diff --git a/mycloud-mail-stalwart/templates/authentik-application.yaml b/mycloud-mail-stalwart/templates/authentik-application.yaml
index 958f113..75abe6f 100644
--- a/mycloud-mail-stalwart/templates/authentik-application.yaml
+++ b/mycloud-mail-stalwart/templates/authentik-application.yaml
@@ -40,11 +40,15 @@ spec:
         type: "ldap"
         name: "Mail-Stalwart"
         ldap:
-          token: {{ .Values.auth.LDAPToken | default (derivePassword 1 "long" .Values.commons.masterPassword "stalwart-mail" "auth.token") | quote }}
+          token: {{ .Values.auth.ldap.token | default (derivePassword 1 "long" .Values.commons.masterPassword "stalwart-mail" "auth.token") | quote }}
 
       groups:
         - slug: "mycloud - users"
           bindID: "4525d9a3-1853-45dc-adc0-6d411a3a907e"
+      users:
+        - username: {{ .Values.auth.ldap.bind.username | default (printf "%s-ldap" .Release.Name) | quote }}
+          groups:
+            - "mycloud - users"
 
       application:
         policyEngineMode: "any"
diff --git a/mycloud-mail-stalwart/values.yaml b/mycloud-mail-stalwart/values.yaml
index 0094351..888043e 100644
--- a/mycloud-mail-stalwart/values.yaml
+++ b/mycloud-mail-stalwart/values.yaml
@@ -96,8 +96,12 @@ commons:
       endpoint: "tempo.monitoring.svc:4317"
 
 auth:
-  # -- generated by .Values.commons.masterPassword
-  LDAPToken:
+  ldap:
+    # -- WARNING must be set after generated in Artifactory(generated by .Values.commons.masterPassword)
+    token:
+    bind:
+      username:
+      password:
 
 admin:
   # -- fallback admin password (default: generated by .Values.commons.masterPassword)