artifactory.LdapSetting
Explore with Pulumi AI
This resource can be used to manage Artifactory’s LDAP settings for user authentication.
When specified LDAP setting is active, Artifactory first attempts to authenticate the user against the LDAP server. If LDAP authentication fails, it then tries to authenticate via its internal database.
~>The artifactory.LdapSetting
resource utilizes endpoints which are blocked/removed in SaaS environments (i.e. in Artifactory online), rendering this resource incompatible with Artifactory SaaS environments.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as artifactory from "@pulumi/artifactory";
// Configure Artifactory LDAP setting
const ldapName = new artifactory.LdapSetting("ldap_name", {
key: "ldap_name",
enabled: true,
ldapUrl: "ldap://ldap_server_url",
userDnPattern: "uid={0},ou=People",
emailAttribute: "mail",
autoCreateUser: true,
ldapPoisoningProtection: true,
allowUserToAccessProfile: false,
pagingSupportEnabled: false,
searchFilter: "(uid={0})",
searchBase: "ou=users",
searchSubTree: true,
managerDn: "mgr_dn",
managerPassword: "mgr_passwd_random",
});
import pulumi
import pulumi_artifactory as artifactory
# Configure Artifactory LDAP setting
ldap_name = artifactory.LdapSetting("ldap_name",
key="ldap_name",
enabled=True,
ldap_url="ldap://ldap_server_url",
user_dn_pattern="uid={0},ou=People",
email_attribute="mail",
auto_create_user=True,
ldap_poisoning_protection=True,
allow_user_to_access_profile=False,
paging_support_enabled=False,
search_filter="(uid={0})",
search_base="ou=users",
search_sub_tree=True,
manager_dn="mgr_dn",
manager_password="mgr_passwd_random")
package main
import (
"github.com/pulumi/pulumi-artifactory/sdk/v8/go/artifactory"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Configure Artifactory LDAP setting
_, err := artifactory.NewLdapSetting(ctx, "ldap_name", &artifactory.LdapSettingArgs{
Key: pulumi.String("ldap_name"),
Enabled: pulumi.Bool(true),
LdapUrl: pulumi.String("ldap://ldap_server_url"),
UserDnPattern: pulumi.String("uid={0},ou=People"),
EmailAttribute: pulumi.String("mail"),
AutoCreateUser: pulumi.Bool(true),
LdapPoisoningProtection: pulumi.Bool(true),
AllowUserToAccessProfile: pulumi.Bool(false),
PagingSupportEnabled: pulumi.Bool(false),
SearchFilter: pulumi.String("(uid={0})"),
SearchBase: pulumi.String("ou=users"),
SearchSubTree: pulumi.Bool(true),
ManagerDn: pulumi.String("mgr_dn"),
ManagerPassword: pulumi.String("mgr_passwd_random"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Artifactory = Pulumi.Artifactory;
return await Deployment.RunAsync(() =>
{
// Configure Artifactory LDAP setting
var ldapName = new Artifactory.LdapSetting("ldap_name", new()
{
Key = "ldap_name",
Enabled = true,
LdapUrl = "ldap://ldap_server_url",
UserDnPattern = "uid={0},ou=People",
EmailAttribute = "mail",
AutoCreateUser = true,
LdapPoisoningProtection = true,
AllowUserToAccessProfile = false,
PagingSupportEnabled = false,
SearchFilter = "(uid={0})",
SearchBase = "ou=users",
SearchSubTree = true,
ManagerDn = "mgr_dn",
ManagerPassword = "mgr_passwd_random",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.artifactory.LdapSetting;
import com.pulumi.artifactory.LdapSettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Configure Artifactory LDAP setting
var ldapName = new LdapSetting("ldapName", LdapSettingArgs.builder()
.key("ldap_name")
.enabled(true)
.ldapUrl("ldap://ldap_server_url")
.userDnPattern("uid={0},ou=People")
.emailAttribute("mail")
.autoCreateUser(true)
.ldapPoisoningProtection(true)
.allowUserToAccessProfile(false)
.pagingSupportEnabled(false)
.searchFilter("(uid={0})")
.searchBase("ou=users")
.searchSubTree(true)
.managerDn("mgr_dn")
.managerPassword("mgr_passwd_random")
.build());
}
}
resources:
# Configure Artifactory LDAP setting
ldapName:
type: artifactory:LdapSetting
name: ldap_name
properties:
key: ldap_name
enabled: true
ldapUrl: ldap://ldap_server_url
userDnPattern: uid={0},ou=People
emailAttribute: mail
autoCreateUser: true
ldapPoisoningProtection: true
allowUserToAccessProfile: false
pagingSupportEnabled: false
searchFilter: (uid={0})
searchBase: ou=users
searchSubTree: true
managerDn: mgr_dn
managerPassword: mgr_passwd_random
Note: Key
argument has to match to the resource name.
