fortios.user.Ldap
Explore with Pulumi AI
Configure LDAP server entries.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.user.Ldap("trname", {
accountKeyFilter: "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
accountKeyProcessing: "same",
cnid: "cn",
dn: "EIWNCIEW",
groupMemberCheck: "user-attr",
groupObjectFilter: "(&(objectcategory=group)(member=*))",
memberAttr: "memberOf",
passwordExpiryWarning: "disable",
passwordRenewal: "disable",
port: 389,
secure: "disable",
server: "1.1.1.1",
serverIdentityCheck: "disable",
sourceIp: "0.0.0.0",
sslMinProtoVersion: "default",
type: "simple",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.user.Ldap("trname",
account_key_filter="(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
account_key_processing="same",
cnid="cn",
dn="EIWNCIEW",
group_member_check="user-attr",
group_object_filter="(&(objectcategory=group)(member=*))",
member_attr="memberOf",
password_expiry_warning="disable",
password_renewal="disable",
port=389,
secure="disable",
server="1.1.1.1",
server_identity_check="disable",
source_ip="0.0.0.0",
ssl_min_proto_version="default",
type="simple")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/user"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := user.NewLdap(ctx, "trname", &user.LdapArgs{
AccountKeyFilter: pulumi.String("(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"),
AccountKeyProcessing: pulumi.String("same"),
Cnid: pulumi.String("cn"),
Dn: pulumi.String("EIWNCIEW"),
GroupMemberCheck: pulumi.String("user-attr"),
GroupObjectFilter: pulumi.String("(&(objectcategory=group)(member=*))"),
MemberAttr: pulumi.String("memberOf"),
PasswordExpiryWarning: pulumi.String("disable"),
PasswordRenewal: pulumi.String("disable"),
Port: pulumi.Int(389),
Secure: pulumi.String("disable"),
Server: pulumi.String("1.1.1.1"),
ServerIdentityCheck: pulumi.String("disable"),
SourceIp: pulumi.String("0.0.0.0"),
SslMinProtoVersion: pulumi.String("default"),
Type: pulumi.String("simple"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.User.Ldap("trname", new()
{
AccountKeyFilter = "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
AccountKeyProcessing = "same",
Cnid = "cn",
Dn = "EIWNCIEW",
GroupMemberCheck = "user-attr",
GroupObjectFilter = "(&(objectcategory=group)(member=*))",
MemberAttr = "memberOf",
PasswordExpiryWarning = "disable",
PasswordRenewal = "disable",
Port = 389,
Secure = "disable",
Server = "1.1.1.1",
ServerIdentityCheck = "disable",
SourceIp = "0.0.0.0",
SslMinProtoVersion = "default",
Type = "simple",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.user.Ldap;
import com.pulumi.fortios.user.LdapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Ldap("trname", LdapArgs.builder()
.accountKeyFilter("(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))")
.accountKeyProcessing("same")
.cnid("cn")
.dn("EIWNCIEW")
.groupMemberCheck("user-attr")
.groupObjectFilter("(&(objectcategory=group)(member=*))")
.memberAttr("memberOf")
.passwordExpiryWarning("disable")
.passwordRenewal("disable")
.port(389)
.secure("disable")
.server("1.1.1.1")
.serverIdentityCheck("disable")
.sourceIp("0.0.0.0")
.sslMinProtoVersion("default")
.type("simple")
.build());
}
}
resources:
trname:
type: fortios:user:Ldap
properties:
accountKeyFilter: (&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
accountKeyProcessing: same
cnid: cn
dn: EIWNCIEW
groupMemberCheck: user-attr
groupObjectFilter: (&(objectcategory=group)(member=*))
memberAttr: memberOf
passwordExpiryWarning: disable
passwordRenewal: disable
port: 389
secure: disable
server: 1.1.1.1
serverIdentityCheck: disable
sourceIp: 0.0.0.0
sslMinProtoVersion: default
type: simple
Create Ldap Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Ldap(name: string, args: LdapArgs, opts?: CustomResourceOptions);
@overload
def Ldap(resource_name: str,
args: LdapArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Ldap(resource_name: str,
opts: Optional[ResourceOptions] = None,
dn: Optional[str] = None,
server: Optional[str] = None,
password_attr: Optional[str] = None,
two_factor_filter: Optional[str] = None,
antiphish: Optional[str] = None,
ca_cert: Optional[str] = None,
client_cert: Optional[str] = None,
client_cert_auth: Optional[str] = None,
account_key_cert_field: Optional[str] = None,
account_key_processing: Optional[str] = None,
