vault.ldap.AuthBackend
Explore with Pulumi AI
Provides a resource for managing an LDAP auth backend within Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
path: "ldap",
url: "ldaps://dc-01.example.org",
userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
userattr: "sAMAccountName",
upndomain: "EXAMPLE.ORG",
discoverdn: false,
groupdn: "OU=Groups,DC=example,DC=org",
groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
});
import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
path="ldap",
url="ldaps://dc-01.example.org",
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
userattr="sAMAccountName",
upndomain="EXAMPLE.ORG",
discoverdn=False,
groupdn="OU=Groups,DC=example,DC=org",
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
Path: pulumi.String("ldap"),
Url: pulumi.String("ldaps://dc-01.example.org"),
Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
Userattr: pulumi.String("sAMAccountName"),
Upndomain: pulumi.String("EXAMPLE.ORG"),
Discoverdn: pulumi.Bool(false),
Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"),
Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var ldap = new Vault.Ldap.AuthBackend("ldap", new()
{
Path = "ldap",
Url = "ldaps://dc-01.example.org",
Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
Userattr = "sAMAccountName",
Upndomain = "EXAMPLE.ORG",
Discoverdn = false,
Groupdn = "OU=Groups,DC=example,DC=org",
Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
.path("ldap")
.url("ldaps://dc-01.example.org")
.userdn("OU=Users,OU=Accounts,DC=example,DC=org")
.userattr("sAMAccountName")
.upndomain("EXAMPLE.ORG")
.discoverdn(false)
.groupdn("OU=Groups,DC=example,DC=org")
.groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
.build());
}
}
resources:
ldap:
type: vault:ldap:AuthBackend
properties:
path: ldap
url: ldaps://dc-01.example.org
userdn: OU=Users,OU=Accounts,DC=example,DC=org
userattr: sAMAccountName
upndomain: EXAMPLE.ORG
discoverdn: false
groupdn: OU=Groups,DC=example,DC=org
groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
Create AuthBackend Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthBackend(name: string, args: AuthBackendArgs, opts?: CustomResourceOptions);
@overload
def AuthBackend(resource_name: str,
args: AuthBackendArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthBackend(resource_name: str,
opts: Optional[ResourceOptions] = None,
url: Optional[str] = None,
path: Optional[str] = None,
userfilter: Optional[str] = None,
certificate: Optional[str] = None,
starttls: Optional[bool] = None,
client_tls_key: Optional[str] = None,
connection_timeout: Optional[int] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
binddn: Optional[str] = None,
client_tls_cert: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
tls_min_version: Optional[str] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
bindpass: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
tls_max_version: Optional[str] = None,
username_as_alias: Optional[bool] = None)
func NewAuthBackend(ctx *Context, name string, args AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)
public AuthBackend(string name, AuthBackendArgs args, CustomResourceOptions? opts = null)
public AuthBackend(String name, AuthBackendArgs args)
public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
type: vault:ldap:AuthBackend
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleauthBackendResourceResourceFromLdapauthBackend = new Vault.Ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", new()
{
Url = "string",
Path = "string",
Userfilter = "string",
Certificate = "string",
Starttls = false,
ClientTlsKey = "string",
ConnectionTimeout = 0,
DenyNullBind = false,
Description = "string",
DisableRemount = false,
Discoverdn = false,
Groupattr = "string",
Groupdn = "string",
Groupfilter = "string",
InsecureTls = false,
Local = false,
MaxPageSize = 0,
Namespace = "string",
Binddn = "string",
ClientTlsCert = "string",
CaseSensitiveNames = false,
TokenBoundCidrs = new[]
{
"string",
},
TlsMinVersion = "string",
TokenExplicitMaxTtl = 0,
TokenMaxTtl = 0,
TokenNoDefaultPolicy = false,
TokenNumUses = 0,
TokenPeriod = 0,
TokenPolicies = new[]
{
"string",
},
TokenTtl = 0,
TokenType = "string",
Upndomain = "string",
Bindpass = "string",
UseTokenGroups = false,
Userattr = "string",
Userdn = "string",
TlsMaxVersion = "string",
UsernameAsAlias = false,
});
example, err := ldap.NewAuthBackend(ctx, "exampleauthBackendResourceResourceFromLdapauthBackend", &ldap.AuthBackendArgs{
Url: pulumi.String("string"),
Path: pulumi.String("string"),
Userfilter: pulumi.String("string"),
Certificate: pulumi.String("string"),
Starttls: pulumi.Bool(false),
ClientTlsKey: pulumi.String("string"),
ConnectionTimeout: pulumi.Int(0),
DenyNullBind: pulumi.Bool(false),
Description: pulumi.String("string"),
DisableRemount: pulumi.Bool(false),
Discoverdn: pulumi.Bool(false),
Groupattr: pulumi.String("string"),
Groupdn: pulumi.String("string"),
Groupfilter: pulumi.String("string"),
InsecureTls: pulumi.Bool(false),
Local: pulumi.Bool(false),
MaxPageSize: pulumi.Int(0),
Namespace: pulumi.String("string"),
Binddn: pulumi.String("string"),
ClientTlsCert: pulumi.String("string"),
CaseSensitiveNames: pulumi.Bool(false),
TokenBoundCidrs: pulumi.StringArray{
pulumi.String("string"),
},
TlsMinVersion: pulumi.String("string"),
TokenExplicitMaxTtl: pulumi.Int(0),
TokenMaxTtl: pulumi.Int(0),
TokenNoDefaultPolicy: pulumi.Bool(false),
TokenNumUses: pulumi.Int(0),
TokenPeriod: pulumi.Int(0),
TokenPolicies: pulumi.StringArray{
pulumi.String("string"),