Reference Link: JFrog LDAP
Create LdapSetting Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LdapSetting(name: string, args: LdapSettingArgs, opts?: CustomResourceOptions);
@overload
def LdapSetting(resource_name: str,
args: LdapSettingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def LdapSetting(resource_name: str,
opts: Optional[ResourceOptions] = None,
key: Optional[str] = None,
ldap_url: Optional[str] = None,
enabled: Optional[bool] = None,
allow_user_to_access_profile: Optional[bool] = None,
email_attribute: Optional[str] = None,
ldap_poisoning_protection: Optional[bool] = None,
auto_create_user: Optional[bool] = None,
manager_dn: Optional[str] = None,
manager_password: Optional[str] = None,
paging_support_enabled: Optional[bool] = None,
search_base: Optional[str] = None,
search_filter: Optional[str] = None,
search_sub_tree: Optional[bool] = None,
user_dn_pattern: Optional[str] = None)
func NewLdapSetting(ctx *Context, name string, args LdapSettingArgs, opts ...ResourceOption) (*LdapSetting, error)
public LdapSetting(string name, LdapSettingArgs args, CustomResourceOptions? opts = null)
public LdapSetting(String name, LdapSettingArgs args)
public LdapSetting(String name, LdapSettingArgs args, CustomResourceOptions options)
type: artifactory:LdapSetting
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LdapSettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LdapSettingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LdapSettingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LdapSettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LdapSettingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ldapSettingResource = new Artifactory.LdapSetting("ldapSettingResource", new()
{
Key = "string",
LdapUrl = "string",
Enabled = false,
AllowUserToAccessProfile = false,
EmailAttribute = "string",
LdapPoisoningProtection = false,
AutoCreateUser = false,
ManagerDn = "string",
ManagerPassword = "string",
PagingSupportEnabled = false,
SearchBase = "string",
SearchFilter = "string",
SearchSubTree = false,
UserDnPattern = "string",
});
example, err := artifactory.NewLdapSetting(ctx, "ldapSettingResource", &artifactory.LdapSettingArgs{
Key: pulumi.String("string"),
LdapUrl: pulumi.String("string"),
Enabled: pulumi.Bool(false),
AllowUserToAccessProfile: pulumi.Bool(false),
EmailAttribute: pulumi.String("string"),
LdapPoisoningProtection: pulumi.Bool(false),
AutoCreateUser: pulumi.Bool(false),
ManagerDn: pulumi.String("string"),
ManagerPassword: pulumi.String("string"),
PagingSupportEnabled: pulumi.Bool(false),
SearchBase: pulumi.String("string"),
SearchFilter: pulumi.String("string"),
SearchSubTree: pulumi.Bool(false),
UserDnPattern: pulumi.String("string"),
})
var ldapSettingResource = new LdapSetting("ldapSettingResource", LdapSettingArgs.builder()
.key("string")
.ldapUrl("string")
.enabled(false)
.allowUserToAccessProfile(false)
.emailAttribute("string")
.ldapPoisoningProtection(false)
.autoCreateUser(false)
.managerDn("string")
.managerPassword("string")
.pagingSupportEnabled(false)
.searchBase("string")
.searchFilter("string")
.searchSubTree(false)
.userDnPattern("string")
.build());
ldap_setting_resource = artifactory.LdapSetting("ldapSettingResource",
key="string",
ldap_url="string",
enabled=False,
allow_user_to_access_profile=False,
email_attribute="string",
ldap_poisoning_protection=False,
auto_create_user=False,
manager_dn="string",
manager_password="string",
paging_support_enabled=False,
search_base="string",
search_filter="string",
search_sub_tree=False,
user_dn_pattern="string")
const ldapSettingResource = new artifactory.LdapSetting("ldapSettingResource", {
key: "string",
ldapUrl: "string",
enabled: false,
allowUserToAccessProfile: false,
emailAttribute: "string",
ldapPoisoningProtection: false,
autoCreateUser: false,
managerDn: "string",
managerPassword: "string",
pagingSupportEnabled: false,
searchBase: "string",
searchFilter: "string",
searchSubTree: false,
userDnPattern: "string",
});
type: artifactory:LdapSetting
properties:
allowUserToAccessProfile: false
autoCreateUser: false
emailAttribute: string
enabled: false
key: string
ldapPoisoningProtection: false
ldapUrl: string
managerDn: string
managerPassword: string
pagingSupportEnabled: false
searchBase: string
searchFilter: string
searchSubTree: false
userDnPattern: string
LdapSetting Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The LdapSetting resource accepts the following input properties:
