1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. ldap
  5. AuthBackend
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.ldap.AuthBackend

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Provides a resource for managing an LDAP auth backend within Vault.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const ldap = new vault.ldap.AuthBackend("ldap", {
        path: "ldap",
        url: "ldaps://dc-01.example.org",
        userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
        userattr: "sAMAccountName",
        upndomain: "EXAMPLE.ORG",
        discoverdn: false,
        groupdn: "OU=Groups,DC=example,DC=org",
        groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
    });
    
    import pulumi
    import pulumi_vault as vault
    
    ldap = vault.ldap.AuthBackend("ldap",
        path="ldap",
        url="ldaps://dc-01.example.org",
        userdn="OU=Users,OU=Accounts,DC=example,DC=org",
        userattr="sAMAccountName",
        upndomain="EXAMPLE.ORG",
        discoverdn=False,
        groupdn="OU=Groups,DC=example,DC=org",
        groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
    			Path:        pulumi.String("ldap"),
    			Url:         pulumi.String("ldaps://dc-01.example.org"),
    			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
    			Userattr:    pulumi.String("sAMAccountName"),
    			Upndomain:   pulumi.String("EXAMPLE.ORG"),
    			Discoverdn:  pulumi.Bool(false),
    			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
    			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var ldap = new Vault.Ldap.AuthBackend("ldap", new()
        {
            Path = "ldap",
            Url = "ldaps://dc-01.example.org",
            Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
            Userattr = "sAMAccountName",
            Upndomain = "EXAMPLE.ORG",
            Discoverdn = false,
            Groupdn = "OU=Groups,DC=example,DC=org",
            Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.ldap.AuthBackend;
    import com.pulumi.vault.ldap.AuthBackendArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
                .path("ldap")
                .url("ldaps://dc-01.example.org")
                .userdn("OU=Users,OU=Accounts,DC=example,DC=org")
                .userattr("sAMAccountName")
                .upndomain("EXAMPLE.ORG")
                .discoverdn(false)
                .groupdn("OU=Groups,DC=example,DC=org")
                .groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
                .build());
    
        }
    }
    
    resources:
      ldap:
        type: vault:ldap:AuthBackend
        properties:
          path: ldap
          url: ldaps://dc-01.example.org
          userdn: OU=Users,OU=Accounts,DC=example,DC=org
          userattr: sAMAccountName
          upndomain: EXAMPLE.ORG
          discoverdn: false
          groupdn: OU=Groups,DC=example,DC=org
          groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
    

    Create AuthBackend Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AuthBackend(name: string, args: AuthBackendArgs, opts?: CustomResourceOptions);
    @overload
    def AuthBackend(resource_name: str,
                    args: AuthBackendArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def AuthBackend(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    url: Optional[str] = None,
                    path: Optional[str] = None,
                    userfilter: Optional[str] = None,
                    certificate: Optional[str] = None,
                    starttls: Optional[bool] = None,
                    client_tls_key: Optional[str] = None,
                    connection_timeout: Optional[int] = None,
                    deny_null_bind: Optional[bool] = None,
                    description: Optional[str] = None,
                    disable_remount: Optional[bool] = None,
                    discoverdn: Optional[bool] = None,
                    groupattr: Optional[str] = None,
                    groupdn: Optional[str] = None,
                    groupfilter: Optional[str] = None,
                    insecure_tls: Optional[bool] = None,
                    local: Optional[bool] = None,
                    max_page_size: Optional[int] = None,
                    namespace: Optional[str] = None,
                    binddn: Optional[str] = None,
                    client_tls_cert: Optional[str] = None,
                    case_sensitive_names: Optional[bool] = None,
                    token_bound_cidrs: Optional[Sequence[str]] = None,
                    tls_min_version: Optional[str] = None,
                    token_explicit_max_ttl: Optional[int] = None,
                    token_max_ttl: Optional[int] = None,
                    token_no_default_policy: Optional[bool] = None,
                    token_num_uses: Optional[int] = None,
                    token_period: Optional[int] = None,
                    token_policies: Optional[Sequence[str]] = None,
                    token_ttl: Optional[int] = None,
                    token_type: Optional[str] = None,
                    upndomain: Optional[str] = None,
                    bindpass: Optional[str] = None,
                    use_token_groups: Optional[bool] = None,
                    userattr: Optional[str] = None,
                    userdn: Optional[str] = None,
                    tls_max_version: Optional[str] = None,
                    username_as_alias: Optional[bool] = None)
    func NewAuthBackend(ctx *Context, name string, args AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)
    public AuthBackend(string name, AuthBackendArgs args, CustomResourceOptions? opts = null)
    public AuthBackend(String name, AuthBackendArgs args)
    public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
    