},
TokenTtl: pulumi.Int(0),
TokenType: pulumi.String("string"),
Upndomain: pulumi.String("string"),
Bindpass: pulumi.String("string"),
UseTokenGroups: pulumi.Bool(false),
Userattr: pulumi.String("string"),
Userdn: pulumi.String("string"),
TlsMaxVersion: pulumi.String("string"),
UsernameAsAlias: pulumi.Bool(false),
})
var exampleauthBackendResourceResourceFromLdapauthBackend = new AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", AuthBackendArgs.builder()
.url("string")
.path("string")
.userfilter("string")
.certificate("string")
.starttls(false)
.clientTlsKey("string")
.connectionTimeout(0)
.denyNullBind(false)
.description("string")
.disableRemount(false)
.discoverdn(false)
.groupattr("string")
.groupdn("string")
.groupfilter("string")
.insecureTls(false)
.local(false)
.maxPageSize(0)
.namespace("string")
.binddn("string")
.clientTlsCert("string")
.caseSensitiveNames(false)
.tokenBoundCidrs("string")
.tlsMinVersion("string")
.tokenExplicitMaxTtl(0)
.tokenMaxTtl(0)
.tokenNoDefaultPolicy(false)
.tokenNumUses(0)
.tokenPeriod(0)
.tokenPolicies("string")
.tokenTtl(0)
.tokenType("string")
.upndomain("string")
.bindpass("string")
.useTokenGroups(false)
.userattr("string")
.userdn("string")
.tlsMaxVersion("string")
.usernameAsAlias(false)
.build());
exampleauth_backend_resource_resource_from_ldapauth_backend = vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend",
url="string",
path="string",
userfilter="string",
certificate="string",
starttls=False,
client_tls_key="string",
connection_timeout=0,
deny_null_bind=False,
description="string",
disable_remount=False,
discoverdn=False,
groupattr="string",
groupdn="string",
groupfilter="string",
insecure_tls=False,
local=False,
max_page_size=0,
namespace="string",
binddn="string",
client_tls_cert="string",
case_sensitive_names=False,
token_bound_cidrs=["string"],
tls_min_version="string",
token_explicit_max_ttl=0,
token_max_ttl=0,
token_no_default_policy=False,
token_num_uses=0,
token_period=0,
token_policies=["string"],
token_ttl=0,
token_type="string",
upndomain="string",
bindpass="string",
use_token_groups=False,
userattr="string",
userdn="string",
tls_max_version="string",
username_as_alias=False)
const exampleauthBackendResourceResourceFromLdapauthBackend = new vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", {
url: "string",
path: "string",
userfilter: "string",
certificate: "string",
starttls: false,
clientTlsKey: "string",
connectionTimeout: 0,
denyNullBind: false,
description: "string",
disableRemount: false,
discoverdn: false,
groupattr: "string",
groupdn: "string",
groupfilter: "string",
insecureTls: false,
local: false,
maxPageSize: 0,
namespace: "string",
binddn: "string",
clientTlsCert: "string",
caseSensitiveNames: false,
tokenBoundCidrs: ["string"],
tlsMinVersion: "string",
tokenExplicitMaxTtl: 0,
tokenMaxTtl: 0,
tokenNoDefaultPolicy: false,
tokenNumUses: 0,
tokenPeriod: 0,
tokenPolicies: ["string"],
tokenTtl: 0,
tokenType: "string",
upndomain: "string",
bindpass: "string",
useTokenGroups: false,
userattr: "string",
userdn: "string",
tlsMaxVersion: "string",
usernameAsAlias: false,
});
type: vault:ldap:AuthBackend
properties:
binddn: string
bindpass: string
caseSensitiveNames: false
certificate: string
clientTlsCert: string
clientTlsKey: string
connectionTimeout: 0
denyNullBind: false
description: string
disableRemount: false
discoverdn: false
groupattr: string
groupdn: string
groupfilter: string
insecureTls: false
local: false
maxPageSize: 0
namespace: string
path: string
starttls: false
tlsMaxVersion: string
tlsMinVersion: string
tokenBoundCidrs:
- string
tokenExplicitMaxTtl: 0
tokenMaxTtl: 0
tokenNoDefaultPolicy: false
tokenNumUses: 0
tokenPeriod: 0
tokenPolicies:
- string
tokenTtl: 0
tokenType: string
upndomain: string
url: string
useTokenGroups: false
userattr: string
userdn: string
userfilter: string
usernameAsAlias: false
AuthBackend Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthBackend resource accepts the following input properties:
- Url string
- The URL of the LDAP server
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies List<string> - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Url string
- The URL of the LDAP server
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies []string - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Integer - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit IntegerMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max IntegerTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num IntegerUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Integer - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Integer - The initial ttl of the token to generate in seconds
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url string
- The URL of the LDAP server
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddn
when performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - connection
Timeout number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- description string
- Description for the LDAP auth backend mount
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit numberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max numberTtl - The maximum lifetime of the generated token
- token
No booleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num numberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period number - Generated Token's Period
- token
Policies string[] - Generated Token's Policies
- token
Ttl number - The initial ttl of the token to generate in seconds