group_filter: Optional[str] = None,
group_member_check: Optional[str] = None,
group_object_filter: Optional[str] = None,
group_search_base: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
member_attr: Optional[str] = None,
name: Optional[str] = None,
obtain_user_info: Optional[str] = None,
password_renewal: Optional[str] = None,
cnid: Optional[str] = None,
account_key_upn_san: Optional[str] = None,
password: Optional[str] = None,
port: Optional[int] = None,
search_type: Optional[str] = None,
secondary_server: Optional[str] = None,
secure: Optional[str] = None,
account_key_filter: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
source_port: Optional[int] = None,
ssl_min_proto_version: Optional[str] = None,
status_ttl: Optional[int] = None,
tertiary_server: Optional[str] = None,
two_factor: Optional[str] = None,
two_factor_authentication: Optional[str] = None,
password_expiry_warning: Optional[str] = None,
two_factor_notification: Optional[str] = None,
type: Optional[str] = None,
user_info_exchange_server: Optional[str] = None,
username: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewLdap(ctx *Context, name string, args LdapArgs, opts ...ResourceOption) (*Ldap, error)
public Ldap(string name, LdapArgs args, CustomResourceOptions? opts = null)
type: fortios:user:Ldap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LdapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LdapArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LdapArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LdapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LdapArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ldapResource = new Fortios.User.Ldap("ldapResource", new()
{
Dn = "string",
Server = "string",
PasswordAttr = "string",
TwoFactorFilter = "string",
Antiphish = "string",
CaCert = "string",
ClientCert = "string",
ClientCertAuth = "string",
AccountKeyCertField = "string",
AccountKeyProcessing = "string",
GroupFilter = "string",
GroupMemberCheck = "string",
GroupObjectFilter = "string",
GroupSearchBase = "string",
Interface = "string",
InterfaceSelectMethod = "string",
MemberAttr = "string",
Name = "string",
ObtainUserInfo = "string",
PasswordRenewal = "string",
Cnid = "string",
AccountKeyUpnSan = "string",
Password = "string",
Port = 0,
SearchType = "string",
SecondaryServer = "string",
Secure = "string",
AccountKeyFilter = "string",
ServerIdentityCheck = "string",
SourceIp = "string",
SourcePort = 0,
SslMinProtoVersion = "string",
StatusTtl = 0,
TertiaryServer = "string",
TwoFactor = "string",
TwoFactorAuthentication = "string",
PasswordExpiryWarning = "string",
TwoFactorNotification = "string",
Type = "string",
UserInfoExchangeServer = "string",
Username = "string",
Vdomparam = "string",
});
example, err := user.NewLdap(ctx, "ldapResource", &user.LdapArgs{
Dn: pulumi.String("string"),
Server: pulumi.String("string"),
PasswordAttr: pulumi.String("string"),
TwoFactorFilter: pulumi.String("string"),
Antiphish: pulumi.String("string"),
CaCert: pulumi.String("string"),
ClientCert: pulumi.String("string"),
ClientCertAuth: pulumi.String("string"),
AccountKeyCertField: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
GroupFilter: pulumi.String("string"),
GroupMemberCheck: pulumi.String("string"),
GroupObjectFilter: pulumi.String("string"),
GroupSearchBase: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MemberAttr: pulumi.String("string"),
Name: pulumi.String("string"),
ObtainUserInfo: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
Cnid: pulumi.String("string"),
AccountKeyUpnSan: pulumi.String("string"),
Password: pulumi.String("string"),
Port: pulumi.Int(0),
SearchType: pulumi.String("string"),
SecondaryServer: pulumi.String("string"),
Secure: pulumi.String("string"),
AccountKeyFilter: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourcePort: pulumi.Int(0),
SslMinProtoVersion: pulumi.String("string"),
StatusTtl: pulumi.Int(0),
TertiaryServer: pulumi.String("string"),
TwoFactor: pulumi.String("string"),
TwoFactorAuthentication: pulumi.String("string"),
PasswordExpiryWarning: pulumi.String("string"),
TwoFactorNotification: pulumi.String("string"),
Type: pulumi.String("string"),
UserInfoExchangeServer: pulumi.String("string"),
Username: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
})