- Key string
- The unique ID of the LDAP setting.
- Ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- Allow
User boolTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - Auto
Create boolUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - Email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- Enabled bool
- When set, these settings are enabled. Default value is
true
. - Ldap
Poisoning boolProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - Manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- Manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- Paging
Support boolEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - Search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- Search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- Search
Sub boolTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - User
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- Key string
- The unique ID of the LDAP setting.
- Ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- Allow
User boolTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - Auto
Create boolUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - Email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- Enabled bool
- When set, these settings are enabled. Default value is
true
. - Ldap
Poisoning boolProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - Manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- Manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- Paging
Support boolEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - Search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- Search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- Search
Sub boolTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - User
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- key String
- The unique ID of the LDAP setting.
- ldap
Url String - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- allow
User BooleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create BooleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute String - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled Boolean
- When set, these settings are enabled. Default value is
true
. - ldap
Poisoning BooleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - manager
Dn String - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password String - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support BooleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base String - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter String - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub BooleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn StringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- key string
- The unique ID of the LDAP setting.
- ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- allow
User booleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create booleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled boolean
- When set, these settings are enabled. Default value is
true
. - ldap
Poisoning booleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support booleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub booleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- key str
- The unique ID of the LDAP setting.
- ldap_
url str - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- allow_
user_ boolto_ access_ profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto_
create_ booluser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email_
attribute str - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled bool
- When set, these settings are enabled. Default value is
true
. - ldap_
poisoning_ boolprotection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - manager_
dn str - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager_
password str - The password of the user binding to the LDAP server when using "search" authentication.
- paging_
support_ boolenabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search_
base str - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search_
filter str - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search_
sub_ booltree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user_
dn_ strpattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- key String
- The unique ID of the LDAP setting.