    type: vault:ldap:AuthBackend
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AuthBackendArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AuthBackendArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AuthBackendArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AuthBackendArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AuthBackendArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var exampleauthBackendResourceResourceFromLdapauthBackend = new Vault.Ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", new()
    {
        Url = "string",
        Path = "string",
        Userfilter = "string",
        Certificate = "string",
        Starttls = false,
        ClientTlsKey = "string",
        ConnectionTimeout = 0,
        DenyNullBind = false,
        Description = "string",
        DisableRemount = false,
        Discoverdn = false,
        Groupattr = "string",
        Groupdn = "string",
        Groupfilter = "string",
        InsecureTls = false,
        Local = false,
        MaxPageSize = 0,
        Namespace = "string",
        Binddn = "string",
        ClientTlsCert = "string",
        CaseSensitiveNames = false,
        TokenBoundCidrs = new[]
        {
            "string",
        },
        TlsMinVersion = "string",
        TokenExplicitMaxTtl = 0,
        TokenMaxTtl = 0,
        TokenNoDefaultPolicy = false,
        TokenNumUses = 0,
        TokenPeriod = 0,
        TokenPolicies = new[]
        {
            "string",
        },
        TokenTtl = 0,
        TokenType = "string",
        Upndomain = "string",
        Bindpass = "string",
        UseTokenGroups = false,
        Userattr = "string",
        Userdn = "string",
        TlsMaxVersion = "string",
        UsernameAsAlias = false,
    });
    
    example, err := ldap.NewAuthBackend(ctx, "exampleauthBackendResourceResourceFromLdapauthBackend", &ldap.AuthBackendArgs{
    	Url:                pulumi.String("string"),
    	Path:               pulumi.String("string"),
    	Userfilter:         pulumi.String("string"),
    	Certificate:        pulumi.String("string"),
    	Starttls:           pulumi.Bool(false),
    	ClientTlsKey:       pulumi.String("string"),
    	ConnectionTimeout:  pulumi.Int(0),
    	DenyNullBind:       pulumi.Bool(false),
    	Description:        pulumi.String("string"),
    	DisableRemount:     pulumi.Bool(false),
    	Discoverdn:         pulumi.Bool(false),
    	Groupattr:          pulumi.String("string"),
    	Groupdn:            pulumi.String("string"),
    	Groupfilter:        pulumi.String("string"),
    	InsecureTls:        pulumi.Bool(false),
    	Local:              pulumi.Bool(false),
    	MaxPageSize:        pulumi.Int(0),
    	Namespace:          pulumi.String("string"),
    	Binddn:             pulumi.String("string"),
    	ClientTlsCert:      pulumi.String("string"),
    	CaseSensitiveNames: pulumi.Bool(false),
    	TokenBoundCidrs: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TlsMinVersion:        pulumi.String("string"),
    	TokenExplicitMaxTtl:  pulumi.Int(0),
    	TokenMaxTtl:          pulumi.Int(0),
    	TokenNoDefaultPolicy: pulumi.Bool(false),
    	TokenNumUses:         pulumi.Int(0),
    	TokenPeriod:          pulumi.Int(0),
    	TokenPolicies: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TokenTtl:        pulumi.Int(0),
    	TokenType:       pulumi.String("string"),
    	Upndomain:       pulumi.String("string"),
    	Bindpass:        pulumi.String("string"),
    	UseTokenGroups:  pulumi.Bool(false),
    	Userattr:        pulumi.String("string"),
    	Userdn:          pulumi.String("string"),
    	TlsMaxVersion:   pulumi.String("string"),
    	UsernameAsAlias: pulumi.Bool(false),
    })
    
    var exampleauthBackendResourceResourceFromLdapauthBackend = new AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", AuthBackendArgs.builder()
        .url("string")
        .path("string")
        .userfilter("string")
        .certificate("string")
        .starttls(false)
        .clientTlsKey("string")
        .connectionTimeout(0)
        .denyNullBind(false)
        .description("string")
        .disableRemount(false)
        .discoverdn(false)
        .groupattr("string")
        .groupdn("string")
        .groupfilter("string")
        .insecureTls(false)
        .local(false)
        .maxPageSize(0)
        .namespace("string")
        .binddn("string")
        .clientTlsCert("string")
        .caseSensitiveNames(false)
        .tokenBoundCidrs("string")
        .tlsMinVersion("string")
        .tokenExplicitMaxTtl(0)
        .tokenMaxTtl(0)
        .tokenNoDefaultPolicy(false)
        .tokenNumUses(0)
        .tokenPeriod(0)
        .tokenPolicies("string")
        .tokenTtl(0)
        .tokenType("string")
        .upndomain("string")
        .bindpass("string")
        .useTokenGroups(false)
        .userattr("string")
        .userdn("string")
        .tlsMaxVersion("string")
        .usernameAsAlias(false)
        .build());
    
