So I created a /etc/ood/dex/config.yaml, the non-LDAP part of which is:
issuer: https://lightshare.cshl.edu:5554
storage:
type: sqlite3
config:
file: "/etc/ood/dex/dex.db"
web:
http: 0.0.0.0:5556
https: 0.0.0.0:5554
tlsCert: "/etc/ood/dex/cshl.edu.crt"
tlsKey: "/etc/ood/dex/cshl.edu.key"
telemetry:
http: 0.0.0.0:5558
staticClients:
- id: lightshare.cshl.edu
redirectURIs:
- https://lightshare.cshl.edu/oidc
name: OnDemand
secret: "/etc/ood/dex/ondemand.secret"
connectors:
- type: ldap
<snip>
That get ondemand-dex running, but reloading the page gives an internal server error, with this in the apache log:
[Tue May 10 14:05:45.449202 2022] [auth_openidc:error] [pid 2106852:tid 140057406928640] [client 143.48.8.161:63181] oidc_util_http_call: curl_easy_perform() failed on: https://lightshare.cshl.edu:5554/.well-known/openid-configuration (Failed to connect to lightshare.cshl.edu port 5554: Connection refused)
[Tue May 10 14:05:45.449275 2022] [auth_openidc:error] [pid 2106852:tid 140057406928640] [client 143.48.8.161:63181] oidc_provider_static_config: could not retrieve metadata from url: https://lightshare.cshl.edu:5554/.well-known/openid-configuration
I left the old dex stuff in /etc/ood/config/ood_portal.yml alone; not sure what that file is being used for now.
The documentation needs some attention 