var ldapResource = new Ldap("ldapResource", LdapArgs.builder()
.dn("string")
.server("string")
.passwordAttr("string")
.twoFactorFilter("string")
.antiphish("string")
.caCert("string")
.clientCert("string")
.clientCertAuth("string")
.accountKeyCertField("string")
.accountKeyProcessing("string")
.groupFilter("string")
.groupMemberCheck("string")
.groupObjectFilter("string")
.groupSearchBase("string")
.interface_("string")
.interfaceSelectMethod("string")
.memberAttr("string")
.name("string")
.obtainUserInfo("string")
.passwordRenewal("string")
.cnid("string")
.accountKeyUpnSan("string")
.password("string")
.port(0)
.searchType("string")
.secondaryServer("string")
.secure("string")
.accountKeyFilter("string")
.serverIdentityCheck("string")
.sourceIp("string")
.sourcePort(0)
.sslMinProtoVersion("string")
.statusTtl(0)
.tertiaryServer("string")
.twoFactor("string")
.twoFactorAuthentication("string")
.passwordExpiryWarning("string")
.twoFactorNotification("string")
.type("string")
.userInfoExchangeServer("string")
.username("string")
.vdomparam("string")
.build());
ldap_resource = fortios.user.Ldap("ldapResource",
dn="string",
server="string",
password_attr="string",
two_factor_filter="string",
antiphish="string",
ca_cert="string",
client_cert="string",
client_cert_auth="string",
account_key_cert_field="string",
account_key_processing="string",
group_filter="string",
group_member_check="string",
group_object_filter="string",
group_search_base="string",
interface="string",
interface_select_method="string",
member_attr="string",
name="string",
obtain_user_info="string",
password_renewal="string",
cnid="string",
account_key_upn_san="string",
password="string",
port=0,
search_type="string",
secondary_server="string",
secure="string",
account_key_filter="string",
server_identity_check="string",
source_ip="string",
source_port=0,
ssl_min_proto_version="string",
status_ttl=0,
tertiary_server="string",
two_factor="string",
two_factor_authentication="string",
password_expiry_warning="string",
two_factor_notification="string",
type="string",
user_info_exchange_server="string",
username="string",
vdomparam="string")
const ldapResource = new fortios.user.Ldap("ldapResource", {
dn: "string",
server: "string",
passwordAttr: "string",
twoFactorFilter: "string",
antiphish: "string",
caCert: "string",
clientCert: "string",
clientCertAuth: "string",
accountKeyCertField: "string",
accountKeyProcessing: "string",
groupFilter: "string",
groupMemberCheck: "string",
groupObjectFilter: "string",
groupSearchBase: "string",
"interface": "string",
interfaceSelectMethod: "string",
memberAttr: "string",
name: "string",
obtainUserInfo: "string",
passwordRenewal: "string",
cnid: "string",
accountKeyUpnSan: "string",
password: "string",
port: 0,
searchType: "string",
secondaryServer: "string",
secure: "string",
accountKeyFilter: "string",
serverIdentityCheck: "string",
sourceIp: "string",
sourcePort: 0,
sslMinProtoVersion: "string",
statusTtl: 0,
tertiaryServer: "string",
twoFactor: "string",
twoFactorAuthentication: "string",
passwordExpiryWarning: "string",
twoFactorNotification: "string",
type: "string",
userInfoExchangeServer: "string",
username: "string",
vdomparam: "string",
});
type: fortios:user:Ldap
properties:
accountKeyCertField: string
accountKeyFilter: string
accountKeyProcessing: string
accountKeyUpnSan: string
antiphish: string
caCert: string
clientCert: string
clientCertAuth: string
cnid: string
dn: string
groupFilter: string
groupMemberCheck: string
groupObjectFilter: string
groupSearchBase: string
interface: string
interfaceSelectMethod: string
memberAttr: string
name: string
obtainUserInfo: string
password: string
passwordAttr: string
passwordExpiryWarning: string
passwordRenewal: string
port: 0
searchType: string
secondaryServer: string
secure: string
server: string
serverIdentityCheck: string
sourceIp: string
sourcePort: 0
sslMinProtoVersion: string
statusTtl: 0
tertiaryServer: string
twoFactor: string
twoFactorAuthentication: string
twoFactorFilter: string
twoFactorNotification: string
type: string
userInfoExchangeServer: string
username: string
vdomparam: string
Ldap Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Ldap resource accepts the following input properties:
- Dn string
- Distinguished name used to look up entries on the LDAP server.