    exampleauth_backend_resource_resource_from_ldapauth_backend = vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend",
        url="string",
        path="string",
        userfilter="string",
        certificate="string",
        starttls=False,
        client_tls_key="string",
        connection_timeout=0,
        deny_null_bind=False,
        description="string",
        disable_remount=False,
        discoverdn=False,
        groupattr="string",
        groupdn="string",
        groupfilter="string",
        insecure_tls=False,
        local=False,
        max_page_size=0,
        namespace="string",
        binddn="string",
        client_tls_cert="string",
        case_sensitive_names=False,
        token_bound_cidrs=["string"],
        tls_min_version="string",
        token_explicit_max_ttl=0,
        token_max_ttl=0,
        token_no_default_policy=False,
        token_num_uses=0,
        token_period=0,
        token_policies=["string"],
        token_ttl=0,
        token_type="string",
        upndomain="string",
        bindpass="string",
        use_token_groups=False,
        userattr="string",
        userdn="string",
        tls_max_version="string",
        username_as_alias=False)
    
    const exampleauthBackendResourceResourceFromLdapauthBackend = new vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", {
        url: "string",
        path: "string",
        userfilter: "string",
        certificate: "string",
        starttls: false,
        clientTlsKey: "string",
        connectionTimeout: 0,
        denyNullBind: false,
        description: "string",
        disableRemount: false,
        discoverdn: false,
        groupattr: "string",
        groupdn: "string",
        groupfilter: "string",
        insecureTls: false,
        local: false,
        maxPageSize: 0,
        namespace: "string",
        binddn: "string",
        clientTlsCert: "string",
        caseSensitiveNames: false,
        tokenBoundCidrs: ["string"],
        tlsMinVersion: "string",
        tokenExplicitMaxTtl: 0,
        tokenMaxTtl: 0,
        tokenNoDefaultPolicy: false,
        tokenNumUses: 0,
        tokenPeriod: 0,
        tokenPolicies: ["string"],
        tokenTtl: 0,
        tokenType: "string",
        upndomain: "string",
        bindpass: "string",
        useTokenGroups: false,
        userattr: "string",
        userdn: "string",
        tlsMaxVersion: "string",
        usernameAsAlias: false,
    });
    
    type: vault:ldap:AuthBackend
    properties:
        binddn: string
        bindpass: string
        caseSensitiveNames: false
        certificate: string
        clientTlsCert: string
        clientTlsKey: string
        connectionTimeout: 0
        denyNullBind: false
        description: string
        disableRemount: false
        discoverdn: false
        groupattr: string
        groupdn: string
        groupfilter: string
        insecureTls: false
        local: false
        maxPageSize: 0
        namespace: string
        path: string
        starttls: false
        tlsMaxVersion: string
        tlsMinVersion: string
        tokenBoundCidrs:
            - string
        tokenExplicitMaxTtl: 0
        tokenMaxTtl: 0
        tokenNoDefaultPolicy: false
        tokenNumUses: 0
        tokenPeriod: 0
        tokenPolicies:
            - string
        tokenTtl: 0
        tokenType: string
        upndomain: string
        url: string
        useTokenGroups: false
        userattr: string
        userdn: string
        userfilter: string
        usernameAsAlias: false
    

    AuthBackend Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AuthBackend resource accepts the following input properties:

    Url string
    The URL of the LDAP server
    Binddn string
    DN of object to bind when performing user search
    Bindpass string
    Password to use with binddn when performing user search
    CaseSensitiveNames bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    Certificate string
    Trusted CA to validate TLS certificate
    ClientTlsCert string
    ClientTlsKey string
    ConnectionTimeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    DenyNullBind bool
    Prevents users from bypassing authentication when providing an empty password.
    Description string
    Description for the LDAP auth backend mount
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    Discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    Groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    Groupdn string
    Base DN under which to perform group search
    Groupfilter string
    Go template used to construct group membership query
    InsecureTls bool
    Control whether or TLS certificates must be validated
    Local bool
    Specifies if the auth method is local only.
    MaxPageSize int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    Path to mount the LDAP auth backend under
    Starttls bool
    Control use of TLS when conecting to LDAP
    TlsMaxVersion string
    Maximum acceptable version of TLS
    TlsMinVersion string
    Minimum acceptable version of TLS
    TokenBoundCidrs List<string>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    TokenExplicitMaxTtl int
    Generated Token's Explicit Maximum TTL in seconds
    TokenMaxTtl int
    The maximum lifetime of the generated token
    TokenNoDefaultPolicy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    TokenNumUses int
    The maximum number of times a token may be used, a value of zero means unlimited
    TokenPeriod int
    Generated Token's Period
    TokenPolicies List<string>
    Generated Token's Policies
    TokenTtl int
    The initial ttl of the token to generate in seconds
    TokenType string
    The type of token to generate, service or batch
    Upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    UseTokenGroups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    Userattr string
    Attribute on user object matching username passed in
    Userdn string
    Base DN under which to perform user search
    Userfilter string
    LDAP user search filter
    UsernameAsAlias bool
    Force the auth method to use the username passed by the user as the alias name.
    Url string
    The URL of the LDAP server
    Binddn string
    DN of object to bind when performing user search
    Bindpass string
    Password to use with binddn when performing user search
    CaseSensitiveNames bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    Certificate string
    Trusted CA to validate TLS certificate
    ClientTlsCert string
    ClientTlsKey string
    ConnectionTimeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    DenyNullBind bool
    Prevents users from bypassing authentication when providing an empty password.
    Description string
    Description for the LDAP auth backend mount
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    Discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    Groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    Groupdn string
    Base DN under which to perform group search
    Groupfilter string
    Go template used to construct group membership query
    InsecureTls bool
    Control whether or TLS certificates must be validated
    Local bool
    Specifies if the auth method is local only.
    MaxPageSize int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    Path to mount the LDAP auth backend under
    Starttls bool
    Control use of TLS when conecting to LDAP
    TlsMaxVersion string
    Maximum acceptable version of TLS
    TlsMinVersion string
    Minimum acceptable version of TLS
    TokenBoundCidrs []string
    Specifies the blocks of IP addresses which are allowed to use the generated token
    TokenExplicitMaxTtl int
    Generated Token's Explicit Maximum TTL in seconds
    TokenMaxTtl int
    The maximum lifetime of the generated token
    TokenNoDefaultPolicy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    TokenNumUses int
    The maximum number of times a token may be used, a value of zero means unlimited
    TokenPeriod int
    Generated Token's Period
    TokenPolicies []string
    Generated Token's Policies
    TokenTtl int
    The initial ttl of the token to generate in seconds
    TokenType string
    The type of token to generate, service or batch
    Upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    UseTokenGroups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    Userattr string
    Attribute on user object matching username passed in
    Userdn string
    Base DN under which to perform user search
    Userfilter string
    LDAP user search filter
    UsernameAsAlias bool
    Force the auth method to use the username passed by the user as the alias name.
    url String
    The URL of the LDAP server
    binddn String
    DN of object to bind when performing user search
    bindpass String
    Password to use with binddn when performing user search
    caseSensitiveNames Boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate String
    Trusted CA to validate TLS certificate
    clientTlsCert String
    clientTlsKey String
    connectionTimeout Integer
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind Boolean
    Prevents users from bypassing authentication when providing an empty password.
    description String
    Description for the LDAP auth backend mount
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn Boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr String
    LDAP attribute to follow on objects returned by groupfilter
    groupdn String
    Base DN under which to perform group search
    groupfilter String
    Go template used to construct group membership query
    insecureTls Boolean
    Control whether or TLS certificates must be validated
    local Boolean
    Specifies if the auth method is local only.
    maxPageSize Integer
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Path to mount the LDAP auth backend under
    starttls Boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion String
    Maximum acceptable version of TLS
    tlsMinVersion String
    Minimum acceptable version of TLS
    tokenBoundCidrs List<String>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl Integer
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl Integer
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy Boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses Integer
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod Integer
    Generated Token's Period
    tokenPolicies List<String>
    Generated Token's Policies
    tokenTtl Integer
    The initial ttl of the token to generate in seconds
    tokenType String
    The type of token to generate, service or batch
    upndomain String
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    useTokenGroups Boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr String
    Attribute on user object matching username passed in
    userdn String
    Base DN under which to perform user search
    userfilter String
    LDAP user search filter