- token
Type string - The type of token to generate, service or batch
- upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url str
- The URL of the LDAP server
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddn
when performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - connection_
timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- description str
- Description for the LDAP auth backend mount
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token_
explicit_ intmax_ ttl - Generated Token's Explicit Maximum TTL in seconds
- token_
max_ intttl - The maximum lifetime of the generated token
- token_
no_ booldefault_ policy - If true, the 'default' policy will not automatically be added to generated tokens
- token_
num_ intuses - The maximum number of times a token may be used, a value of zero means unlimited
- token_
period int - Generated Token's Period
- token_
policies Sequence[str] - Generated Token's Policies
- token_
ttl int - The initial ttl of the token to generate in seconds
- token_
type str - The type of token to generate, service or batch
- upndomain str
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit NumberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max NumberTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num NumberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Number - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Number - The initial ttl of the token to generate in seconds
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:
Look up Existing AuthBackend Resource
Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
binddn: Optional[str] = None,
bindpass: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
connection_timeout: Optional[int] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
url: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None) -> AuthBackend
func GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)
public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)
public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
- The accessor for this auth mount.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies List<string> - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Accessor string
- The accessor for this auth mount.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies []string - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Integer - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit IntegerMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max IntegerTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num IntegerUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Integer - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Integer - The initial ttl of the token to generate in seconds
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor string
- The accessor for this auth mount.
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddn
when performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - connection
Timeout number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- description string
- Description for the LDAP auth backend mount
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit numberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max numberTtl - The maximum lifetime of the generated token
- token
No booleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num numberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period number - Generated Token's Period
- token
Policies string[] - Generated Token's Policies
- token
Ttl number - The initial ttl of the token to generate in seconds
- token
Type string - The type of token to generate, service or batch
- upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url string
- The URL of the LDAP server
- use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor str
- The accessor for this auth mount.
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddn
when performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - connection_
timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- description str
- Description for the LDAP auth backend mount
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token_
explicit_ intmax_ ttl - Generated Token's Explicit Maximum TTL in seconds
- token_
max_ intttl - The maximum lifetime of the generated token
- token_
no_ booldefault_ policy - If true, the 'default' policy will not automatically be added to generated tokens
- token_
num_ intuses - The maximum number of times a token may be used, a value of zero means unlimited
- token_
period int - Generated Token's Period
- token_
policies Sequence[str] - Generated Token's Policies
- token_
ttl int - The initial ttl of the token to generate in seconds
- token_
type str - The type of token to generate, service or batch
- upndomain str
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url str
- The URL of the LDAP server
- use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url
(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit NumberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max NumberTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num NumberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Number - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Number - The initial ttl of the token to generate in seconds
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Import
LDAP authentication backends can be imported using the path
, e.g.
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.