- Server string
- LDAP server CN domain name or IP.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- Account
Key stringFilter - Account key filter, using the UPN as the search filter.
- Account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - Account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - Antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - Ca
Cert string - CA certificate name.
- Client
Cert string - Client certificate name.
- Client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - Cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- Group
Filter string - Filter used for group matching.
- Group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - Group
Object stringFilter - Filter used for group searching.
- Group
Search stringBase - Search base used for group searching.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Member
Attr string - Name of attribute from which to get group membership.
- Name string
- LDAP server entry name.
- Obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - Password string
- Password for initial binding.
- Password
Attr string - Name of attribute to get password hash.
- Password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - Password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - Port int
- Port to be used for communication with the LDAP server (default = 389).
- Search
Type string - Search type. Valid values:
recursive
. - Secondary
Server string - Secondary LDAP server CN domain name or IP.
- Secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - Server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP for communications to LDAP server.
- Source
Port int - Source port to be used for communication with the LDAP server.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- Two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - Two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - Two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- Two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - Type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - User
Info stringExchange Server - MS Exchange server from which to fetch user information.
- Username string
- Username (full DN) for initial binding.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Dn string
- Distinguished name used to look up entries on the LDAP server.
- Server string
- LDAP server CN domain name or IP.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- Account
Key stringFilter - Account key filter, using the UPN as the search filter.
- Account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - Account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - Antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - Ca
Cert string - CA certificate name.
- Client
Cert string - Client certificate name.
- Client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - Cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- Group
Filter string - Filter used for group matching.
- Group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - Group
Object stringFilter - Filter used for group searching.
- Group
Search stringBase - Search base used for group searching.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Member
Attr string - Name of attribute from which to get group membership.
- Name string
- LDAP server entry name.
- Obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - Password string
- Password for initial binding.
- Password
Attr string - Name of attribute to get password hash.
- Password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - Password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - Port int
- Port to be used for communication with the LDAP server (default = 389).
- Search
Type string - Search type. Valid values:
recursive
. - Secondary
Server string - Secondary LDAP server CN domain name or IP.
- Secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - Server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP for communications to LDAP server.
- Source
Port int - Source port to be used for communication with the LDAP server.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- Two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - Two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - Two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- Two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - Type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - User
Info stringExchange Server - MS Exchange server from which to fetch user information.
- Username string
- Username (full DN) for initial binding.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- dn String
- Distinguished name used to look up entries on the LDAP server.
- server String
- LDAP server CN domain name or IP.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key StringFilter - Account key filter, using the UPN as the search filter.
- account
Key StringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key StringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish String
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert String - CA certificate name.
- client
Cert String - Client certificate name.
- client
Cert StringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid String
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- group
Filter String - Filter used for group matching.
- group
Member StringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object StringFilter - Filter used for group searching.
- group
Search StringBase - Search base used for group searching.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- member
Attr String - Name of attribute from which to get group membership.
- name String
- LDAP server entry name.
- obtain
User StringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password String
- Password for initial binding.
- password
Attr String - Name of attribute to get password hash.
- password
Expiry StringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal String - Enable/disable online password renewal. Valid values:
enable
,disable
. - port Integer
- Port to be used for communication with the LDAP server (default = 389).