    usernameAsAlias Boolean
    Force the auth method to use the username passed by the user as the alias name.
    url string
    The URL of the LDAP server
    binddn string
    DN of object to bind when performing user search
    bindpass string
    Password to use with binddn when performing user search
    caseSensitiveNames boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate string
    Trusted CA to validate TLS certificate
    clientTlsCert string
    clientTlsKey string
    connectionTimeout number
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind boolean
    Prevents users from bypassing authentication when providing an empty password.
    description string
    Description for the LDAP auth backend mount
    disableRemount boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    groupdn string
    Base DN under which to perform group search
    groupfilter string
    Go template used to construct group membership query
    insecureTls boolean
    Control whether or TLS certificates must be validated
    local boolean
    Specifies if the auth method is local only.
    maxPageSize number
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path string
    Path to mount the LDAP auth backend under
    starttls boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion string
    Maximum acceptable version of TLS
    tlsMinVersion string
    Minimum acceptable version of TLS
    tokenBoundCidrs string[]
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl number
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl number
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses number
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod number
    Generated Token's Period
    tokenPolicies string[]
    Generated Token's Policies
    tokenTtl number
    The initial ttl of the token to generate in seconds
    tokenType string
    The type of token to generate, service or batch
    upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    useTokenGroups boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr string
    Attribute on user object matching username passed in
    userdn string
    Base DN under which to perform user search
    userfilter string
    LDAP user search filter
    usernameAsAlias boolean
    Force the auth method to use the username passed by the user as the alias name.
    url str
    The URL of the LDAP server
    binddn str
    DN of object to bind when performing user search
    bindpass str
    Password to use with binddn when performing user search
    case_sensitive_names bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate str
    Trusted CA to validate TLS certificate
    client_tls_cert str
    client_tls_key str
    connection_timeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    deny_null_bind bool
    Prevents users from bypassing authentication when providing an empty password.
    description str
    Description for the LDAP auth backend mount
    disable_remount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    groupattr str
    LDAP attribute to follow on objects returned by groupfilter
    groupdn str
    Base DN under which to perform group search
    groupfilter str
    Go template used to construct group membership query
    insecure_tls bool
    Control whether or TLS certificates must be validated
    local bool
    Specifies if the auth method is local only.
    max_page_size int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path str
    Path to mount the LDAP auth backend under
    starttls bool
    Control use of TLS when conecting to LDAP
    tls_max_version str
    Maximum acceptable version of TLS
    tls_min_version str
    Minimum acceptable version of TLS
    token_bound_cidrs Sequence[str]
    Specifies the blocks of IP addresses which are allowed to use the generated token
    token_explicit_max_ttl int
    Generated Token's Explicit Maximum TTL in seconds
    token_max_ttl int
    The maximum lifetime of the generated token
    token_no_default_policy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    token_num_uses int
    The maximum number of times a token may be used, a value of zero means unlimited
    token_period int
    Generated Token's Period
    token_policies Sequence[str]
    Generated Token's Policies
    token_ttl int
    The initial ttl of the token to generate in seconds
    token_type str
    The type of token to generate, service or batch
    upndomain str
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    use_token_groups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr str
    Attribute on user object matching username passed in
    userdn str
    Base DN under which to perform user search
    userfilter str
    LDAP user search filter
    username_as_alias bool
    Force the auth method to use the username passed by the user as the alias name.
    url String
    The URL of the LDAP server
    binddn String
    DN of object to bind when performing user search
    bindpass String
    Password to use with binddn when performing user search
    caseSensitiveNames Boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate String
    Trusted CA to validate TLS certificate
    clientTlsCert String
    clientTlsKey String
    connectionTimeout Number
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind Boolean
    Prevents users from bypassing authentication when providing an empty password.
    description String
    Description for the LDAP auth backend mount
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn Boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr String
    LDAP attribute to follow on objects returned by groupfilter
    groupdn String
    Base DN under which to perform group search
    groupfilter String
    Go template used to construct group membership query
    insecureTls Boolean
    Control whether or TLS certificates must be validated
    local Boolean
    Specifies if the auth method is local only.
    maxPageSize Number
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Path to mount the LDAP auth backend under
    starttls Boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion String
    Maximum acceptable version of TLS
    tlsMinVersion String
    Minimum acceptable version of TLS
    tokenBoundCidrs List<String>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl Number
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl Number
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy Boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses Number
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod Number
    Generated Token's Period
    tokenPolicies List<String>
    Generated Token's Policies
    tokenTtl Number
    The initial ttl of the token to generate in seconds
    tokenType String
    The type of token to generate, service or batch
    upndomain String
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    useTokenGroups Boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr String
    Attribute on user object matching username passed in
    userdn String
    Base DN under which to perform user search
    userfilter String
    LDAP user search filter
    usernameAsAlias Boolean
    Force the auth method to use the username passed by the user as the alias name.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:

