diff --git a/component/ldap.libsonnet b/component/ldap.libsonnet
index 82a5c97..aee72e7 100644
--- a/component/ldap.libsonnet
+++ b/component/ldap.libsonnet
@@ -64,10 +64,10 @@ local syncConfig(namespace, idp, sa) =
     com.namespaced(namespace, kube.Secret(name) {
       stringData: {
         [files.config]: std.manifestYamlDoc(syncCfg),
-        [files.blacklist_sync]: if std.objectHas(idp.ldap.sync, 'blacklist-sync') then idp.ldap.sync.blacklist_sync else '',
-        [files.blacklist_prune]: if std.objectHas(idp.ldap.sync, 'blacklist-prune') then idp.ldap.sync.blacklist_prune else '',
-        [files.whitelist_sync]: if std.objectHas(idp.ldap.sync, 'whitelist-sync') then idp.ldap.sync.whitelist_sync else '',
-        [files.whitelist_prune]: if std.objectHas(idp.ldap.sync, 'whitelist-prune') then idp.ldap.sync.whitelist_prune else '',
+        [files.blacklist_sync]: if std.objectHas(idp.ldap.sync, 'blacklist_sync') then idp.ldap.sync.blacklist_sync else '',
+        [files.blacklist_prune]: if std.objectHas(idp.ldap.sync, 'blacklist_prune') then idp.ldap.sync.blacklist_prune else '',
+        [files.whitelist_sync]: if std.objectHas(idp.ldap.sync, 'whitelist_sync') then idp.ldap.sync.whitelist_sync else '',
+        [files.whitelist_prune]: if std.objectHas(idp.ldap.sync, 'whitelist_prune') then idp.ldap.sync.whitelist_prune else '',
       },
     }),
 
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
index 565e039..ac58f24 100644
--- a/docs/modules/ROOT/pages/references/parameters.adoc
+++ b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -93,9 +93,9 @@ identityProviders:
   custom-ldap:
     ldap:
       sync:
-        whitelist-sync: |-
+        whitelist_sync: |-
           CN=cluster-access,OU=Groups,DC=myldap,DC=local
-        whitelist-prune: |-
+        whitelist_prune: |-
           cluster-access
 ----
 ====
diff --git a/tests/defaults.yml b/tests/defaults.yml
index d57ce09..0108bcb 100644
--- a/tests/defaults.yml
+++ b/tests/defaults.yml
@@ -47,6 +47,10 @@ parameters:
             -----BEGIN CERTIFICATE-----
             -----END CERTIFICATE-----
           sync:
+            whitelist_sync: |-
+              cn=cluster-access,ou=idp,dc=company,dc=tld
+            whitelist_prune: |-
+              cluster-access
             rfc2307:
               groupsQuery:
                 baseDN: ou=Groups,dc=company,dc=tld
diff --git a/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml b/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml
index 1659eeb..2ab04d6 100644
--- a/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml
+++ b/tests/golden/defaults/openshift4-authentication/openshift4-authentication/20_ldap_sync.yaml
@@ -97,8 +97,8 @@ stringData:
         "pageSize": 0
         "scope": "sub"
     "url": "ldaps://ldap.company.tld:636/ou=services,dc=company,dc=tld?uid"
-  whitelist-prune.txt: ''
-  whitelist-sync.txt: ''
+  whitelist-prune.txt: cluster-access
+  whitelist-sync.txt: cn=cluster-access,ou=idp,dc=company,dc=tld
 type: Opaque
 ---
 apiVersion: batch/v1