- search
Type String - Search type. Valid values:
recursive
. - secondary
Server String - Secondary LDAP server CN domain name or IP.
- secure String
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server
Identity StringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP for communications to LDAP server.
- source
Port Integer - Source port to be used for communication with the LDAP server.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl Integer - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server String - Tertiary LDAP server CN domain name or IP.
- two
Factor String - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor StringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor StringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor StringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type String
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info StringExchange Server - MS Exchange server from which to fetch user information.
- username String
- Username (full DN) for initial binding.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- dn string
- Distinguished name used to look up entries on the LDAP server.
- server string
- LDAP server CN domain name or IP.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key stringFilter - Account key filter, using the UPN as the search filter.
- account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert string - CA certificate name.
- client
Cert string - Client certificate name.
- client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- group
Filter string - Filter used for group matching.
- group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object stringFilter - Filter used for group searching.
- group
Search stringBase - Search base used for group searching.
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member
Attr string - Name of attribute from which to get group membership.
- name string
- LDAP server entry name.
- obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password string
- Password for initial binding.
- password
Attr string - Name of attribute to get password hash.
- password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - port number
- Port to be used for communication with the LDAP server (default = 389).
- search
Type string - Search type. Valid values:
recursive
. - secondary
Server string - Secondary LDAP server CN domain name or IP.
- secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip string - Source IP for communications to LDAP server.
- source
Port number - Source port to be used for communication with the LDAP server.
- ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info stringExchange Server - MS Exchange server from which to fetch user information.
- username string
- Username (full DN) for initial binding.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- dn str
- Distinguished name used to look up entries on the LDAP server.
- server str
- LDAP server CN domain name or IP.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking.
- account_
key_ strfilter - Account key filter, using the UPN as the search filter.
- account_
key_ strprocessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account_
key_ strupn_ san - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish str
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca_
cert str - CA certificate name.
- client_
cert str - Client certificate name.
- client_
cert_ strauth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid str
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- group_
filter str - Filter used for group matching.
- group_
member_ strcheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group_
object_ strfilter - Filter used for group searching.
- group_
search_ strbase - Search base used for group searching.
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member_
attr str - Name of attribute from which to get group membership.
- name str
- LDAP server entry name.
- obtain_
user_ strinfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password str
- Password for initial binding.
- password_
attr str - Name of attribute to get password hash.
- password_
expiry_ strwarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password_
renewal str - Enable/disable online password renewal. Valid values:
enable
,disable
. - port int
- Port to be used for communication with the LDAP server (default = 389).
- search_
type str - Search type. Valid values:
recursive
. - secondary_
server str - Secondary LDAP server CN domain name or IP.
- secure str
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server_
identity_ strcheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source_
ip str - Source IP for communications to LDAP server.
- source_
port int - Source port to be used for communication with the LDAP server.
- ssl_
min_ strproto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status_
ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary_
server str - Tertiary LDAP server CN domain name or IP.
- two_
factor str - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two_
factor_ strauthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two_
factor_ strfilter - Filter used to synchronize users to FortiToken Cloud.
- two_
factor_ strnotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type str
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user_
info_ strexchange_ server - MS Exchange server from which to fetch user information.
- username str
- Username (full DN) for initial binding.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- dn String
- Distinguished name used to look up entries on the LDAP server.
- server String
- LDAP server CN domain name or IP.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key StringFilter - Account key filter, using the UPN as the search filter.
- account
Key StringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key StringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish String
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert String - CA certificate name.
- client
Cert String - Client certificate name.
- client
Cert StringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid String
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- group
Filter String - Filter used for group matching.
- group
Member StringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object StringFilter - Filter used for group searching.
- group
Search StringBase - Search base used for group searching.
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member
Attr String - Name of attribute from which to get group membership.
- name String
- LDAP server entry name.
- obtain
User StringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password String
- Password for initial binding.
- password
Attr String - Name of attribute to get password hash.
- password
Expiry StringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal String - Enable/disable online password renewal. Valid values:
enable
,disable
. - port Number
- Port to be used for communication with the LDAP server (default = 389).