    Accessor string
    The accessor for this auth mount.
    Id string
    The provider-assigned unique ID for this managed resource.
    Accessor string
    The accessor for this auth mount.
    Id string
    The provider-assigned unique ID for this managed resource.
    accessor String
    The accessor for this auth mount.
    id String
    The provider-assigned unique ID for this managed resource.
    accessor string
    The accessor for this auth mount.
    id string
    The provider-assigned unique ID for this managed resource.
    accessor str
    The accessor for this auth mount.
    id str
    The provider-assigned unique ID for this managed resource.
    accessor String
    The accessor for this auth mount.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AuthBackend Resource

    Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            accessor: Optional[str] = None,
            binddn: Optional[str] = None,
            bindpass: Optional[str] = None,
            case_sensitive_names: Optional[bool] = None,
            certificate: Optional[str] = None,
            client_tls_cert: Optional[str] = None,
            client_tls_key: Optional[str] = None,
            connection_timeout: Optional[int] = None,
            deny_null_bind: Optional[bool] = None,
            description: Optional[str] = None,
            disable_remount: Optional[bool] = None,
            discoverdn: Optional[bool] = None,
            groupattr: Optional[str] = None,
            groupdn: Optional[str] = None,
            groupfilter: Optional[str] = None,
            insecure_tls: Optional[bool] = None,
            local: Optional[bool] = None,
            max_page_size: Optional[int] = None,
            namespace: Optional[str] = None,
            path: Optional[str] = None,
            starttls: Optional[bool] = None,
            tls_max_version: Optional[str] = None,
            tls_min_version: Optional[str] = None,
            token_bound_cidrs: Optional[Sequence[str]] = None,
            token_explicit_max_ttl: Optional[int] = None,
            token_max_ttl: Optional[int] = None,
            token_no_default_policy: Optional[bool] = None,
            token_num_uses: Optional[int] = None,
            token_period: Optional[int] = None,
            token_policies: Optional[Sequence[str]] = None,
            token_ttl: Optional[int] = None,
            token_type: Optional[str] = None,
            upndomain: Optional[str] = None,
            url: Optional[str] = None,
            use_token_groups: Optional[bool] = None,
            userattr: Optional[str] = None,
            userdn: Optional[str] = None,
            userfilter: Optional[str] = None,
            username_as_alias: Optional[bool] = None) -> AuthBackend
    func GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)
    public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)
    public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Accessor string
    The accessor for this auth mount.
    Binddn string
    DN of object to bind when performing user search
    Bindpass string
    Password to use with binddn when performing user search
    CaseSensitiveNames bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    Certificate string
    Trusted CA to validate TLS certificate
    ClientTlsCert string
    ClientTlsKey string
    ConnectionTimeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    DenyNullBind bool
    Prevents users from bypassing authentication when providing an empty password.
    Description string
    Description for the LDAP auth backend mount
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    Discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    Groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    Groupdn string
    Base DN under which to perform group search
    Groupfilter string
    Go template used to construct group membership query
    InsecureTls bool
    Control whether or TLS certificates must be validated
    Local bool
    Specifies if the auth method is local only.
    MaxPageSize int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    Path to mount the LDAP auth backend under
    Starttls bool
    Control use of TLS when conecting to LDAP
    TlsMaxVersion string
    Maximum acceptable version of TLS
    TlsMinVersion string
    Minimum acceptable version of TLS
    TokenBoundCidrs List<string>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    TokenExplicitMaxTtl int
    Generated Token's Explicit Maximum TTL in seconds
    TokenMaxTtl int
    The maximum lifetime of the generated token
    TokenNoDefaultPolicy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    TokenNumUses int
    The maximum number of times a token may be used, a value of zero means unlimited
    TokenPeriod int
    Generated Token's Period
    TokenPolicies List<string>
    Generated Token's Policies
    TokenTtl int
    The initial ttl of the token to generate in seconds
    TokenType string
    The type of token to generate, service or batch
    Upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    Url string
    The URL of the LDAP server
    UseTokenGroups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    Userattr string
    Attribute on user object matching username passed in
    Userdn string
    Base DN under which to perform user search
    Userfilter string
    LDAP user search filter
    UsernameAsAlias bool
    Force the auth method to use the username passed by the user as the alias name.
    Accessor string
    The accessor for this auth mount.
    Binddn string
    DN of object to bind when performing user search
    Bindpass string
    Password to use with binddn when performing user search
    CaseSensitiveNames bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    Certificate string
    Trusted CA to validate TLS certificate
    ClientTlsCert string
    ClientTlsKey string
    ConnectionTimeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    DenyNullBind bool
    Prevents users from bypassing authentication when providing an empty password.
    Description string
    Description for the LDAP auth backend mount
