
 	// Expect that our callback handler was invoked.
 	callback := localCallbackServer.waitForCallback(10 * time.Second)
@@ -269,6 +296,29 @@ func verifyTokenResponse(
 	require.NotEmpty(t, tokenResponse.RefreshToken)
 }
 
+func requestAuthorizationUsingOIDCIdentityProvider(t *testing.T, downstreamAuthorizeURL, downstreamCallbackURL string) {
+	t.Helper()
+	env := library.IntegrationEnv(t)
+
+	// Open the web browser and navigate to the downstream authorize URL.
+	page := browsertest.Open(t)
+	t.Logf("opening browser to downstream authorize URL %s", library.MaskTokens(downstreamAuthorizeURL))
+	require.NoError(t, page.Navigate(downstreamAuthorizeURL))
+
+	// Expect to be redirected to the upstream provider and log in.
+	browsertest.LoginToUpstream(t, page, env.SupervisorTestUpstream)
+
+	// Wait for the login to happen and us be redirected back to a localhost callback.
+	t.Logf("waiting for redirect to callback")
+	callbackURLPattern := regexp.MustCompile(`\A` + regexp.QuoteMeta(downstreamCallbackURL) + `\?.+\z`)
+	browsertest.WaitForURL(t, page, callbackURLPattern)
+}
+
+func requestAuthorizationUsingLDAPIdentityProvider(t *testing.T, downstreamAuthorizeURL, downstreamCallbackURL string) {
+	t.Helper()
+	t.Skip("implement me!")
+}
+
 func startLocalCallbackServer(t *testing.T) *localCallbackServer {
 	// Handle the callback by sending the *http.Request object back through a channel.
 	callbacks := make(chan *http.Request, 1)

test/library/client.go

@@ -377,7 +377,7 @@ func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityP
 	upstreams := client.IDPV1alpha1().OIDCIdentityProviders(env.SupervisorNamespace)
 
 	created, err := upstreams.Create(ctx, &idpv1alpha1.OIDCIdentityProvider{
-		ObjectMeta: testObjectMeta(t, "upstream"),
+		ObjectMeta: testObjectMeta(t, "upstream-oidc-idp"),
 		Spec:       spec,
 	}, metav1.CreateOptions{})
 	require.NoError(t, err)
@@ -401,6 +401,41 @@ func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityP
 	return result
 }
 
+func CreateTestLDAPIdentityProvider(t *testing.T, spec idpv1alpha1.LDAPIdentityProviderSpec, expectedPhase idpv1alpha1.LDAPIdentityProviderPhase) *idpv1alpha1.LDAPIdentityProvider {
+	t.Helper()
+	env := IntegrationEnv(t)
+	client := NewSupervisorClientset(t)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer cancel()
+
+	// Create the LDAPIdentityProvider using GenerateName to get a random name.
+	upstreams := client.IDPV1alpha1().LDAPIdentityProviders(env.SupervisorNamespace)
+
+	created, err := upstreams.Create(ctx, &idpv1alpha1.LDAPIdentityProvider{
+		ObjectMeta: testObjectMeta(t, "upstream-ldap-idp"),
+		Spec:       spec,
+	}, metav1.CreateOptions{})
+	require.NoError(t, err)
+
+	// Always clean this up after this point.
+	t.Cleanup(func() {
+		t.Logf("cleaning up test LDAPIdentityProvider %s/%s", created.Namespace, created.Name)
+		err := upstreams.Delete(context.Background(), created.Name, metav1.DeleteOptions{})
+		require.NoError(t, err)
+	})
+	t.Logf("created test LDAPIdentityProvider %s", created.Name)
+
+	// Wait for the LDAPIdentityProvider to enter the expected phase (or time out).
+	var result *idpv1alpha1.LDAPIdentityProvider
+	require.Eventuallyf(t, func() bool {
+		var err error
+		result, err = upstreams.Get(ctx, created.Name, metav1.GetOptions{})
+		require.NoError(t, err)
+		return result.Status.Phase == expectedPhase
+	}, 60*time.Second, 1*time.Second, "expected the LDAPIdentityProvider to go into phase %s", expectedPhase)
+	return result
+}
+
 func CreateTestClusterRoleBinding(t *testing.T, subject rbacv1.Subject, roleRef rbacv1.RoleRef) *rbacv1.ClusterRoleBinding {
 	t.Helper()
 	client := NewKubernetesClientset(t)