- search
Type String - Search type. Valid values:
recursive
. - secondary
Server String - Secondary LDAP server CN domain name or IP.
- secure String
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server
Identity StringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP for communications to LDAP server.
- source
Port Number - Source port to be used for communication with the LDAP server.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server String - Tertiary LDAP server CN domain name or IP.
- two
Factor String - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor StringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor StringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor StringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type String
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info StringExchange Server - MS Exchange server from which to fetch user information.
- username String
- Username (full DN) for initial binding.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Ldap resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Ldap Resource
Get an existing Ldap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LdapState, opts?: CustomResourceOptions): Ldap
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_key_cert_field: Optional[str] = None,
account_key_filter: Optional[str] = None,
account_key_processing: Optional[str] = None,
account_key_upn_san: Optional[str] = None,
antiphish: Optional[str] = None,
ca_cert: Optional[str] = None,
client_cert: Optional[str] = None,
client_cert_auth: Optional[str] = None,
cnid: Optional[str] = None,
dn: Optional[str] = None,
group_filter: Optional[str] = None,
group_member_check: Optional[str] = None,
group_object_filter: Optional[str] = None,
group_search_base: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
member_attr: Optional[str] = None,
name: Optional[str] = None,
obtain_user_info: Optional[str] = None,
password: Optional[str] = None,
password_attr: Optional[str] = None,
password_expiry_warning: Optional[str] = None,
password_renewal: Optional[str] = None,
port: Optional[int] = None,
search_type: Optional[str] = None,
secondary_server: Optional[str] = None,
secure: Optional[str] = None,
server: Optional[str] = None,
server_identity_check: Optional[str] = None,
source_ip: Optional[str] = None,
source_port: Optional[int] = None,
ssl_min_proto_version: Optional[str] = None,
status_ttl: Optional[int] = None,
tertiary_server: Optional[str] = None,
two_factor: Optional[str] = None,
two_factor_authentication: Optional[str] = None,
two_factor_filter: Optional[str] = None,
two_factor_notification: Optional[str] = None,
type: Optional[str] = None,
user_info_exchange_server: Optional[str] = None,
username: Optional[str] = None,
vdomparam: Optional[str] = None) -> Ldap
func GetLdap(ctx *Context, name string, id IDInput, state *LdapState, opts ...ResourceOption) (*Ldap, error)
public static Ldap Get(string name, Input<string> id, LdapState? state, CustomResourceOptions? opts = null)
public static Ldap get(String name, Output<String> id, LdapState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- Account
Key stringFilter - Account key filter, using the UPN as the search filter.
- Account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - Account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - Antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - Ca
Cert string - CA certificate name.
- Client
Cert string - Client certificate name.
- Client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - Cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- Dn string
- Distinguished name used to look up entries on the LDAP server.
- Group
Filter string - Filter used for group matching.
- Group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - Group
Object stringFilter - Filter used for group searching.
- Group
Search stringBase - Search base used for group searching.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Member
Attr string - Name of attribute from which to get group membership.
- Name string
- LDAP server entry name.
- Obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - Password string
- Password for initial binding.
- Password
Attr string - Name of attribute to get password hash.
- Password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - Password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - Port int
- Port to be used for communication with the LDAP server (default = 389).
- Search
Type string - Search type. Valid values:
recursive
. - Secondary
Server string - Secondary LDAP server CN domain name or IP.
- Secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - Server string
- LDAP server CN domain name or IP.
- Server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP for communications to LDAP server.
- Source
Port int - Source port to be used for communication with the LDAP server.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- Two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - Two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - Two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- Two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - Type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - User
Info stringExchange Server - MS Exchange server from which to fetch user information.
- Username string
- Username (full DN) for initial binding.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- Account
Key stringFilter - Account key filter, using the UPN as the search filter.
- Account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - Account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - Antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - Ca
Cert string - CA certificate name.
- Client
Cert string - Client certificate name.
- Client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - Cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- Dn string
- Distinguished name used to look up entries on the LDAP server.
- Group
Filter string - Filter used for group matching.
- Group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - Group
Object stringFilter - Filter used for group searching.