    DisableRemount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    Discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    Groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    Groupdn string
    Base DN under which to perform group search
    Groupfilter string
    Go template used to construct group membership query
    InsecureTls bool
    Control whether or TLS certificates must be validated
    Local bool
    Specifies if the auth method is local only.
    MaxPageSize int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Path string
    Path to mount the LDAP auth backend under
    Starttls bool
    Control use of TLS when conecting to LDAP
    TlsMaxVersion string
    Maximum acceptable version of TLS
    TlsMinVersion string
    Minimum acceptable version of TLS
    TokenBoundCidrs []string
    Specifies the blocks of IP addresses which are allowed to use the generated token
    TokenExplicitMaxTtl int
    Generated Token's Explicit Maximum TTL in seconds
    TokenMaxTtl int
    The maximum lifetime of the generated token
    TokenNoDefaultPolicy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    TokenNumUses int
    The maximum number of times a token may be used, a value of zero means unlimited
    TokenPeriod int
    Generated Token's Period
    TokenPolicies []string
    Generated Token's Policies
    TokenTtl int
    The initial ttl of the token to generate in seconds
    TokenType string
    The type of token to generate, service or batch
    Upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    Url string
    The URL of the LDAP server
    UseTokenGroups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    Userattr string
    Attribute on user object matching username passed in
    Userdn string
    Base DN under which to perform user search
    Userfilter string
    LDAP user search filter
    UsernameAsAlias bool
    Force the auth method to use the username passed by the user as the alias name.
    accessor String
    The accessor for this auth mount.
    binddn String
    DN of object to bind when performing user search
    bindpass String
    Password to use with binddn when performing user search
    caseSensitiveNames Boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate String
    Trusted CA to validate TLS certificate
    clientTlsCert String
    clientTlsKey String
    connectionTimeout Integer
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind Boolean
    Prevents users from bypassing authentication when providing an empty password.
    description String
    Description for the LDAP auth backend mount
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn Boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr String
    LDAP attribute to follow on objects returned by groupfilter
    groupdn String
    Base DN under which to perform group search
    groupfilter String
    Go template used to construct group membership query
    insecureTls Boolean
    Control whether or TLS certificates must be validated
    local Boolean
    Specifies if the auth method is local only.
    maxPageSize Integer
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Path to mount the LDAP auth backend under
    starttls Boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion String
    Maximum acceptable version of TLS
    tlsMinVersion String
    Minimum acceptable version of TLS
    tokenBoundCidrs List<String>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl Integer
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl Integer
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy Boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses Integer
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod Integer
    Generated Token's Period
    tokenPolicies List<String>
    Generated Token's Policies
    tokenTtl Integer
    The initial ttl of the token to generate in seconds
    tokenType String
    The type of token to generate, service or batch
    upndomain String
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    url String
    The URL of the LDAP server
    useTokenGroups Boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr String
    Attribute on user object matching username passed in
    userdn String
    Base DN under which to perform user search
    userfilter String
    LDAP user search filter
    usernameAsAlias Boolean
    Force the auth method to use the username passed by the user as the alias name.
    accessor string
    The accessor for this auth mount.
    binddn string
    DN of object to bind when performing user search
    bindpass string
    Password to use with binddn when performing user search
    caseSensitiveNames boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate string
    Trusted CA to validate TLS certificate
    clientTlsCert string
    clientTlsKey string
    connectionTimeout number
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind boolean
    Prevents users from bypassing authentication when providing an empty password.
    description string
    Description for the LDAP auth backend mount
    disableRemount boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr string
    LDAP attribute to follow on objects returned by groupfilter
    groupdn string
    Base DN under which to perform group search
    groupfilter string
    Go template used to construct group membership query
    insecureTls boolean
    Control whether or TLS certificates must be validated
    local boolean
    Specifies if the auth method is local only.
    maxPageSize number
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path string
    Path to mount the LDAP auth backend under
    starttls boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion string
    Maximum acceptable version of TLS
    tlsMinVersion string
    Minimum acceptable version of TLS
    tokenBoundCidrs string[]
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl number
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl number
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses number
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod number
    Generated Token's Period
    tokenPolicies string[]
    Generated Token's Policies
    tokenTtl number
    The initial ttl of the token to generate in seconds
    tokenType string
    The type of token to generate, service or batch