- ldap
Url String - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- allow
User BooleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create BooleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute String - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled Boolean
- When set, these settings are enabled. Default value is
true
. - ldap
Poisoning BooleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - manager
Dn String - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password String - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support BooleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base String - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter String - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub BooleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn StringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
Outputs
All input properties are implicitly available as output properties. Additionally, the LdapSetting resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing LdapSetting Resource
Get an existing LdapSetting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LdapSettingState, opts?: CustomResourceOptions): LdapSetting
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_user_to_access_profile: Optional[bool] = None,
auto_create_user: Optional[bool] = None,
email_attribute: Optional[str] = None,
enabled: Optional[bool] = None,
key: Optional[str] = None,
ldap_poisoning_protection: Optional[bool] = None,
ldap_url: Optional[str] = None,
manager_dn: Optional[str] = None,
manager_password: Optional[str] = None,
paging_support_enabled: Optional[bool] = None,
search_base: Optional[str] = None,
search_filter: Optional[str] = None,
search_sub_tree: Optional[bool] = None,
user_dn_pattern: Optional[str] = None) -> LdapSetting
func GetLdapSetting(ctx *Context, name string, id IDInput, state *LdapSettingState, opts ...ResourceOption) (*LdapSetting, error)
public static LdapSetting Get(string name, Input<string> id, LdapSettingState? state, CustomResourceOptions? opts = null)
public static LdapSetting get(String name, Output<String> id, LdapSettingState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
User boolTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - Auto
Create boolUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - Email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- Enabled bool
- When set, these settings are enabled. Default value is
true
. - Key string
- The unique ID of the LDAP setting.
- Ldap
Poisoning boolProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - Ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- Manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- Manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- Paging
Support boolEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - Search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- Search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- Search
Sub boolTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - User
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- Allow
User boolTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - Auto
Create boolUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - Email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- Enabled bool
- When set, these settings are enabled. Default value is
true
. - Key string
- The unique ID of the LDAP setting.
- Ldap
Poisoning boolProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - Ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- Manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- Manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- Paging
Support boolEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - Search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- Search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- Search
Sub boolTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - User
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- allow
User BooleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create BooleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute String - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled Boolean
- When set, these settings are enabled. Default value is
true
. - key String
- The unique ID of the LDAP setting.
- ldap
Poisoning BooleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - ldap
Url String - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- manager
Dn String - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password String - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support BooleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base String - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter String - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub BooleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn StringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- allow
User booleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create booleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute string - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled boolean
- When set, these settings are enabled. Default value is
true
. - key string
- The unique ID of the LDAP setting.
- ldap
Poisoning booleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - ldap
Url string - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- manager
Dn string - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password string - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support booleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base string - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter string - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub booleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn stringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- allow_
user_ boolto_ access_ profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto_
create_ booluser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email_
attribute str - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled bool
- When set, these settings are enabled. Default value is
true
. - key str
- The unique ID of the LDAP setting.
- ldap_
poisoning_ boolprotection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - ldap_
url str - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- manager_
dn str - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager_
password str - The password of the user binding to the LDAP server when using "search" authentication.
- paging_
support_ boolenabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search_
base str - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search_
filter str - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search_
sub_ booltree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user_
dn_ strpattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
- allow
User BooleanTo Access Profile - When set, users created after logging in using LDAP will be able to access their profile page. Default value is
false
. - auto
Create BooleanUser - When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. Default value is
true
. - email
Attribute String - An attribute that can be used to map a user's email address to a user created automatically in Artifactory. Default value is
mail
.- Note: If blank/empty string input was set for email_attribute, Default value
mail
takes effect. This is to match with Artifactory behavior.
- Note: If blank/empty string input was set for email_attribute, Default value
- enabled Boolean
- When set, these settings are enabled. Default value is
true
. - key String
- The unique ID of the LDAP setting.
- ldap
Poisoning BooleanProtection - Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. Default value is
true
. - ldap
Url String - Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users.
- manager
Dn String - The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.
- manager
Password String - The password of the user binding to the LDAP server when using "search" authentication.
- paging
Support BooleanEnabled - When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. Default value is
true
. - search
Base String - The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ).
- search
Filter String - A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both)
- search
Sub BooleanTree - When set, enables deep search through the sub-tree of the LDAP URL + Search Base. Default value is
true
. - user
Dn StringPattern - A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory). For example: uid={0},ou=People. Default value is blank/empty.
- Note: LDAP settings should provide a userDnPattern or a searchFilter (or both).
Import
LDAP setting can be imported using the key, e.g.
$ pulumi import artifactory:index/ldapSetting:LdapSetting ldap_name ldap_name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- artifactory pulumi/pulumi-artifactory
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
artifactory
Terraform Provider.