- Group
Search stringBase - Search base used for group searching.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Member
Attr string - Name of attribute from which to get group membership.
- Name string
- LDAP server entry name.
- Obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - Password string
- Password for initial binding.
- Password
Attr string - Name of attribute to get password hash.
- Password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - Password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - Port int
- Port to be used for communication with the LDAP server (default = 389).
- Search
Type string - Search type. Valid values:
recursive
. - Secondary
Server string - Secondary LDAP server CN domain name or IP.
- Secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - Server string
- LDAP server CN domain name or IP.
- Server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - Source
Ip string - Source IP for communications to LDAP server.
- Source
Port int - Source port to be used for communication with the LDAP server.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Status
Ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- Tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- Two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - Two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - Two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- Two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - Type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - User
Info stringExchange Server - MS Exchange server from which to fetch user information.
- Username string
- Username (full DN) for initial binding.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key StringFilter - Account key filter, using the UPN as the search filter.
- account
Key StringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key StringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish String
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert String - CA certificate name.
- client
Cert String - Client certificate name.
- client
Cert StringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid String
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- dn String
- Distinguished name used to look up entries on the LDAP server.
- group
Filter String - Filter used for group matching.
- group
Member StringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object StringFilter - Filter used for group searching.
- group
Search StringBase - Search base used for group searching.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- member
Attr String - Name of attribute from which to get group membership.
- name String
- LDAP server entry name.
- obtain
User StringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password String
- Password for initial binding.
- password
Attr String - Name of attribute to get password hash.
- password
Expiry StringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal String - Enable/disable online password renewal. Valid values:
enable
,disable
. - port Integer
- Port to be used for communication with the LDAP server (default = 389).
- search
Type String - Search type. Valid values:
recursive
. - secondary
Server String - Secondary LDAP server CN domain name or IP.
- secure String
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server String
- LDAP server CN domain name or IP.
- server
Identity StringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP for communications to LDAP server.
- source
Port Integer - Source port to be used for communication with the LDAP server.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl Integer - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server String - Tertiary LDAP server CN domain name or IP.
- two
Factor String - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor StringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor StringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor StringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type String
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info StringExchange Server - MS Exchange server from which to fetch user information.
- username String
- Username (full DN) for initial binding.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key stringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key stringFilter - Account key filter, using the UPN as the search filter.
- account
Key stringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key stringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish string
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert string - CA certificate name.
- client
Cert string - Client certificate name.
- client
Cert stringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid string
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- dn string
- Distinguished name used to look up entries on the LDAP server.
- group
Filter string - Filter used for group matching.
- group
Member stringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object stringFilter - Filter used for group searching.
- group
Search stringBase - Search base used for group searching.
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member
Attr string - Name of attribute from which to get group membership.
- name string
- LDAP server entry name.
- obtain
User stringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password string
- Password for initial binding.
- password
Attr string - Name of attribute to get password hash.
- password
Expiry stringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal string - Enable/disable online password renewal. Valid values:
enable
,disable
. - port number
- Port to be used for communication with the LDAP server (default = 389).
- search
Type string - Search type. Valid values:
recursive
. - secondary
Server string - Secondary LDAP server CN domain name or IP.
- secure string
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server string
- LDAP server CN domain name or IP.
- server
Identity stringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip string - Source IP for communications to LDAP server.
- source
Port number - Source port to be used for communication with the LDAP server.
- ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server string - Tertiary LDAP server CN domain name or IP.
- two
Factor string - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor stringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor stringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor stringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type string
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info stringExchange Server - MS Exchange server from which to fetch user information.
- username string
- Username (full DN) for initial binding.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account_
key_ strcert_ field - Define subject identity field in certificate for user access right checking.
- account_
key_ strfilter - Account key filter, using the UPN as the search filter.
- account_
key_ strprocessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account_
key_ strupn_ san - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish str
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca_
cert str - CA certificate name.
- client_
cert str - Client certificate name.
- client_
cert_ strauth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid str
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- dn str
- Distinguished name used to look up entries on the LDAP server.
- group_
filter str - Filter used for group matching.
- group_
member_ strcheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group_
object_ strfilter - Filter used for group searching.
- group_
search_ strbase - Search base used for group searching.
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member_
attr str - Name of attribute from which to get group membership.
- name str
- LDAP server entry name.
- obtain_
user_ strinfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password str
- Password for initial binding.
- password_
attr str - Name of attribute to get password hash.
- password_
expiry_ strwarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password_
renewal str - Enable/disable online password renewal. Valid values:
enable
,disable
. - port int
- Port to be used for communication with the LDAP server (default = 389).
- search_
type str - Search type. Valid values:
recursive
. - secondary_
server str - Secondary LDAP server CN domain name or IP.
- secure str
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server str
- LDAP server CN domain name or IP.
- server_
identity_ strcheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source_
ip str - Source IP for communications to LDAP server.
- source_
port int - Source port to be used for communication with the LDAP server.
- ssl_
min_ strproto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status_
ttl int - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary_
server str - Tertiary LDAP server CN domain name or IP.
- two_
factor str - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two_
factor_ strauthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two_
factor_ strfilter - Filter used to synchronize users to FortiToken Cloud.
- two_
factor_ strnotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type str
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user_
info_ strexchange_ server - MS Exchange server from which to fetch user information.
- username str
- Username (full DN) for initial binding.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- account
Key StringCert Field - Define subject identity field in certificate for user access right checking.
- account
Key StringFilter - Account key filter, using the UPN as the search filter.
- account
Key StringProcessing - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values:
same
,strip
. - account
Key StringUpn San - Define SAN in certificate for user principle name matching. Valid values:
othername
,rfc822name
,dnsname
. - antiphish String
- Enable/disable AntiPhishing credential backend. Valid values:
enable
,disable
. - ca
Cert String - CA certificate name.
- client
Cert String - Client certificate name.
- client
Cert StringAuth - Enable/disable using client certificate for TLS authentication. Valid values:
enable
,disable
. - cnid String
- Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
- dn String
- Distinguished name used to look up entries on the LDAP server.
- group
Filter String - Filter used for group matching.
- group
Member StringCheck - Group member checking methods. Valid values:
user-attr
,group-object
,posix-group-object
. - group
Object StringFilter - Filter used for group searching.
- group
Search StringBase - Search base used for group searching.
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - member
Attr String - Name of attribute from which to get group membership.
- name String
- LDAP server entry name.
- obtain
User StringInfo - Enable/disable obtaining of user information. Valid values:
enable
,disable
. - password String
- Password for initial binding.
- password
Attr String - Name of attribute to get password hash.
- password
Expiry StringWarning - Enable/disable password expiry warnings. Valid values:
enable
,disable
. - password
Renewal String - Enable/disable online password renewal. Valid values:
enable
,disable
. - port Number
- Port to be used for communication with the LDAP server (default = 389).
- search
Type String - Search type. Valid values:
recursive
. - secondary
Server String - Secondary LDAP server CN domain name or IP.
- secure String
- Port to be used for authentication. Valid values:
disable
,starttls
,ldaps
. - server String
- LDAP server CN domain name or IP.
- server
Identity StringCheck - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values:
enable
,disable
. - source
Ip String - Source IP for communications to LDAP server.
- source
Port Number - Source port to be used for communication with the LDAP server.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- status
Ttl Number - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
- tertiary
Server String - Tertiary LDAP server CN domain name or IP.
- two
Factor String - Enable/disable two-factor authentication. Valid values:
disable
,fortitoken-cloud
. - two
Factor StringAuthentication - Authentication method by FortiToken Cloud. Valid values:
fortitoken
,email
,sms
. - two
Factor StringFilter - Filter used to synchronize users to FortiToken Cloud.
- two
Factor StringNotification - Notification method for user activation by FortiToken Cloud. Valid values:
email
,sms
. - type String
- Authentication type for LDAP searches. Valid values:
simple
,anonymous
,regular
. - user
Info StringExchange Server - MS Exchange server from which to fetch user information.
- username String
- Username (full DN) for initial binding.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Import
User Ldap can be imported using any of these accepted formats:
$ pulumi import fortios:user/ldap:Ldap labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:user/ldap:Ldap labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.