    upndomain string
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    url string
    The URL of the LDAP server
    useTokenGroups boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr string
    Attribute on user object matching username passed in
    userdn string
    Base DN under which to perform user search
    userfilter string
    LDAP user search filter
    usernameAsAlias boolean
    Force the auth method to use the username passed by the user as the alias name.
    accessor str
    The accessor for this auth mount.
    binddn str
    DN of object to bind when performing user search
    bindpass str
    Password to use with binddn when performing user search
    case_sensitive_names bool
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate str
    Trusted CA to validate TLS certificate
    client_tls_cert str
    client_tls_key str
    connection_timeout int
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    deny_null_bind bool
    Prevents users from bypassing authentication when providing an empty password.
    description str
    Description for the LDAP auth backend mount
    disable_remount bool
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn bool
    Use anonymous bind to discover the bind DN of a user.
    groupattr str
    LDAP attribute to follow on objects returned by groupfilter
    groupdn str
    Base DN under which to perform group search
    groupfilter str
    Go template used to construct group membership query
    insecure_tls bool
    Control whether or TLS certificates must be validated
    local bool
    Specifies if the auth method is local only.
    max_page_size int
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path str
    Path to mount the LDAP auth backend under
    starttls bool
    Control use of TLS when conecting to LDAP
    tls_max_version str
    Maximum acceptable version of TLS
    tls_min_version str
    Minimum acceptable version of TLS
    token_bound_cidrs Sequence[str]
    Specifies the blocks of IP addresses which are allowed to use the generated token
    token_explicit_max_ttl int
    Generated Token's Explicit Maximum TTL in seconds
    token_max_ttl int
    The maximum lifetime of the generated token
    token_no_default_policy bool
    If true, the 'default' policy will not automatically be added to generated tokens
    token_num_uses int
    The maximum number of times a token may be used, a value of zero means unlimited
    token_period int
    Generated Token's Period
    token_policies Sequence[str]
    Generated Token's Policies
    token_ttl int
    The initial ttl of the token to generate in seconds
    token_type str
    The type of token to generate, service or batch
    upndomain str
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    url str
    The URL of the LDAP server
    use_token_groups bool
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr str
    Attribute on user object matching username passed in
    userdn str
    Base DN under which to perform user search
    userfilter str
    LDAP user search filter
    username_as_alias bool
    Force the auth method to use the username passed by the user as the alias name.
    accessor String
    The accessor for this auth mount.
    binddn String
    DN of object to bind when performing user search
    bindpass String
    Password to use with binddn when performing user search
    caseSensitiveNames Boolean
    Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
    certificate String
    Trusted CA to validate TLS certificate
    clientTlsCert String
    clientTlsKey String
    connectionTimeout Number
    Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)
    denyNullBind Boolean
    Prevents users from bypassing authentication when providing an empty password.
    description String
    Description for the LDAP auth backend mount
    disableRemount Boolean
    If set, opts out of mount migration on path updates. See here for more info on Mount Migration
    discoverdn Boolean
    Use anonymous bind to discover the bind DN of a user.
    groupattr String
    LDAP attribute to follow on objects returned by groupfilter
    groupdn String
    Base DN under which to perform group search
    groupfilter String
    Go template used to construct group membership query
    insecureTls Boolean
    Control whether or TLS certificates must be validated
    local Boolean
    Specifies if the auth method is local only.
    maxPageSize Number
    Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    path String
    Path to mount the LDAP auth backend under
    starttls Boolean
    Control use of TLS when conecting to LDAP
    tlsMaxVersion String
    Maximum acceptable version of TLS
    tlsMinVersion String
    Minimum acceptable version of TLS
    tokenBoundCidrs List<String>
    Specifies the blocks of IP addresses which are allowed to use the generated token
    tokenExplicitMaxTtl Number
    Generated Token's Explicit Maximum TTL in seconds
    tokenMaxTtl Number
    The maximum lifetime of the generated token
    tokenNoDefaultPolicy Boolean
    If true, the 'default' policy will not automatically be added to generated tokens
    tokenNumUses Number
    The maximum number of times a token may be used, a value of zero means unlimited
    tokenPeriod Number
    Generated Token's Period
    tokenPolicies List<String>
    Generated Token's Policies
    tokenTtl Number
    The initial ttl of the token to generate in seconds
    tokenType String
    The type of token to generate, service or batch
    upndomain String
    The userPrincipalDomain used to construct the UPN string for the authenticating user.
    url String
    The URL of the LDAP server
    useTokenGroups Boolean
    Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
    userattr String
    Attribute on user object matching username passed in
    userdn String
    Base DN under which to perform user search
    userfilter String
    LDAP user search filter
    usernameAsAlias Boolean
    Force the auth method to use the username passed by the user as the alias name.

    Import

    LDAP authentication backends can be imported using the path, e.g.

    $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi