Docs Home
powerscale 1.7.1 published on Wednesday, Apr 30, 2025 by dell
powerscale.LdapProvider
Explore with Pulumi AI
This resource is used to manage the LDAP provider entity of PowerScale Array. We can Create, Update and Delete the LDAP provider using this resource. We can also import an existing LDAP provider from PowerScale array. PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as powerscale from "@pulumi/powerscale";
// PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
const exampleLdapProvider = new powerscale.LdapProvider("exampleLdapProvider", {
alternateSecurityIdentitiesAttribute: "altSecurityIdentities",
authentication: true,
balanceServers: true,
baseDn: "dc=tthe,dc=testLdap,dc=com",
bindDn: "",
bindMechanism: "simple",
bindTimeout: 10,
certificateAuthorityFile: "",
checkOnlineInterval: 100,
cnAttribute: "cn",
createHomeDirectory: false,
cryptPasswordAttribute: "",
emailAttribute: "mail",
enabled: true,
enumerateGroups: true,
enumerateUsers: true,
findableGroups: [],
findableUsers: [],
gecosAttribute: "gecos",
gidAttribute: "gidNumber",
groupBaseDn: "",
groupDomain: "LDAP_GROUPS",
groupFilter: "(objectClass=posixGroup)",
groupMembersAttribute: "memberUid",
groupSearchScope: "default",
groupnet: "groupnet0",
homeDirectoryTemplate: "",
homedirAttribute: "homeDirectory",
ignoreTlsErrors: false,
ignoreUnresolvableServerUrls: false,
listableGroups: [],
listableUsers: [],
loginShell: "/bin/bash",
memberLookupMethod: "default",
memberOfAttribute: "",
nameAttribute: "uid",
netgroupBaseDn: "",
netgroupFilter: "(objectClass=nisNetgroup)",
netgroupMembersAttribute: "memberNisNetgroup",
netgroupSearchScope: "default",
netgroupTripleAttribute: "nisNetgroupTriple",
normalizeGroups: false,
normalizeUsers: false,
ntPasswordAttribute: "",
ntlmSupport: "all",
providerDomain: "",
requireSecureConnection: false,
restrictFindable: true,
restrictListable: false,
searchScope: "subtree",
searchTimeout: 100,
serverUris: ["ldap://10.225.108.54"],
shadowExpireAttribute: "shadowExpire",
shadowFlagAttribute: "shadowFlag",
shadowInactiveAttribute: "shadowInactive",
shadowLastChangeAttribute: "shadowLastChange",
shadowMaxAttribute: "shadowMax",
shadowMinAttribute: "shadowMin",
shadowUserFilter: "(objectClass=shadowAccount)",
shadowWarningAttribute: "shadowWarning",
shellAttribute: "loginShell",
sshPublicKeyAttribute: "sshPublicKey",
status: "online",
system: false,
tlsProtocolMin: "1.2",
uidAttribute: "uidNumber",
unfindableGroups: [
"wheel",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
],
unfindableUsers: [
"root",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
],
uniqueGroupMembersAttribute: "",
unlistableGroups: [],
unlistableUsers: [],
userBaseDn: "",
userDomain: "LDAP_USERS",
userFilter: "(objectClass=posixAccount)",
userSearchScope: "default",
});
import pulumi
import pulumi_powerscale as powerscale
# PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
example_ldap_provider = powerscale.LdapProvider("exampleLdapProvider",
alternate_security_identities_attribute="altSecurityIdentities",
authentication=True,
balance_servers=True,
base_dn="dc=tthe,dc=testLdap,dc=com",
bind_dn="",
bind_mechanism="simple",
bind_timeout=10,
certificate_authority_file="",
check_online_interval=100,
cn_attribute="cn",
create_home_directory=False,
crypt_password_attribute="",
email_attribute="mail",
enabled=True,
enumerate_groups=True,
enumerate_users=True,
findable_groups=[],
findable_users=[],
gecos_attribute="gecos",
gid_attribute="gidNumber",
group_base_dn="",
group_domain="LDAP_GROUPS",
group_filter="(objectClass=posixGroup)",
group_members_attribute="memberUid",
group_search_scope="default",
groupnet="groupnet0",
home_directory_template="",
homedir_attribute="homeDirectory",
ignore_tls_errors=False,
ignore_unresolvable_server_urls=False,
listable_groups=[],
listable_users=[],
login_shell="/bin/bash",
member_lookup_method="default",
member_of_attribute="",
name_attribute="uid",
netgroup_base_dn="",
netgroup_filter="(objectClass=nisNetgroup)",
netgroup_members_attribute="memberNisNetgroup",
netgroup_search_scope="default",
netgroup_triple_attribute="nisNetgroupTriple",
normalize_groups=False,
normalize_users=False,
nt_password_attribute="",
ntlm_support="all",
provider_domain="",
require_secure_connection=False,
restrict_findable=True,
restrict_listable=False,
search_scope="subtree",
search_timeout=100,
server_uris=["ldap://10.225.108.54"],
shadow_expire_attribute="shadowExpire",
shadow_flag_attribute="shadowFlag",
shadow_inactive_attribute="shadowInactive",
shadow_last_change_attribute="shadowLastChange",
shadow_max_attribute="shadowMax",
shadow_min_attribute="shadowMin",
shadow_user_filter="(objectClass=shadowAccount)",
shadow_warning_attribute="shadowWarning",
shell_attribute="loginShell",
ssh_public_key_attribute="sshPublicKey",
status="online",
system=False,
tls_protocol_min="1.2",
uid_attribute="uidNumber",
unfindable_groups=[
"wheel",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
],
unfindable_users=[
"root",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
],
unique_group_members_attribute="",
unlistable_groups=[],
unlistable_users=[],
user_base_dn="",
user_domain="LDAP_USERS",
user_filter="(objectClass=posixAccount)",
user_search_scope="default")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/powerscale/powerscale"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
_, err := powerscale.NewLdapProvider(ctx, "exampleLdapProvider", &powerscale.LdapProviderArgs{
AlternateSecurityIdentitiesAttribute: pulumi.String("altSecurityIdentities"),
Authentication: pulumi.Bool(true),
BalanceServers: pulumi.Bool(true),
BaseDn: pulumi.String("dc=tthe,dc=testLdap,dc=com"),
BindDn: pulumi.String(""),
BindMechanism: pulumi.String("simple"),
BindTimeout: pulumi.Float64(10),
CertificateAuthorityFile: pulumi.String(""),
CheckOnlineInterval: pulumi.Float64(100),
CnAttribute: pulumi.String("cn"),
CreateHomeDirectory: pulumi.Bool(false),
CryptPasswordAttribute: pulumi.String(""),
EmailAttribute: pulumi.String("mail"),
Enabled: pulumi.Bool(true),
EnumerateGroups: pulumi.Bool(true),
EnumerateUsers: pulumi.Bool(true),
FindableGroups: pulumi.StringArray{},
FindableUsers: pulumi.StringArray{},
GecosAttribute: pulumi.String("gecos"),
GidAttribute: pulumi.String("gidNumber"),
GroupBaseDn: pulumi.String(""),
GroupDomain: pulumi.String("LDAP_GROUPS"),
GroupFilter: pulumi.String("(objectClass=posixGroup)"),
GroupMembersAttribute: pulumi.String("memberUid"),
GroupSearchScope: pulumi.String("default"),
Groupnet: pulumi.String("groupnet0"),
HomeDirectoryTemplate: pulumi.String(""),
HomedirAttribute: pulumi.String("homeDirectory"),
IgnoreTlsErrors: pulumi.Bool(false),
IgnoreUnresolvableServerUrls: pulumi.Bool(false),
ListableGroups: pulumi.StringArray{},
ListableUsers: pulumi.StringArray{},
LoginShell: pulumi.String("/bin/bash"),
MemberLookupMethod: pulumi.String("default"),
MemberOfAttribute: pulumi.String(""),
NameAttribute: pulumi.String("uid"),
NetgroupBaseDn: pulumi.String(""),
NetgroupFilter: pulumi.String("(objectClass=nisNetgroup)"),
NetgroupMembersAttribute: pulumi.String("memberNisNetgroup"),
NetgroupSearchScope: pulumi.String("default"),
NetgroupTripleAttribute: pulumi.String("nisNetgroupTriple"),
NormalizeGroups: pulumi.Bool(false),
NormalizeUsers: pulumi.Bool(false),
NtPasswordAttribute: pulumi.String(""),
NtlmSupport: pulumi.String("all"),
ProviderDomain: pulumi.String(""),
RequireSecureConnection: pulumi.Bool(false),
RestrictFindable: pulumi.Bool(true),
RestrictListable: pulumi.Bool(false),
SearchScope: pulumi.String("subtree"),
SearchTimeout: pulumi.Float64(100),
ServerUris: pulumi.StringArray{
pulumi.String("ldap://10.225.108.54"),
},
ShadowExpireAttribute: pulumi.String("shadowExpire"),
ShadowFlagAttribute: pulumi.String("shadowFlag"),
ShadowInactiveAttribute: pulumi.String("shadowInactive"),
ShadowLastChangeAttribute: pulumi.String("shadowLastChange"),
ShadowMaxAttribute: pulumi.String("shadowMax"),
ShadowMinAttribute: pulumi.String("shadowMin"),
ShadowUserFilter: pulumi.String("(objectClass=shadowAccount)"),
ShadowWarningAttribute: pulumi.String("shadowWarning"),
ShellAttribute: pulumi.String("loginShell"),
SshPublicKeyAttribute: pulumi.String("sshPublicKey"),
Status: pulumi.String("online"),
System: pulumi.Bool(false),
TlsProtocolMin: pulumi.String("1.2"),
UidAttribute: pulumi.String("uidNumber"),
UnfindableGroups: pulumi.StringArray{
pulumi.String("wheel"),
pulumi.String("0"),
pulumi.String("insightiq"),
pulumi.String("15"),
pulumi.String("isdmgmt"),
pulumi.String("16"),
},
UnfindableUsers: pulumi.StringArray{
pulumi.String("root"),
pulumi.String("0"),
pulumi.String("insightiq"),
pulumi.String("15"),
pulumi.String("isdmgmt"),
pulumi.String("16"),
},
UniqueGroupMembersAttribute: pulumi.String(""),
UnlistableGroups: pulumi.StringArray{},
UnlistableUsers: pulumi.StringArray{},
UserBaseDn: pulumi.String(""),
UserDomain: pulumi.String("LDAP_USERS"),
UserFilter: pulumi.String("(objectClass=posixAccount)"),
UserSearchScope: pulumi.String("default"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Powerscale = Pulumi.Powerscale;
return await Deployment.RunAsync(() =>
{
// PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
var exampleLdapProvider = new Powerscale.LdapProvider("exampleLdapProvider", new()
{
AlternateSecurityIdentitiesAttribute = "altSecurityIdentities",
Authentication = true,
BalanceServers = true,
BaseDn = "dc=tthe,dc=testLdap,dc=com",
BindDn = "",
BindMechanism = "simple",
BindTimeout = 10,
CertificateAuthorityFile = "",
CheckOnlineInterval = 100,
CnAttribute = "cn",
CreateHomeDirectory = false,
CryptPasswordAttribute = "",
EmailAttribute = "mail",
Enabled = true,
EnumerateGroups = true,
EnumerateUsers = true,
FindableGroups = new[] {},
FindableUsers = new[] {},
GecosAttribute = "gecos",
GidAttribute = "gidNumber",
GroupBaseDn = "",
GroupDomain = "LDAP_GROUPS",
GroupFilter = "(objectClass=posixGroup)",
GroupMembersAttribute = "memberUid",
GroupSearchScope = "default",
Groupnet = "groupnet0",
HomeDirectoryTemplate = "",
HomedirAttribute = "homeDirectory",
IgnoreTlsErrors = false,
IgnoreUnresolvableServerUrls = false,
ListableGroups = new[] {},
ListableUsers = new[] {},
LoginShell = "/bin/bash",
MemberLookupMethod = "default",
MemberOfAttribute = "",
NameAttribute = "uid",
NetgroupBaseDn = "",
NetgroupFilter = "(objectClass=nisNetgroup)",
NetgroupMembersAttribute = "memberNisNetgroup",
NetgroupSearchScope = "default",
NetgroupTripleAttribute = "nisNetgroupTriple",
NormalizeGroups = false,
NormalizeUsers = false,
NtPasswordAttribute = "",
NtlmSupport = "all",
ProviderDomain = "",
RequireSecureConnection = false,
RestrictFindable = true,
RestrictListable = false,
SearchScope = "subtree",
SearchTimeout = 100,
ServerUris = new[]
{
"ldap://10.225.108.54",
},
ShadowExpireAttribute = "shadowExpire",
ShadowFlagAttribute = "shadowFlag",
ShadowInactiveAttribute = "shadowInactive",
ShadowLastChangeAttribute = "shadowLastChange",
ShadowMaxAttribute = "shadowMax",
ShadowMinAttribute = "shadowMin",
ShadowUserFilter = "(objectClass=shadowAccount)",
ShadowWarningAttribute = "shadowWarning",
ShellAttribute = "loginShell",
SshPublicKeyAttribute = "sshPublicKey",
Status = "online",
System = false,
TlsProtocolMin = "1.2",
UidAttribute = "uidNumber",
UnfindableGroups = new[]
{
"wheel",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
},
UnfindableUsers = new[]
{
"root",
"0",
"insightiq",
"15",
"isdmgmt",
"16",
},
UniqueGroupMembersAttribute = "",
UnlistableGroups = new[] {},
UnlistableUsers = new[] {},
UserBaseDn = "",
UserDomain = "LDAP_USERS",
UserFilter = "(objectClass=posixAccount)",
UserSearchScope = "default",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.powerscale.LdapProvider;
import com.pulumi.powerscale.LdapProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
var exampleLdapProvider = new LdapProvider("exampleLdapProvider", LdapProviderArgs.builder()
.alternateSecurityIdentitiesAttribute("altSecurityIdentities")
.authentication(true)
.balanceServers(true)
.baseDn("dc=tthe,dc=testLdap,dc=com")
.bindDn("")
.bindMechanism("simple")
.bindTimeout(10)
.certificateAuthorityFile("")
.checkOnlineInterval(100)
.cnAttribute("cn")
.createHomeDirectory(false)
.cryptPasswordAttribute("")
.emailAttribute("mail")
.enabled(true)
.enumerateGroups(true)
.enumerateUsers(true)
.findableGroups()
.findableUsers()
.gecosAttribute("gecos")
.gidAttribute("gidNumber")
.groupBaseDn("")
.groupDomain("LDAP_GROUPS")
.groupFilter("(objectClass=posixGroup)")
.groupMembersAttribute("memberUid")
.groupSearchScope("default")
.groupnet("groupnet0")
.homeDirectoryTemplate("")
.homedirAttribute("homeDirectory")
.ignoreTlsErrors(false)
.ignoreUnresolvableServerUrls(false)
.listableGroups()
.listableUsers()
.loginShell("/bin/bash")
.memberLookupMethod("default")
.memberOfAttribute("")
.nameAttribute("uid")
.netgroupBaseDn("")
.netgroupFilter("(objectClass=nisNetgroup)")
.netgroupMembersAttribute("memberNisNetgroup")
.netgroupSearchScope("default")
.netgroupTripleAttribute("nisNetgroupTriple")
.normalizeGroups(false)
.normalizeUsers(false)
.ntPasswordAttribute("")
.ntlmSupport("all")
.providerDomain("")
.requireSecureConnection(false)
.restrictFindable(true)
.restrictListable(false)
.searchScope("subtree")
.searchTimeout(100)
.serverUris("ldap://10.225.108.54")
.shadowExpireAttribute("shadowExpire")
.shadowFlagAttribute("shadowFlag")
.shadowInactiveAttribute("shadowInactive")
.shadowLastChangeAttribute("shadowLastChange")
.shadowMaxAttribute("shadowMax")
.shadowMinAttribute("shadowMin")
.shadowUserFilter("(objectClass=shadowAccount)")
.shadowWarningAttribute("shadowWarning")
.shellAttribute("loginShell")
.sshPublicKeyAttribute("sshPublicKey")
.status("online")
.system(false)
.tlsProtocolMin("1.2")
.uidAttribute("uidNumber")
.unfindableGroups(
"wheel",
"0",
"insightiq",
"15",
"isdmgmt",
"16")
.unfindableUsers(
"root",
"0",
"insightiq",
"15",
"isdmgmt",
"16")
.uniqueGroupMembersAttribute("")
.unlistableGroups()
.unlistableUsers()
.userBaseDn("")
.userDomain("LDAP_USERS")
.userFilter("(objectClass=posixAccount)")
.userSearchScope("default")
.build());
}
}
resources:
# PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
exampleLdapProvider:
type: powerscale:LdapProvider
properties:
# Optional params for creating and updating.
# // Specifies the attribute name used when searching for alternate security identities.
alternateSecurityIdentitiesAttribute: altSecurityIdentities
# If true, enables authentication and identity management through the authentication provider.
authentication: true
# If true, connects the provider to a random server.
balanceServers: true
# Specifies the root of the tree in which to search identities.
baseDn: dc=tthe,dc=testLdap,dc=com
# Specifies the distinguished name for binding to the LDAP server.
bindDn: ""
# Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
bindMechanism: simple
# Specifies the timeout in seconds when binding to an LDAP server. Value should between 1 - 3600.
bindTimeout: 10
# Specifies the path to the root certificates file.
certificateAuthorityFile: ""
# Specifies the time in seconds between provider online checks. Value should between 0 - 3600.
checkOnlineInterval: 100
# Specifies the canonical name.
cnAttribute: cn
# Automatically create the home directory on the first login.
createHomeDirectory: false
# Specifies the hashed password value.
cryptPasswordAttribute: ""
# Specifies the LDAP Email attribute.
emailAttribute: mail
# If true, enables the LDAP provider.
enabled: true
# If true, allows the provider to enumerate groups.
enumerateGroups: true
# If true, allows the provider to enumerate users.
enumerateUsers: true
# Specifies the list of groups that can be resolved.
findableGroups: []
# Specifies the list of users that can be resolved.
findableUsers: []
# Specifies the LDAP GECOS attribute.
gecosAttribute: gecos
# Specifies the LDAP GID attribute.
gidAttribute: gidNumber
# Specifies the distinguished name of the entry where LDAP searches for groups are started.
groupBaseDn: ""
# Specifies the domain for this provider through which groups are qualified.
groupDomain: LDAP_GROUPS
# Specifies the LDAP filter for group objects.
groupFilter: (objectClass=posixGroup)
# Specifies the LDAP Group Members attribute.
groupMembersAttribute: memberUid
# Specifies the depth from the base DN to perform LDAP searches.
# // Acceptable values: default, base, onelevel, subtree, children.
groupSearchScope: default
# Optional groupnet for creating. Specifies the groupnet identifier.
groupnet: groupnet0
# Specifies the path to the home directory template.
homeDirectoryTemplate: ""
# Specifies the LDAP Homedir attribute.
homedirAttribute: homeDirectory
# If true, continues over secure connections even if identity checks fail.
ignoreTlsErrors: false
# Optional ignore_unresolvable_server_urls for creating and updating. If true, ignore unresolvable server URIs.
ignoreUnresolvableServerUrls: false
# Specifies the groups that can be viewed in the provider.
listableGroups: []
# Specifies the users that can be viewed in the provider.
listableUsers: []
# Specifies the login shell path.
loginShell: /bin/bash
# Sets the method by which group member lookups are performed. Use caution when changing this option directly.
# // Acceptable values: default, rfc2307bis.
memberLookupMethod: default
# Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
memberOfAttribute: ""
# Specifies the LDAP UID attribute, which is used as the login name.
nameAttribute: uid
# Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
netgroupBaseDn: ""
# Specifies the LDAP filter for netgroup objects.
netgroupFilter: (objectClass=nisNetgroup)
# Specifies the LDAP Netgroup Members attribute.
netgroupMembersAttribute: memberNisNetgroup
# Specifies the depth from the base DN to perform LDAP searches.
# // Acceptable values: default, base, onelevel, subtree, children.
netgroupSearchScope: default
# Specifies the LDAP Netgroup Triple attribute.
netgroupTripleAttribute: nisNetgroupTriple
# Normalizes group names to lowercase before look up.
normalizeGroups: false
# Normalizes user names to lowercase before look up.
normalizeUsers: false
# Specifies the LDAP NT Password attribute.
ntPasswordAttribute: ""
# Specifies which NTLM versions to support for users with NTLM-compatible credentials.
# // Acceptable values: all, v2only, none.
ntlmSupport: all
# Specifies the provider domain.
providerDomain: ""
# Determines whether to continue over a non-TLS connection.
requireSecureConnection: false
# If true, checks the provider for filtered lists of findable and unfindable users and groups.
restrictFindable: true
# If true, checks the provider for filtered lists of listable and unlistable users and groups.
restrictListable: false
# Specifies the default depth from the base DN to perform LDAP searches.
# // Acceptable values: base, onelevel, subtree, children.
searchScope: subtree
# Specifies the search timeout period in seconds. Value should between 10 - 3600.
searchTimeout: 100
# Specifies the server URIs. Begin URIs with ldap:// or ldaps://
serverUris:
- ldap://10.225.108.54
# Sets the attribute name that indicates the absolute date to expire the account.
shadowExpireAttribute: shadowExpire
# Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
shadowFlagAttribute: shadowFlag
# Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
shadowInactiveAttribute: shadowInactive
# Sets the attribute name that indicates the last change of the shadow information.
shadowLastChangeAttribute: shadowLastChange
# Sets the attribute name that indicates the maximum number of days a password can be valid.
shadowMaxAttribute: shadowMax
# Sets the attribute name that indicates the minimum number of days between shadow changes.
shadowMinAttribute: shadowMin
# Sets LDAP filter for shadow user objects.
shadowUserFilter: (objectClass=shadowAccount)
# Sets the attribute name that indicates the number of days before the password expires to warn the user.
shadowWarningAttribute: shadowWarning
# Specifies the LDAP Shell attribute.
shellAttribute: loginShell
# Sets the attribute name that indicates the SSH Public Key for the user.
sshPublicKeyAttribute: sshPublicKey
# Specifies the status of the provider.
status: online
# If true, indicates that this provider instance was created by OneFS and cannot be removed.
system: false
# Specifies the minimum TLS protocol version.
tlsProtocolMin: '1.2'
# Specifies the LDAP UID Number attribute.
uidAttribute: uidNumber
# Specifies the groups that cannot be resolved by the provider.
unfindableGroups:
- wheel
- '0'
- insightiq
- '15'
- isdmgmt
- '16'
# Specifies users that cannot be resolved by the provider.
unfindableUsers:
- root
- '0'
- insightiq
- '15'
- isdmgmt
- '16'
# Sets the LDAP Unique Group Members attribute.
uniqueGroupMembersAttribute: ""
# Specifies a group that cannot be listed by the provider.
unlistableGroups: []
# Specifies a user that cannot be listed by the provider.
unlistableUsers: []
# Specifies the distinguished name of the entry at which to start LDAP searches for users.
userBaseDn: ""
# Specifies the domain for this provider through which users are qualified.
userDomain: LDAP_USERS
# Specifies the LDAP filter for user objects.
userFilter: (objectClass=posixAccount)
# Specifies the depth from the base DN to perform LDAP searches.
# // Acceptable values: default, base, onelevel, subtree, children.
userSearchScope: default
Create LdapProvider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LdapProvider(name: string, args: LdapProviderArgs, opts?: CustomResourceOptions);@overload
def LdapProvider(resource_name: str,
args: LdapProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def LdapProvider(resource_name: str,
opts: Optional[ResourceOptions] = None,
base_dn: Optional[str] = None,
server_uris: Optional[Sequence[str]] = None,
alternate_security_identities_attribute: Optional[str] = None,
authentication: Optional[bool] = None,
balance_servers: Optional[bool] = None,
bind_dn: Optional[str] = None,
bind_mechanism: Optional[str] = None,
bind_timeout: Optional[float] = None,
certificate_authority_file: Optional[str] = None,
check_online_interval: Optional[float] = None,
cn_attribute: Optional[str] = None,
create_home_directory: Optional[bool] = None,
crypt_password_attribute: Optional[str] = None,
email_attribute: Optional[str] = None,
enabled: Optional[bool] = None,
enumerate_groups: Optional[bool] = None,
enumerate_users: Optional[bool] = None,
findable_groups: Optional[Sequence[str]] = None,
findable_users: Optional[Sequence[str]] = None,
gecos_attribute: Optional[str] = None,
gid_attribute: Optional[str] = None,
group_base_dn: Optional[str] = None,
group_domain: Optional[str] = None,
group_filter: Optional[str] = None,
group_members_attribute: Optional[str] = None,
group_search_scope: Optional[str] = None,
groupnet: Optional[str] = None,
home_directory_template: Optional[str] = None,
homedir_attribute: Optional[str] = None,
ignore_tls_errors: Optional[bool] = None,
ignore_unresolvable_server_urls: Optional[bool] = None,
listable_groups: Optional[Sequence[str]] = None,
listable_users: Optional[Sequence[str]] = None,
login_shell: Optional[str] = None,
member_lookup_method: Optional[str] = None,
member_of_attribute: Optional[str] = None,
name: Optional[str] = None,
name_attribute: Optional[str] = None,
netgroup_base_dn: Optional[str] = None,
netgroup_filter: Optional[str] = None,
netgroup_members_attribute: Optional[str] = None,
netgroup_search_scope: Optional[str] = None,
netgroup_triple_attribute: Optional[str] = None,
normalize_groups: Optional[bool] = None,
normalize_users: Optional[bool] = None,
nt_password_attribute: Optional[str] = None,
ntlm_support: Optional[str] = None,
ocsp_server_uris: Optional[Sequence[str]] = None,
provider_domain: Optional[str] = None,
require_secure_connection: Optional[bool] = None,
restrict_findable: Optional[bool] = None,
restrict_listable: Optional[bool] = None,
search_scope: Optional[str] = None,
search_timeout: Optional[float] = None,
shadow_expire_attribute: Optional[str] = None,
shadow_flag_attribute: Optional[str] = None,
shadow_inactive_attribute: Optional[str] = None,
shadow_last_change_attribute: Optional[str] = None,
shadow_max_attribute: Optional[str] = None,
shadow_min_attribute: Optional[str] = None,
shadow_user_filter: Optional[str] = None,
shadow_warning_attribute: Optional[str] = None,
shell_attribute: Optional[str] = None,
ssh_public_key_attribute: Optional[str] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
tls_protocol_min: Optional[str] = None,
tls_revocation_check_level: Optional[str] = None,
uid_attribute: Optional[str] = None,
unfindable_groups: Optional[Sequence[str]] = None,
unfindable_users: Optional[Sequence[str]] = None,
unique_group_members_attribute: Optional[str] = None,
unlistable_groups: Optional[Sequence[str]] = None,
unlistable_users: Optional[Sequence[str]] = None,
user_base_dn: Optional[str] = None,
user_domain: Optional[str] = None,
user_filter: Optional[str] = None,
user_search_scope: Optional[str] = None)func NewLdapProvider(ctx *Context, name string, args LdapProviderArgs, opts ...ResourceOption) (*LdapProvider, error)public LdapProvider(string name, LdapProviderArgs args, CustomResourceOptions? opts = null)
public LdapProvider(String name, LdapProviderArgs args)
public LdapProvider(String name, LdapProviderArgs args, CustomResourceOptions options)
type: powerscale:LdapProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LdapProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LdapProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LdapProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LdapProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LdapProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ldapProviderResource = new Powerscale.LdapProvider("ldapProviderResource", new()
{
BaseDn = "string",
ServerUris = new[]
{
"string",
},
AlternateSecurityIdentitiesAttribute = "string",
Authentication = false,
BalanceServers = false,
BindDn = "string",
BindMechanism = "string",
BindTimeout = 0,
CertificateAuthorityFile = "string",
CheckOnlineInterval = 0,
CnAttribute = "string",
CreateHomeDirectory = false,
CryptPasswordAttribute = "string",
EmailAttribute = "string",
Enabled = false,
EnumerateGroups = false,
EnumerateUsers = false,
FindableGroups = new[]
{
"string",
},
FindableUsers = new[]
{
"string",
},
GecosAttribute = "string",
GidAttribute = "string",
GroupBaseDn = "string",
GroupDomain = "string",
GroupFilter = "string",
GroupMembersAttribute = "string",
GroupSearchScope = "string",
Groupnet = "string",
HomeDirectoryTemplate = "string",
HomedirAttribute = "string",
IgnoreTlsErrors = false,
IgnoreUnresolvableServerUrls = false,
ListableGroups = new[]
{
"string",
},
ListableUsers = new[]
{
"string",
},
LoginShell = "string",
MemberLookupMethod = "string",
MemberOfAttribute = "string",
Name = "string",
NameAttribute = "string",
NetgroupBaseDn = "string",
NetgroupFilter = "string",
NetgroupMembersAttribute = "string",
NetgroupSearchScope = "string",
NetgroupTripleAttribute = "string",
NormalizeGroups = false,
NormalizeUsers = false,
NtPasswordAttribute = "string",
NtlmSupport = "string",
OcspServerUris = new[]
{
"string",
},
ProviderDomain = "string",
RequireSecureConnection = false,
RestrictFindable = false,
RestrictListable = false,
SearchScope = "string",
SearchTimeout = 0,
ShadowExpireAttribute = "string",
ShadowFlagAttribute = "string",
ShadowInactiveAttribute = "string",
ShadowLastChangeAttribute = "string",
ShadowMaxAttribute = "string",
ShadowMinAttribute = "string",
ShadowUserFilter = "string",
ShadowWarningAttribute = "string",
ShellAttribute = "string",
SshPublicKeyAttribute = "string",
Status = "string",
System = false,
TlsProtocolMin = "string",
TlsRevocationCheckLevel = "string",
UidAttribute = "string",
UnfindableGroups = new[]
{
"string",
},
UnfindableUsers = new[]
{
"string",
},
UniqueGroupMembersAttribute = "string",
UnlistableGroups = new[]
{
"string",
},
UnlistableUsers = new[]
{
"string",
},
UserBaseDn = "string",
UserDomain = "string",
UserFilter = "string",
UserSearchScope = "string",
});
example, err := powerscale.NewLdapProvider(ctx, "ldapProviderResource", &powerscale.LdapProviderArgs{
BaseDn: pulumi.String("string"),
ServerUris: pulumi.StringArray{
pulumi.String("string"),
},
AlternateSecurityIdentitiesAttribute: pulumi.String("string"),
Authentication: pulumi.Bool(false),
BalanceServers: pulumi.Bool(false),
BindDn: pulumi.String("string"),
BindMechanism: pulumi.String("string"),
BindTimeout: pulumi.Float64(0),
CertificateAuthorityFile: pulumi.String("string"),
CheckOnlineInterval: pulumi.Float64(0),
CnAttribute: pulumi.String("string"),
CreateHomeDirectory: pulumi.Bool(false),
CryptPasswordAttribute: pulumi.String("string"),
EmailAttribute: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EnumerateGroups: pulumi.Bool(false),
EnumerateUsers: pulumi.Bool(false),
FindableGroups: pulumi.StringArray{
pulumi.String("string"),
},
FindableUsers: pulumi.StringArray{
pulumi.String("string"),
},
GecosAttribute: pulumi.String("string"),
GidAttribute: pulumi.String("string"),
GroupBaseDn: pulumi.String("string"),
GroupDomain: pulumi.String("string"),
GroupFilter: pulumi.String("string"),
GroupMembersAttribute: pulumi.String("string"),
GroupSearchScope: pulumi.String("string"),
Groupnet: pulumi.String("string"),
HomeDirectoryTemplate: pulumi.String("string"),
HomedirAttribute: pulumi.String("string"),
IgnoreTlsErrors: pulumi.Bool(false),
IgnoreUnresolvableServerUrls: pulumi.Bool(false),
ListableGroups: pulumi.StringArray{
pulumi.String("string"),
},
ListableUsers: pulumi.StringArray{
pulumi.String("string"),
},
LoginShell: pulumi.String("string"),
MemberLookupMethod: pulumi.String("string"),
MemberOfAttribute: pulumi.String("string"),
Name: pulumi.String("string"),
NameAttribute: pulumi.String("string"),
NetgroupBaseDn: pulumi.String("string"),
NetgroupFilter: pulumi.String("string"),
NetgroupMembersAttribute: pulumi.String("string"),
NetgroupSearchScope: pulumi.String("string"),
NetgroupTripleAttribute: pulumi.String("string"),
NormalizeGroups: pulumi.Bool(false),
NormalizeUsers: pulumi.Bool(false),
NtPasswordAttribute: pulumi.String("string"),
NtlmSupport: pulumi.String("string"),
OcspServerUris: pulumi.StringArray{
pulumi.String("string"),
},
ProviderDomain: pulumi.String("string"),
RequireSecureConnection: pulumi.Bool(false),
RestrictFindable: pulumi.Bool(false),
RestrictListable: pulumi.Bool(false),
SearchScope: pulumi.String("string"),
SearchTimeout: pulumi.Float64(0),
ShadowExpireAttribute: pulumi.String("string"),
ShadowFlagAttribute: pulumi.String("string"),
ShadowInactiveAttribute: pulumi.String("string"),
ShadowLastChangeAttribute: pulumi.String("string"),
ShadowMaxAttribute: pulumi.String("string"),
ShadowMinAttribute: pulumi.String("string"),
ShadowUserFilter: pulumi.String("string"),
ShadowWarningAttribute: pulumi.String("string"),
ShellAttribute: pulumi.String("string"),
SshPublicKeyAttribute: pulumi.String("string"),
Status: pulumi.String("string"),
System: pulumi.Bool(false),
TlsProtocolMin: pulumi.String("string"),
TlsRevocationCheckLevel: pulumi.String("string"),
UidAttribute: pulumi.String("string"),
UnfindableGroups: pulumi.StringArray{
pulumi.String("string"),
},
UnfindableUsers: pulumi.StringArray{
pulumi.String("string"),
},
UniqueGroupMembersAttribute: pulumi.String("string"),
UnlistableGroups: pulumi.StringArray{
pulumi.String("string"),
},
UnlistableUsers: pulumi.StringArray{
pulumi.String("string"),
},
UserBaseDn: pulumi.String("string"),
UserDomain: pulumi.String("string"),
UserFilter: pulumi.String("string"),
UserSearchScope: pulumi.String("string"),
})
var ldapProviderResource = new LdapProvider("ldapProviderResource", LdapProviderArgs.builder()
.baseDn("string")
.serverUris("string")
.alternateSecurityIdentitiesAttribute("string")
.authentication(false)
.balanceServers(false)
.bindDn("string")
.bindMechanism("string")
.bindTimeout(0)
.certificateAuthorityFile("string")
.checkOnlineInterval(0)
.cnAttribute("string")
.createHomeDirectory(false)
.cryptPasswordAttribute("string")
.emailAttribute("string")
.enabled(false)
.enumerateGroups(false)
.enumerateUsers(false)
.findableGroups("string")
.findableUsers("string")
.gecosAttribute("string")
.gidAttribute("string")
.groupBaseDn("string")
.groupDomain("string")
.groupFilter("string")
.groupMembersAttribute("string")
.groupSearchScope("string")
.groupnet("string")
.homeDirectoryTemplate("string")
.homedirAttribute("string")
.ignoreTlsErrors(false)
.ignoreUnresolvableServerUrls(false)
.listableGroups("string")
.listableUsers("string")
.loginShell("string")
.memberLookupMethod("string")
.memberOfAttribute("string")
.name("string")
.nameAttribute("string")
.netgroupBaseDn("string")
.netgroupFilter("string")
.netgroupMembersAttribute("string")
.netgroupSearchScope("string")
.netgroupTripleAttribute("string")
.normalizeGroups(false)
.normalizeUsers(false)
.ntPasswordAttribute("string")
.ntlmSupport("string")
.ocspServerUris("string")
.providerDomain("string")
.requireSecureConnection(false)
.restrictFindable(false)
.restrictListable(false)
.searchScope("string")
.searchTimeout(0)
.shadowExpireAttribute("string")
.shadowFlagAttribute("string")
.shadowInactiveAttribute("string")
.shadowLastChangeAttribute("string")
.shadowMaxAttribute("string")
.shadowMinAttribute("string")
.shadowUserFilter("string")
.shadowWarningAttribute("string")
.shellAttribute("string")
.sshPublicKeyAttribute("string")
.status("string")
.system(false)
.tlsProtocolMin("string")
.tlsRevocationCheckLevel("string")
.uidAttribute("string")
.unfindableGroups("string")
.unfindableUsers("string")
.uniqueGroupMembersAttribute("string")
.unlistableGroups("string")
.unlistableUsers("string")
.userBaseDn("string")
.userDomain("string")
.userFilter("string")
.userSearchScope("string")
.build());
ldap_provider_resource = powerscale.LdapProvider("ldapProviderResource",
base_dn="string",
server_uris=["string"],
alternate_security_identities_attribute="string",
authentication=False,
balance_servers=False,
bind_dn="string",
bind_mechanism="string",
bind_timeout=0,
certificate_authority_file="string",
check_online_interval=0,
cn_attribute="string",
create_home_directory=False,
crypt_password_attribute="string",
email_attribute="string",
enabled=False,
enumerate_groups=False,
enumerate_users=False,
findable_groups=["string"],
findable_users=["string"],
gecos_attribute="string",
gid_attribute="string",
group_base_dn="string",
group_domain="string",
group_filter="string",
group_members_attribute="string",
group_search_scope="string",
groupnet="string",
home_directory_template="string",
homedir_attribute="string",
ignore_tls_errors=False,
ignore_unresolvable_server_urls=False,
listable_groups=["string"],
listable_users=["string"],
login_shell="string",
member_lookup_method="string",
member_of_attribute="string",
name="string",
name_attribute="string",
netgroup_base_dn="string",
netgroup_filter="string",
netgroup_members_attribute="string",
netgroup_search_scope="string",
netgroup_triple_attribute="string",
normalize_groups=False,
normalize_users=False,
nt_password_attribute="string",
ntlm_support="string",
ocsp_server_uris=["string"],
provider_domain="string",
require_secure_connection=False,
restrict_findable=False,
restrict_listable=False,
search_scope="string",
search_timeout=0,
shadow_expire_attribute="string",
shadow_flag_attribute="string",
shadow_inactive_attribute="string",
shadow_last_change_attribute="string",
shadow_max_attribute="string",
shadow_min_attribute="string",
shadow_user_filter="string",
shadow_warning_attribute="string",
shell_attribute="string",
ssh_public_key_attribute="string",
status="string",
system=False,
tls_protocol_min="string",
tls_revocation_check_level="string",
uid_attribute="string",
unfindable_groups=["string"],
unfindable_users=["string"],
unique_group_members_attribute="string",
unlistable_groups=["string"],
unlistable_users=["string"],
user_base_dn="string",
user_domain="string",
user_filter="string",
user_search_scope="string")
const ldapProviderResource = new powerscale.LdapProvider("ldapProviderResource", {
baseDn: "string",
serverUris: ["string"],
alternateSecurityIdentitiesAttribute: "string",
authentication: false,
balanceServers: false,
bindDn: "string",
bindMechanism: "string",
bindTimeout: 0,
certificateAuthorityFile: "string",
checkOnlineInterval: 0,
cnAttribute: "string",
createHomeDirectory: false,
cryptPasswordAttribute: "string",
emailAttribute: "string",
enabled: false,
enumerateGroups: false,
enumerateUsers: false,
findableGroups: ["string"],
findableUsers: ["string"],
gecosAttribute: "string",
gidAttribute: "string",
groupBaseDn: "string",
groupDomain: "string",
groupFilter: "string",
groupMembersAttribute: "string",
groupSearchScope: "string",
groupnet: "string",
homeDirectoryTemplate: "string",
homedirAttribute: "string",
ignoreTlsErrors: false,
ignoreUnresolvableServerUrls: false,
listableGroups: ["string"],
listableUsers: ["string"],
loginShell: "string",
memberLookupMethod: "string",
memberOfAttribute: "string",
name: "string",
nameAttribute: "string",
netgroupBaseDn: "string",
netgroupFilter: "string",
netgroupMembersAttribute: "string",
netgroupSearchScope: "string",
netgroupTripleAttribute: "string",
normalizeGroups: false,
normalizeUsers: false,
ntPasswordAttribute: "string",
ntlmSupport: "string",
ocspServerUris: ["string"],
providerDomain: "string",
requireSecureConnection: false,
restrictFindable: false,
restrictListable: false,
searchScope: "string",
searchTimeout: 0,
shadowExpireAttribute: "string",
shadowFlagAttribute: "string",
shadowInactiveAttribute: "string",
shadowLastChangeAttribute: "string",
shadowMaxAttribute: "string",
shadowMinAttribute: "string",
shadowUserFilter: "string",
shadowWarningAttribute: "string",
shellAttribute: "string",
sshPublicKeyAttribute: "string",
status: "string",
system: false,
tlsProtocolMin: "string",
tlsRevocationCheckLevel: "string",
uidAttribute: "string",
unfindableGroups: ["string"],
unfindableUsers: ["string"],
uniqueGroupMembersAttribute: "string",
unlistableGroups: ["string"],
unlistableUsers: ["string"],
userBaseDn: "string",
userDomain: "string",
userFilter: "string",
userSearchScope: "string",
});
type: powerscale:LdapProvider
properties:
alternateSecurityIdentitiesAttribute: string
authentication: false
balanceServers: false
baseDn: string
bindDn: string
bindMechanism: string
bindTimeout: 0
certificateAuthorityFile: string
checkOnlineInterval: 0
cnAttribute: string
createHomeDirectory: false
cryptPasswordAttribute: string
emailAttribute: string
enabled: false
enumerateGroups: false
enumerateUsers: false
findableGroups:
- string
findableUsers:
- string
gecosAttribute: string
gidAttribute: string
groupBaseDn: string
groupDomain: string
groupFilter: string
groupMembersAttribute: string
groupSearchScope: string
groupnet: string
homeDirectoryTemplate: string
homedirAttribute: string
ignoreTlsErrors: false
ignoreUnresolvableServerUrls: false
listableGroups:
- string
listableUsers:
- string
loginShell: string
memberLookupMethod: string
memberOfAttribute: string
name: string
nameAttribute: string
netgroupBaseDn: string
netgroupFilter: string
netgroupMembersAttribute: string
netgroupSearchScope: string
netgroupTripleAttribute: string
normalizeGroups: false
normalizeUsers: false
ntPasswordAttribute: string
ntlmSupport: string
ocspServerUris:
- string
providerDomain: string
requireSecureConnection: false
restrictFindable: false
restrictListable: false
searchScope: string
searchTimeout: 0
serverUris:
- string
shadowExpireAttribute: string
shadowFlagAttribute: string
shadowInactiveAttribute: string
shadowLastChangeAttribute: string
shadowMaxAttribute: string
shadowMinAttribute: string
shadowUserFilter: string
shadowWarningAttribute: string
shellAttribute: string
sshPublicKeyAttribute: string
status: string
system: false
tlsProtocolMin: string
tlsRevocationCheckLevel: string
uidAttribute: string
unfindableGroups:
- string
unfindableUsers:
- string
uniqueGroupMembersAttribute: string
unlistableGroups:
- string
unlistableUsers:
- string
userBaseDn: string
userDomain: string
userFilter: string
userSearchScope: string
LdapProvider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The LdapProvider resource accepts the following input properties:
- Base
Dn string - Specifies the root of the tree in which to search identities.
- Server
Uris List<string> - Specifies the server URIs.
- Alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- Authentication bool
- If true, enables authentication and identity management through the authentication provider.
- Balance
Servers bool - If true, connects the provider to a random server.
- Bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- Bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- Bind
Timeout double - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- Check
Online doubleInterval - Specifies the time in seconds between provider online checks.
- Cn
Attribute string - Specifies the canonical name.
- Create
Home boolDirectory - Automatically create the home directory on the first login.
- Crypt
Password stringAttribute - Specifies the hashed password value.
- Email
Attribute string - Specifies the LDAP Email attribute.
- Enabled bool
- If true, enables the LDAP provider.
- Enumerate
Groups bool - If true, allows the provider to enumerate groups.
- Enumerate
Users bool - If true, allows the provider to enumerate users.
- Findable
Groups List<string> - Specifies the list of groups that can be resolved.
- Findable
Users List<string> - Specifies the list of users that can be resolved.
- Gecos
Attribute string - Specifies the LDAP GECOS attribute.
- Gid
Attribute string - Specifies the LDAP GID attribute.
- Group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- Group
Domain string - Specifies the domain for this provider through which groups are qualified.
- Group
Filter string - Specifies the LDAP filter for group objects.
- Group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- Group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Groupnet string
- Groupnet identifier. Cannot be updated.
- Home
Directory stringTemplate - Specifies the path to the home directory template.
- Homedir
Attribute string - Specifies the LDAP Homedir attribute.
- Ignore
Tls boolErrors - If true, continues over secure connections even if identity checks fail.
- Ignore
Unresolvable boolServer Urls - Ignore unresolvable server URIs when creating and updating.
- Listable
Groups List<string> - Specifies the groups that can be viewed in the provider.
- Listable
Users List<string> - Specifies the users that can be viewed in the provider.
- Login
Shell string - Specifies the login shell path.
- Member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- Member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- Name string
- Specifies the name of the LDAP provider.
- Name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- Netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- Netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- Netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- Netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- Normalize
Groups bool - Normalizes group names to lowercase before look up.
- Normalize
Users bool - Normalizes user names to lowercase before look up.
- Nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- Ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- Ocsp
Server List<string>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- Provider
Domain string - Specifies the provider domain.
- Require
Secure boolConnection - Determines whether to continue over a non-TLS connection.
- Restrict
Findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- Restrict
Listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- Search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- Search
Timeout double - Specifies the search timeout period in seconds.
- Shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- Shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- Shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- Shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- Shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- Shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- Shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- Shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- Shell
Attribute string - Specifies the LDAP Shell attribute.
- Ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- Status string
- Specifies the status of the provider.
- System bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- Tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- Tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- Uid
Attribute string - Specifies the LDAP UID Number attribute.
- Unfindable
Groups List<string> - Specifies the groups that cannot be resolved by the provider.
- Unfindable
Users List<string> - Specifies users that cannot be resolved by the provider.
- Unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- Unlistable
Groups List<string> - Specifies a group that cannot be listed by the provider.
- Unlistable
Users List<string> - Specifies a user that cannot be listed by the provider.
- User
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- User
Domain string - Specifies the domain for this provider through which users are qualified.
- User
Filter string - Specifies the LDAP filter for user objects.
- User
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Base
Dn string - Specifies the root of the tree in which to search identities.
- Server
Uris []string - Specifies the server URIs.
- Alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- Authentication bool
- If true, enables authentication and identity management through the authentication provider.
- Balance
Servers bool - If true, connects the provider to a random server.
- Bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- Bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- Bind
Timeout float64 - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- Check
Online float64Interval - Specifies the time in seconds between provider online checks.
- Cn
Attribute string - Specifies the canonical name.
- Create
Home boolDirectory - Automatically create the home directory on the first login.
- Crypt
Password stringAttribute - Specifies the hashed password value.
- Email
Attribute string - Specifies the LDAP Email attribute.
- Enabled bool
- If true, enables the LDAP provider.
- Enumerate
Groups bool - If true, allows the provider to enumerate groups.
- Enumerate
Users bool - If true, allows the provider to enumerate users.
- Findable
Groups []string - Specifies the list of groups that can be resolved.
- Findable
Users []string - Specifies the list of users that can be resolved.
- Gecos
Attribute string - Specifies the LDAP GECOS attribute.
- Gid
Attribute string - Specifies the LDAP GID attribute.
- Group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- Group
Domain string - Specifies the domain for this provider through which groups are qualified.
- Group
Filter string - Specifies the LDAP filter for group objects.
- Group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- Group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Groupnet string
- Groupnet identifier. Cannot be updated.
- Home
Directory stringTemplate - Specifies the path to the home directory template.
- Homedir
Attribute string - Specifies the LDAP Homedir attribute.
- Ignore
Tls boolErrors - If true, continues over secure connections even if identity checks fail.
- Ignore
Unresolvable boolServer Urls - Ignore unresolvable server URIs when creating and updating.
- Listable
Groups []string - Specifies the groups that can be viewed in the provider.
- Listable
Users []string - Specifies the users that can be viewed in the provider.
- Login
Shell string - Specifies the login shell path.
- Member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- Member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- Name string
- Specifies the name of the LDAP provider.
- Name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- Netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- Netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- Netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- Netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- Normalize
Groups bool - Normalizes group names to lowercase before look up.
- Normalize
Users bool - Normalizes user names to lowercase before look up.
- Nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- Ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- Ocsp
Server []stringUris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- Provider
Domain string - Specifies the provider domain.
- Require
Secure boolConnection - Determines whether to continue over a non-TLS connection.
- Restrict
Findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- Restrict
Listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- Search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- Search
Timeout float64 - Specifies the search timeout period in seconds.
- Shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- Shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- Shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- Shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- Shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- Shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- Shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- Shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- Shell
Attribute string - Specifies the LDAP Shell attribute.
- Ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- Status string
- Specifies the status of the provider.
- System bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- Tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- Tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- Uid
Attribute string - Specifies the LDAP UID Number attribute.
- Unfindable
Groups []string - Specifies the groups that cannot be resolved by the provider.
- Unfindable
Users []string - Specifies users that cannot be resolved by the provider.
- Unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- Unlistable
Groups []string - Specifies a group that cannot be listed by the provider.
- Unlistable
Users []string - Specifies a user that cannot be listed by the provider.
- User
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- User
Domain string - Specifies the domain for this provider through which users are qualified.
- User
Filter string - Specifies the LDAP filter for user objects.
- User
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- base
Dn String - Specifies the root of the tree in which to search identities.
- server
Uris List<String> - Specifies the server URIs.
- alternate
Security StringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication Boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers Boolean - If true, connects the provider to a random server.
- bind
Dn String - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism String - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout Double - Specifies the timeout in seconds when binding to an LDAP server.
- String
- Specifies the path to the root certificates file.
- check
Online DoubleInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute String - Specifies the canonical name.
- create
Home BooleanDirectory - Automatically create the home directory on the first login.
- crypt
Password StringAttribute - Specifies the hashed password value.
- email
Attribute String - Specifies the LDAP Email attribute.
- enabled Boolean
- If true, enables the LDAP provider.
- enumerate
Groups Boolean - If true, allows the provider to enumerate groups.
- enumerate
Users Boolean - If true, allows the provider to enumerate users.
- findable
Groups List<String> - Specifies the list of groups that can be resolved.
- findable
Users List<String> - Specifies the list of users that can be resolved.
- gecos
Attribute String - Specifies the LDAP GECOS attribute.
- gid
Attribute String - Specifies the LDAP GID attribute.
- group
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain String - Specifies the domain for this provider through which groups are qualified.
- group
Filter String - Specifies the LDAP filter for group objects.
- group
Members StringAttribute - Specifies the LDAP Group Members attribute.
- group
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet String
- Groupnet identifier. Cannot be updated.
- home
Directory StringTemplate - Specifies the path to the home directory template.
- homedir
Attribute String - Specifies the LDAP Homedir attribute.
- ignore
Tls BooleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable BooleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups List<String> - Specifies the groups that can be viewed in the provider.
- listable
Users List<String> - Specifies the users that can be viewed in the provider.
- login
Shell String - Specifies the login shell path.
- member
Lookup StringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of StringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name String
- Specifies the name of the LDAP provider.
- name
Attribute String - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter String - Specifies the LDAP filter for netgroup objects.
- netgroup
Members StringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple StringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups Boolean - Normalizes group names to lowercase before look up.
- normalize
Users Boolean - Normalizes user names to lowercase before look up.
- nt
Password StringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support String - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server List<String>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain String - Specifies the provider domain.
- require
Secure BooleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable Boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable Boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope String - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout Double - Specifies the search timeout period in seconds.
- shadow
Expire StringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag StringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive StringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last StringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max StringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min StringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User StringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning StringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute String - Specifies the LDAP Shell attribute.
- ssh
Public StringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status String
- Specifies the status of the provider.
- system Boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol StringMin - Specifies the minimum TLS protocol version.
- tls
Revocation StringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute String - Specifies the LDAP UID Number attribute.
- unfindable
Groups List<String> - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users List<String> - Specifies users that cannot be resolved by the provider.
- unique
Group StringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups List<String> - Specifies a group that cannot be listed by the provider.
- unlistable
Users List<String> - Specifies a user that cannot be listed by the provider.
- user
Base StringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain String - Specifies the domain for this provider through which users are qualified.
- user
Filter String - Specifies the LDAP filter for user objects.
- user
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- base
Dn string - Specifies the root of the tree in which to search identities.
- server
Uris string[] - Specifies the server URIs.
- alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers boolean - If true, connects the provider to a random server.
- bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout number - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- check
Online numberInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute string - Specifies the canonical name.
- create
Home booleanDirectory - Automatically create the home directory on the first login.
- crypt
Password stringAttribute - Specifies the hashed password value.
- email
Attribute string - Specifies the LDAP Email attribute.
- enabled boolean
- If true, enables the LDAP provider.
- enumerate
Groups boolean - If true, allows the provider to enumerate groups.
- enumerate
Users boolean - If true, allows the provider to enumerate users.
- findable
Groups string[] - Specifies the list of groups that can be resolved.
- findable
Users string[] - Specifies the list of users that can be resolved.
- gecos
Attribute string - Specifies the LDAP GECOS attribute.
- gid
Attribute string - Specifies the LDAP GID attribute.
- group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain string - Specifies the domain for this provider through which groups are qualified.
- group
Filter string - Specifies the LDAP filter for group objects.
- group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet string
- Groupnet identifier. Cannot be updated.
- home
Directory stringTemplate - Specifies the path to the home directory template.
- homedir
Attribute string - Specifies the LDAP Homedir attribute.
- ignore
Tls booleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable booleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups string[] - Specifies the groups that can be viewed in the provider.
- listable
Users string[] - Specifies the users that can be viewed in the provider.
- login
Shell string - Specifies the login shell path.
- member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name string
- Specifies the name of the LDAP provider.
- name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups boolean - Normalizes group names to lowercase before look up.
- normalize
Users boolean - Normalizes user names to lowercase before look up.
- nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server string[]Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain string - Specifies the provider domain.
- require
Secure booleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout number - Specifies the search timeout period in seconds.
- shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute string - Specifies the LDAP Shell attribute.
- ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status string
- Specifies the status of the provider.
- system boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute string - Specifies the LDAP UID Number attribute.
- unfindable
Groups string[] - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users string[] - Specifies users that cannot be resolved by the provider.
- unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups string[] - Specifies a group that cannot be listed by the provider.
- unlistable
Users string[] - Specifies a user that cannot be listed by the provider.
- user
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain string - Specifies the domain for this provider through which users are qualified.
- user
Filter string - Specifies the LDAP filter for user objects.
- user
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- base_
dn str - Specifies the root of the tree in which to search identities.
- server_
uris Sequence[str] - Specifies the server URIs.
- alternate_
security_ stridentities_ attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication bool
- If true, enables authentication and identity management through the authentication provider.
- balance_
servers bool - If true, connects the provider to a random server.
- bind_
dn str - Specifies the distinguished name for binding to the LDAP server.
- bind_
mechanism str - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind_
timeout float - Specifies the timeout in seconds when binding to an LDAP server.
- str
- Specifies the path to the root certificates file.
- check_
online_ floatinterval - Specifies the time in seconds between provider online checks.
- cn_
attribute str - Specifies the canonical name.
- create_
home_ booldirectory - Automatically create the home directory on the first login.
- crypt_
password_ strattribute - Specifies the hashed password value.
- email_
attribute str - Specifies the LDAP Email attribute.
- enabled bool
- If true, enables the LDAP provider.
- enumerate_
groups bool - If true, allows the provider to enumerate groups.
- enumerate_
users bool - If true, allows the provider to enumerate users.
- findable_
groups Sequence[str] - Specifies the list of groups that can be resolved.
- findable_
users Sequence[str] - Specifies the list of users that can be resolved.
- gecos_
attribute str - Specifies the LDAP GECOS attribute.
- gid_
attribute str - Specifies the LDAP GID attribute.
- group_
base_ strdn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group_
domain str - Specifies the domain for this provider through which groups are qualified.
- group_
filter str - Specifies the LDAP filter for group objects.
- group_
members_ strattribute - Specifies the LDAP Group Members attribute.
- group_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet str
- Groupnet identifier. Cannot be updated.
- home_
directory_ strtemplate - Specifies the path to the home directory template.
- homedir_
attribute str - Specifies the LDAP Homedir attribute.
- ignore_
tls_ boolerrors - If true, continues over secure connections even if identity checks fail.
- ignore_
unresolvable_ boolserver_ urls - Ignore unresolvable server URIs when creating and updating.
- listable_
groups Sequence[str] - Specifies the groups that can be viewed in the provider.
- listable_
users Sequence[str] - Specifies the users that can be viewed in the provider.
- login_
shell str - Specifies the login shell path.
- member_
lookup_ strmethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member_
of_ strattribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name str
- Specifies the name of the LDAP provider.
- name_
attribute str - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup_
base_ strdn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup_
filter str - Specifies the LDAP filter for netgroup objects.
- netgroup_
members_ strattribute - Specifies the LDAP Netgroup Members attribute.
- netgroup_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup_
triple_ strattribute - Specifies the LDAP Netgroup Triple attribute.
- normalize_
groups bool - Normalizes group names to lowercase before look up.
- normalize_
users bool - Normalizes user names to lowercase before look up.
- nt_
password_ strattribute - Specifies the LDAP NT Password attribute.
- ntlm_
support str - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp_
server_ Sequence[str]uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider_
domain str - Specifies the provider domain.
- require_
secure_ boolconnection - Determines whether to continue over a non-TLS connection.
- restrict_
findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict_
listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search_
scope str - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search_
timeout float - Specifies the search timeout period in seconds.
- shadow_
expire_ strattribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow_
flag_ strattribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow_
inactive_ strattribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow_
last_ strchange_ attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow_
max_ strattribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow_
min_ strattribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow_
user_ strfilter - Sets LDAP filter for shadow user objects.
- shadow_
warning_ strattribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell_
attribute str - Specifies the LDAP Shell attribute.
- ssh_
public_ strkey_ attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status str
- Specifies the status of the provider.
- system bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls_
protocol_ strmin - Specifies the minimum TLS protocol version.
- tls_
revocation_ strcheck_ level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid_
attribute str - Specifies the LDAP UID Number attribute.
- unfindable_
groups Sequence[str] - Specifies the groups that cannot be resolved by the provider.
- unfindable_
users Sequence[str] - Specifies users that cannot be resolved by the provider.
- unique_
group_ strmembers_ attribute - Sets the LDAP Unique Group Members attribute.
- unlistable_
groups Sequence[str] - Specifies a group that cannot be listed by the provider.
- unlistable_
users Sequence[str] - Specifies a user that cannot be listed by the provider.
- user_
base_ strdn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user_
domain str - Specifies the domain for this provider through which users are qualified.
- user_
filter str - Specifies the LDAP filter for user objects.
- user_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- base
Dn String - Specifies the root of the tree in which to search identities.
- server
Uris List<String> - Specifies the server URIs.
- alternate
Security StringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication Boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers Boolean - If true, connects the provider to a random server.
- bind
Dn String - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism String - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout Number - Specifies the timeout in seconds when binding to an LDAP server.
- String
- Specifies the path to the root certificates file.
- check
Online NumberInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute String - Specifies the canonical name.
- create
Home BooleanDirectory - Automatically create the home directory on the first login.
- crypt
Password StringAttribute - Specifies the hashed password value.
- email
Attribute String - Specifies the LDAP Email attribute.
- enabled Boolean
- If true, enables the LDAP provider.
- enumerate
Groups Boolean - If true, allows the provider to enumerate groups.
- enumerate
Users Boolean - If true, allows the provider to enumerate users.
- findable
Groups List<String> - Specifies the list of groups that can be resolved.
- findable
Users List<String> - Specifies the list of users that can be resolved.
- gecos
Attribute String - Specifies the LDAP GECOS attribute.
- gid
Attribute String - Specifies the LDAP GID attribute.
- group
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain String - Specifies the domain for this provider through which groups are qualified.
- group
Filter String - Specifies the LDAP filter for group objects.
- group
Members StringAttribute - Specifies the LDAP Group Members attribute.
- group
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet String
- Groupnet identifier. Cannot be updated.
- home
Directory StringTemplate - Specifies the path to the home directory template.
- homedir
Attribute String - Specifies the LDAP Homedir attribute.
- ignore
Tls BooleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable BooleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups List<String> - Specifies the groups that can be viewed in the provider.
- listable
Users List<String> - Specifies the users that can be viewed in the provider.
- login
Shell String - Specifies the login shell path.
- member
Lookup StringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of StringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name String
- Specifies the name of the LDAP provider.
- name
Attribute String - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter String - Specifies the LDAP filter for netgroup objects.
- netgroup
Members StringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple StringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups Boolean - Normalizes group names to lowercase before look up.
- normalize
Users Boolean - Normalizes user names to lowercase before look up.
- nt
Password StringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support String - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server List<String>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain String - Specifies the provider domain.
- require
Secure BooleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable Boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable Boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope String - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout Number - Specifies the search timeout period in seconds.
- shadow
Expire StringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag StringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive StringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last StringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max StringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min StringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User StringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning StringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute String - Specifies the LDAP Shell attribute.
- ssh
Public StringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status String
- Specifies the status of the provider.
- system Boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol StringMin - Specifies the minimum TLS protocol version.
- tls
Revocation StringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute String - Specifies the LDAP UID Number attribute.
- unfindable
Groups List<String> - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users List<String> - Specifies users that cannot be resolved by the provider.
- unique
Group StringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups List<String> - Specifies a group that cannot be listed by the provider.
- unlistable
Users List<String> - Specifies a user that cannot be listed by the provider.
- user
Base StringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain String - Specifies the domain for this provider through which users are qualified.
- user
Filter String - Specifies the LDAP filter for user objects.
- user
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
Outputs
All input properties are implicitly available as output properties. Additionally, the LdapProvider resource produces the following output properties:
Look up Existing LdapProvider Resource
Get an existing LdapProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LdapProviderState, opts?: CustomResourceOptions): LdapProvider@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alternate_security_identities_attribute: Optional[str] = None,
authentication: Optional[bool] = None,
balance_servers: Optional[bool] = None,
base_dn: Optional[str] = None,
bind_dn: Optional[str] = None,
bind_mechanism: Optional[str] = None,
bind_timeout: Optional[float] = None,
certificate_authority_file: Optional[str] = None,
check_online_interval: Optional[float] = None,
cn_attribute: Optional[str] = None,
create_home_directory: Optional[bool] = None,
crypt_password_attribute: Optional[str] = None,
email_attribute: Optional[str] = None,
enabled: Optional[bool] = None,
enumerate_groups: Optional[bool] = None,
enumerate_users: Optional[bool] = None,
findable_groups: Optional[Sequence[str]] = None,
findable_users: Optional[Sequence[str]] = None,
gecos_attribute: Optional[str] = None,
gid_attribute: Optional[str] = None,
group_base_dn: Optional[str] = None,
group_domain: Optional[str] = None,
group_filter: Optional[str] = None,
group_members_attribute: Optional[str] = None,
group_search_scope: Optional[str] = None,
groupnet: Optional[str] = None,
home_directory_template: Optional[str] = None,
homedir_attribute: Optional[str] = None,
ignore_tls_errors: Optional[bool] = None,
ignore_unresolvable_server_urls: Optional[bool] = None,
listable_groups: Optional[Sequence[str]] = None,
listable_users: Optional[Sequence[str]] = None,
login_shell: Optional[str] = None,
member_lookup_method: Optional[str] = None,
member_of_attribute: Optional[str] = None,
name: Optional[str] = None,
name_attribute: Optional[str] = None,
netgroup_base_dn: Optional[str] = None,
netgroup_filter: Optional[str] = None,
netgroup_members_attribute: Optional[str] = None,
netgroup_search_scope: Optional[str] = None,
netgroup_triple_attribute: Optional[str] = None,
normalize_groups: Optional[bool] = None,
normalize_users: Optional[bool] = None,
nt_password_attribute: Optional[str] = None,
ntlm_support: Optional[str] = None,
ocsp_server_uris: Optional[Sequence[str]] = None,
provider_domain: Optional[str] = None,
require_secure_connection: Optional[bool] = None,
restrict_findable: Optional[bool] = None,
restrict_listable: Optional[bool] = None,
search_scope: Optional[str] = None,
search_timeout: Optional[float] = None,
server_uris: Optional[Sequence[str]] = None,
shadow_expire_attribute: Optional[str] = None,
shadow_flag_attribute: Optional[str] = None,
shadow_inactive_attribute: Optional[str] = None,
shadow_last_change_attribute: Optional[str] = None,
shadow_max_attribute: Optional[str] = None,
shadow_min_attribute: Optional[str] = None,
shadow_user_filter: Optional[str] = None,
shadow_warning_attribute: Optional[str] = None,
shell_attribute: Optional[str] = None,
ssh_public_key_attribute: Optional[str] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
tls_protocol_min: Optional[str] = None,
tls_revocation_check_level: Optional[str] = None,
uid_attribute: Optional[str] = None,
unfindable_groups: Optional[Sequence[str]] = None,
unfindable_users: Optional[Sequence[str]] = None,
unique_group_members_attribute: Optional[str] = None,
unlistable_groups: Optional[Sequence[str]] = None,
unlistable_users: Optional[Sequence[str]] = None,
user_base_dn: Optional[str] = None,
user_domain: Optional[str] = None,
user_filter: Optional[str] = None,
user_search_scope: Optional[str] = None,
zone_name: Optional[str] = None) -> LdapProviderfunc GetLdapProvider(ctx *Context, name string, id IDInput, state *LdapProviderState, opts ...ResourceOption) (*LdapProvider, error)public static LdapProvider Get(string name, Input<string> id, LdapProviderState? state, CustomResourceOptions? opts = null)public static LdapProvider get(String name, Output<String> id, LdapProviderState state, CustomResourceOptions options)resources: _: type: powerscale:LdapProvider get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- Authentication bool
- If true, enables authentication and identity management through the authentication provider.
- Balance
Servers bool - If true, connects the provider to a random server.
- Base
Dn string - Specifies the root of the tree in which to search identities.
- Bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- Bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- Bind
Timeout double - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- Check
Online doubleInterval - Specifies the time in seconds between provider online checks.
- Cn
Attribute string - Specifies the canonical name.
- Create
Home boolDirectory - Automatically create the home directory on the first login.
- Crypt
Password stringAttribute - Specifies the hashed password value.
- Email
Attribute string - Specifies the LDAP Email attribute.
- Enabled bool
- If true, enables the LDAP provider.
- Enumerate
Groups bool - If true, allows the provider to enumerate groups.
- Enumerate
Users bool - If true, allows the provider to enumerate users.
- Findable
Groups List<string> - Specifies the list of groups that can be resolved.
- Findable
Users List<string> - Specifies the list of users that can be resolved.
- Gecos
Attribute string - Specifies the LDAP GECOS attribute.
- Gid
Attribute string - Specifies the LDAP GID attribute.
- Group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- Group
Domain string - Specifies the domain for this provider through which groups are qualified.
- Group
Filter string - Specifies the LDAP filter for group objects.
- Group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- Group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Groupnet string
- Groupnet identifier. Cannot be updated.
- Home
Directory stringTemplate - Specifies the path to the home directory template.
- Homedir
Attribute string - Specifies the LDAP Homedir attribute.
- Ignore
Tls boolErrors - If true, continues over secure connections even if identity checks fail.
- Ignore
Unresolvable boolServer Urls - Ignore unresolvable server URIs when creating and updating.
- Listable
Groups List<string> - Specifies the groups that can be viewed in the provider.
- Listable
Users List<string> - Specifies the users that can be viewed in the provider.
- Login
Shell string - Specifies the login shell path.
- Member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- Member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- Name string
- Specifies the name of the LDAP provider.
- Name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- Netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- Netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- Netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- Netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- Normalize
Groups bool - Normalizes group names to lowercase before look up.
- Normalize
Users bool - Normalizes user names to lowercase before look up.
- Nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- Ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- Ocsp
Server List<string>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- Provider
Domain string - Specifies the provider domain.
- Require
Secure boolConnection - Determines whether to continue over a non-TLS connection.
- Restrict
Findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- Restrict
Listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- Search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- Search
Timeout double - Specifies the search timeout period in seconds.
- Server
Uris List<string> - Specifies the server URIs.
- Shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- Shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- Shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- Shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- Shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- Shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- Shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- Shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- Shell
Attribute string - Specifies the LDAP Shell attribute.
- Ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- Status string
- Specifies the status of the provider.
- System bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- Tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- Tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- Uid
Attribute string - Specifies the LDAP UID Number attribute.
- Unfindable
Groups List<string> - Specifies the groups that cannot be resolved by the provider.
- Unfindable
Users List<string> - Specifies users that cannot be resolved by the provider.
- Unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- Unlistable
Groups List<string> - Specifies a group that cannot be listed by the provider.
- Unlistable
Users List<string> - Specifies a user that cannot be listed by the provider.
- User
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- User
Domain string - Specifies the domain for this provider through which users are qualified.
- User
Filter string - Specifies the LDAP filter for user objects.
- User
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Zone
Name string - Specifies the name of the access zone in which this provider was created.
- Alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- Authentication bool
- If true, enables authentication and identity management through the authentication provider.
- Balance
Servers bool - If true, connects the provider to a random server.
- Base
Dn string - Specifies the root of the tree in which to search identities.
- Bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- Bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- Bind
Timeout float64 - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- Check
Online float64Interval - Specifies the time in seconds between provider online checks.
- Cn
Attribute string - Specifies the canonical name.
- Create
Home boolDirectory - Automatically create the home directory on the first login.
- Crypt
Password stringAttribute - Specifies the hashed password value.
- Email
Attribute string - Specifies the LDAP Email attribute.
- Enabled bool
- If true, enables the LDAP provider.
- Enumerate
Groups bool - If true, allows the provider to enumerate groups.
- Enumerate
Users bool - If true, allows the provider to enumerate users.
- Findable
Groups []string - Specifies the list of groups that can be resolved.
- Findable
Users []string - Specifies the list of users that can be resolved.
- Gecos
Attribute string - Specifies the LDAP GECOS attribute.
- Gid
Attribute string - Specifies the LDAP GID attribute.
- Group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- Group
Domain string - Specifies the domain for this provider through which groups are qualified.
- Group
Filter string - Specifies the LDAP filter for group objects.
- Group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- Group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Groupnet string
- Groupnet identifier. Cannot be updated.
- Home
Directory stringTemplate - Specifies the path to the home directory template.
- Homedir
Attribute string - Specifies the LDAP Homedir attribute.
- Ignore
Tls boolErrors - If true, continues over secure connections even if identity checks fail.
- Ignore
Unresolvable boolServer Urls - Ignore unresolvable server URIs when creating and updating.
- Listable
Groups []string - Specifies the groups that can be viewed in the provider.
- Listable
Users []string - Specifies the users that can be viewed in the provider.
- Login
Shell string - Specifies the login shell path.
- Member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- Member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- Name string
- Specifies the name of the LDAP provider.
- Name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- Netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- Netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- Netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- Netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- Normalize
Groups bool - Normalizes group names to lowercase before look up.
- Normalize
Users bool - Normalizes user names to lowercase before look up.
- Nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- Ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- Ocsp
Server []stringUris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- Provider
Domain string - Specifies the provider domain.
- Require
Secure boolConnection - Determines whether to continue over a non-TLS connection.
- Restrict
Findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- Restrict
Listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- Search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- Search
Timeout float64 - Specifies the search timeout period in seconds.
- Server
Uris []string - Specifies the server URIs.
- Shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- Shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- Shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- Shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- Shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- Shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- Shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- Shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- Shell
Attribute string - Specifies the LDAP Shell attribute.
- Ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- Status string
- Specifies the status of the provider.
- System bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- Tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- Tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- Uid
Attribute string - Specifies the LDAP UID Number attribute.
- Unfindable
Groups []string - Specifies the groups that cannot be resolved by the provider.
- Unfindable
Users []string - Specifies users that cannot be resolved by the provider.
- Unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- Unlistable
Groups []string - Specifies a group that cannot be listed by the provider.
- Unlistable
Users []string - Specifies a user that cannot be listed by the provider.
- User
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- User
Domain string - Specifies the domain for this provider through which users are qualified.
- User
Filter string - Specifies the LDAP filter for user objects.
- User
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- Zone
Name string - Specifies the name of the access zone in which this provider was created.
- alternate
Security StringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication Boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers Boolean - If true, connects the provider to a random server.
- base
Dn String - Specifies the root of the tree in which to search identities.
- bind
Dn String - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism String - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout Double - Specifies the timeout in seconds when binding to an LDAP server.
- String
- Specifies the path to the root certificates file.
- check
Online DoubleInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute String - Specifies the canonical name.
- create
Home BooleanDirectory - Automatically create the home directory on the first login.
- crypt
Password StringAttribute - Specifies the hashed password value.
- email
Attribute String - Specifies the LDAP Email attribute.
- enabled Boolean
- If true, enables the LDAP provider.
- enumerate
Groups Boolean - If true, allows the provider to enumerate groups.
- enumerate
Users Boolean - If true, allows the provider to enumerate users.
- findable
Groups List<String> - Specifies the list of groups that can be resolved.
- findable
Users List<String> - Specifies the list of users that can be resolved.
- gecos
Attribute String - Specifies the LDAP GECOS attribute.
- gid
Attribute String - Specifies the LDAP GID attribute.
- group
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain String - Specifies the domain for this provider through which groups are qualified.
- group
Filter String - Specifies the LDAP filter for group objects.
- group
Members StringAttribute - Specifies the LDAP Group Members attribute.
- group
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet String
- Groupnet identifier. Cannot be updated.
- home
Directory StringTemplate - Specifies the path to the home directory template.
- homedir
Attribute String - Specifies the LDAP Homedir attribute.
- ignore
Tls BooleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable BooleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups List<String> - Specifies the groups that can be viewed in the provider.
- listable
Users List<String> - Specifies the users that can be viewed in the provider.
- login
Shell String - Specifies the login shell path.
- member
Lookup StringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of StringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name String
- Specifies the name of the LDAP provider.
- name
Attribute String - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter String - Specifies the LDAP filter for netgroup objects.
- netgroup
Members StringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple StringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups Boolean - Normalizes group names to lowercase before look up.
- normalize
Users Boolean - Normalizes user names to lowercase before look up.
- nt
Password StringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support String - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server List<String>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain String - Specifies the provider domain.
- require
Secure BooleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable Boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable Boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope String - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout Double - Specifies the search timeout period in seconds.
- server
Uris List<String> - Specifies the server URIs.
- shadow
Expire StringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag StringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive StringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last StringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max StringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min StringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User StringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning StringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute String - Specifies the LDAP Shell attribute.
- ssh
Public StringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status String
- Specifies the status of the provider.
- system Boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol StringMin - Specifies the minimum TLS protocol version.
- tls
Revocation StringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute String - Specifies the LDAP UID Number attribute.
- unfindable
Groups List<String> - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users List<String> - Specifies users that cannot be resolved by the provider.
- unique
Group StringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups List<String> - Specifies a group that cannot be listed by the provider.
- unlistable
Users List<String> - Specifies a user that cannot be listed by the provider.
- user
Base StringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain String - Specifies the domain for this provider through which users are qualified.
- user
Filter String - Specifies the LDAP filter for user objects.
- user
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- zone
Name String - Specifies the name of the access zone in which this provider was created.
- alternate
Security stringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers boolean - If true, connects the provider to a random server.
- base
Dn string - Specifies the root of the tree in which to search identities.
- bind
Dn string - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism string - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout number - Specifies the timeout in seconds when binding to an LDAP server.
- string
- Specifies the path to the root certificates file.
- check
Online numberInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute string - Specifies the canonical name.
- create
Home booleanDirectory - Automatically create the home directory on the first login.
- crypt
Password stringAttribute - Specifies the hashed password value.
- email
Attribute string - Specifies the LDAP Email attribute.
- enabled boolean
- If true, enables the LDAP provider.
- enumerate
Groups boolean - If true, allows the provider to enumerate groups.
- enumerate
Users boolean - If true, allows the provider to enumerate users.
- findable
Groups string[] - Specifies the list of groups that can be resolved.
- findable
Users string[] - Specifies the list of users that can be resolved.
- gecos
Attribute string - Specifies the LDAP GECOS attribute.
- gid
Attribute string - Specifies the LDAP GID attribute.
- group
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain string - Specifies the domain for this provider through which groups are qualified.
- group
Filter string - Specifies the LDAP filter for group objects.
- group
Members stringAttribute - Specifies the LDAP Group Members attribute.
- group
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet string
- Groupnet identifier. Cannot be updated.
- home
Directory stringTemplate - Specifies the path to the home directory template.
- homedir
Attribute string - Specifies the LDAP Homedir attribute.
- ignore
Tls booleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable booleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups string[] - Specifies the groups that can be viewed in the provider.
- listable
Users string[] - Specifies the users that can be viewed in the provider.
- login
Shell string - Specifies the login shell path.
- member
Lookup stringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of stringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name string
- Specifies the name of the LDAP provider.
- name
Attribute string - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base stringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter string - Specifies the LDAP filter for netgroup objects.
- netgroup
Members stringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple stringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups boolean - Normalizes group names to lowercase before look up.
- normalize
Users boolean - Normalizes user names to lowercase before look up.
- nt
Password stringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support string - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server string[]Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain string - Specifies the provider domain.
- require
Secure booleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope string - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout number - Specifies the search timeout period in seconds.
- server
Uris string[] - Specifies the server URIs.
- shadow
Expire stringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag stringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive stringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last stringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max stringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min stringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User stringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning stringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute string - Specifies the LDAP Shell attribute.
- ssh
Public stringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status string
- Specifies the status of the provider.
- system boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol stringMin - Specifies the minimum TLS protocol version.
- tls
Revocation stringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute string - Specifies the LDAP UID Number attribute.
- unfindable
Groups string[] - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users string[] - Specifies users that cannot be resolved by the provider.
- unique
Group stringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups string[] - Specifies a group that cannot be listed by the provider.
- unlistable
Users string[] - Specifies a user that cannot be listed by the provider.
- user
Base stringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain string - Specifies the domain for this provider through which users are qualified.
- user
Filter string - Specifies the LDAP filter for user objects.
- user
Search stringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- zone
Name string - Specifies the name of the access zone in which this provider was created.
- alternate_
security_ stridentities_ attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication bool
- If true, enables authentication and identity management through the authentication provider.
- balance_
servers bool - If true, connects the provider to a random server.
- base_
dn str - Specifies the root of the tree in which to search identities.
- bind_
dn str - Specifies the distinguished name for binding to the LDAP server.
- bind_
mechanism str - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind_
timeout float - Specifies the timeout in seconds when binding to an LDAP server.
- str
- Specifies the path to the root certificates file.
- check_
online_ floatinterval - Specifies the time in seconds between provider online checks.
- cn_
attribute str - Specifies the canonical name.
- create_
home_ booldirectory - Automatically create the home directory on the first login.
- crypt_
password_ strattribute - Specifies the hashed password value.
- email_
attribute str - Specifies the LDAP Email attribute.
- enabled bool
- If true, enables the LDAP provider.
- enumerate_
groups bool - If true, allows the provider to enumerate groups.
- enumerate_
users bool - If true, allows the provider to enumerate users.
- findable_
groups Sequence[str] - Specifies the list of groups that can be resolved.
- findable_
users Sequence[str] - Specifies the list of users that can be resolved.
- gecos_
attribute str - Specifies the LDAP GECOS attribute.
- gid_
attribute str - Specifies the LDAP GID attribute.
- group_
base_ strdn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group_
domain str - Specifies the domain for this provider through which groups are qualified.
- group_
filter str - Specifies the LDAP filter for group objects.
- group_
members_ strattribute - Specifies the LDAP Group Members attribute.
- group_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet str
- Groupnet identifier. Cannot be updated.
- home_
directory_ strtemplate - Specifies the path to the home directory template.
- homedir_
attribute str - Specifies the LDAP Homedir attribute.
- ignore_
tls_ boolerrors - If true, continues over secure connections even if identity checks fail.
- ignore_
unresolvable_ boolserver_ urls - Ignore unresolvable server URIs when creating and updating.
- listable_
groups Sequence[str] - Specifies the groups that can be viewed in the provider.
- listable_
users Sequence[str] - Specifies the users that can be viewed in the provider.
- login_
shell str - Specifies the login shell path.
- member_
lookup_ strmethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member_
of_ strattribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name str
- Specifies the name of the LDAP provider.
- name_
attribute str - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup_
base_ strdn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup_
filter str - Specifies the LDAP filter for netgroup objects.
- netgroup_
members_ strattribute - Specifies the LDAP Netgroup Members attribute.
- netgroup_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup_
triple_ strattribute - Specifies the LDAP Netgroup Triple attribute.
- normalize_
groups bool - Normalizes group names to lowercase before look up.
- normalize_
users bool - Normalizes user names to lowercase before look up.
- nt_
password_ strattribute - Specifies the LDAP NT Password attribute.
- ntlm_
support str - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp_
server_ Sequence[str]uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider_
domain str - Specifies the provider domain.
- require_
secure_ boolconnection - Determines whether to continue over a non-TLS connection.
- restrict_
findable bool - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict_
listable bool - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search_
scope str - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search_
timeout float - Specifies the search timeout period in seconds.
- server_
uris Sequence[str] - Specifies the server URIs.
- shadow_
expire_ strattribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow_
flag_ strattribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow_
inactive_ strattribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow_
last_ strchange_ attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow_
max_ strattribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow_
min_ strattribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow_
user_ strfilter - Sets LDAP filter for shadow user objects.
- shadow_
warning_ strattribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell_
attribute str - Specifies the LDAP Shell attribute.
- ssh_
public_ strkey_ attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status str
- Specifies the status of the provider.
- system bool
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls_
protocol_ strmin - Specifies the minimum TLS protocol version.
- tls_
revocation_ strcheck_ level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid_
attribute str - Specifies the LDAP UID Number attribute.
- unfindable_
groups Sequence[str] - Specifies the groups that cannot be resolved by the provider.
- unfindable_
users Sequence[str] - Specifies users that cannot be resolved by the provider.
- unique_
group_ strmembers_ attribute - Sets the LDAP Unique Group Members attribute.
- unlistable_
groups Sequence[str] - Specifies a group that cannot be listed by the provider.
- unlistable_
users Sequence[str] - Specifies a user that cannot be listed by the provider.
- user_
base_ strdn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user_
domain str - Specifies the domain for this provider through which users are qualified.
- user_
filter str - Specifies the LDAP filter for user objects.
- user_
search_ strscope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- zone_
name str - Specifies the name of the access zone in which this provider was created.
- alternate
Security StringIdentities Attribute - Specifies the attribute name used when searching for alternate security identities.
- authentication Boolean
- If true, enables authentication and identity management through the authentication provider.
- balance
Servers Boolean - If true, connects the provider to a random server.
- base
Dn String - Specifies the root of the tree in which to search identities.
- bind
Dn String - Specifies the distinguished name for binding to the LDAP server.
- bind
Mechanism String - Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the 'simple' value.
- bind
Timeout Number - Specifies the timeout in seconds when binding to an LDAP server.
- String
- Specifies the path to the root certificates file.
- check
Online NumberInterval - Specifies the time in seconds between provider online checks.
- cn
Attribute String - Specifies the canonical name.
- create
Home BooleanDirectory - Automatically create the home directory on the first login.
- crypt
Password StringAttribute - Specifies the hashed password value.
- email
Attribute String - Specifies the LDAP Email attribute.
- enabled Boolean
- If true, enables the LDAP provider.
- enumerate
Groups Boolean - If true, allows the provider to enumerate groups.
- enumerate
Users Boolean - If true, allows the provider to enumerate users.
- findable
Groups List<String> - Specifies the list of groups that can be resolved.
- findable
Users List<String> - Specifies the list of users that can be resolved.
- gecos
Attribute String - Specifies the LDAP GECOS attribute.
- gid
Attribute String - Specifies the LDAP GID attribute.
- group
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for groups are started.
- group
Domain String - Specifies the domain for this provider through which groups are qualified.
- group
Filter String - Specifies the LDAP filter for group objects.
- group
Members StringAttribute - Specifies the LDAP Group Members attribute.
- group
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- groupnet String
- Groupnet identifier. Cannot be updated.
- home
Directory StringTemplate - Specifies the path to the home directory template.
- homedir
Attribute String - Specifies the LDAP Homedir attribute.
- ignore
Tls BooleanErrors - If true, continues over secure connections even if identity checks fail.
- ignore
Unresolvable BooleanServer Urls - Ignore unresolvable server URIs when creating and updating.
- listable
Groups List<String> - Specifies the groups that can be viewed in the provider.
- listable
Users List<String> - Specifies the users that can be viewed in the provider.
- login
Shell String - Specifies the login shell path.
- member
Lookup StringMethod - Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: "default", "rfc2307bis".
- member
Of StringAttribute - Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.
- name String
- Specifies the name of the LDAP provider.
- name
Attribute String - Specifies the LDAP UID attribute, which is used as the login name.
- netgroup
Base StringDn - Specifies the distinguished name of the entry where LDAP searches for netgroups are started.
- netgroup
Filter String - Specifies the LDAP filter for netgroup objects.
- netgroup
Members StringAttribute - Specifies the LDAP Netgroup Members attribute.
- netgroup
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- netgroup
Triple StringAttribute - Specifies the LDAP Netgroup Triple attribute.
- normalize
Groups Boolean - Normalizes group names to lowercase before look up.
- normalize
Users Boolean - Normalizes user names to lowercase before look up.
- nt
Password StringAttribute - Specifies the LDAP NT Password attribute.
- ntlm
Support String - Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: "all", "v2only", "none".
- ocsp
Server List<String>Uris - Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.
- provider
Domain String - Specifies the provider domain.
- require
Secure BooleanConnection - Determines whether to continue over a non-TLS connection.
- restrict
Findable Boolean - If true, checks the provider for filtered lists of findable and unfindable users and groups.
- restrict
Listable Boolean - If true, checks the provider for filtered lists of listable and unlistable users and groups.
- search
Scope String - Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: "base", "onelevel", "subtree", "children".
- search
Timeout Number - Specifies the search timeout period in seconds.
- server
Uris List<String> - Specifies the server URIs.
- shadow
Expire StringAttribute - Sets the attribute name that indicates the absolute date to expire the account.
- shadow
Flag StringAttribute - Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- shadow
Inactive StringAttribute - Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- shadow
Last StringChange Attribute - Sets the attribute name that indicates the last change of the shadow information.
- shadow
Max StringAttribute - Sets the attribute name that indicates the maximum number of days a password can be valid.
- shadow
Min StringAttribute - Sets the attribute name that indicates the minimum number of days between shadow changes.
- shadow
User StringFilter - Sets LDAP filter for shadow user objects.
- shadow
Warning StringAttribute - Sets the attribute name that indicates the number of days before the password expires to warn the user.
- shell
Attribute String - Specifies the LDAP Shell attribute.
- ssh
Public StringKey Attribute - Sets the attribute name that indicates the SSH Public Key for the user.
- status String
- Specifies the status of the provider.
- system Boolean
- If true, indicates that this provider instance was created by OneFS and cannot be removed.
- tls
Protocol StringMin - Specifies the minimum TLS protocol version.
- tls
Revocation StringCheck Level - This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: "none", "allowNoData", "allowNoSrc", "strict". Only available for PowerScale 9.5 and above.
- uid
Attribute String - Specifies the LDAP UID Number attribute.
- unfindable
Groups List<String> - Specifies the groups that cannot be resolved by the provider.
- unfindable
Users List<String> - Specifies users that cannot be resolved by the provider.
- unique
Group StringMembers Attribute - Sets the LDAP Unique Group Members attribute.
- unlistable
Groups List<String> - Specifies a group that cannot be listed by the provider.
- unlistable
Users List<String> - Specifies a user that cannot be listed by the provider.
- user
Base StringDn - Specifies the distinguished name of the entry at which to start LDAP searches for users.
- user
Domain String - Specifies the domain for this provider through which users are qualified.
- user
Filter String - Specifies the LDAP filter for user objects.
- user
Search StringScope - Specifies the depth from the base DN to perform LDAP searches. Acceptable values: "default", "base", "onelevel", "subtree", "children".
- zone
Name String - Specifies the name of the access zone in which this provider was created.
Import
Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.
Licensed under the Mozilla Public License Version 2.0 (the “License”);
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://mozilla.org/MPL/2.0/
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an “AS IS” BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The command is
$ pulumi import powerscale:index/ldapProvider:LdapProvider example_ldap_provider <ldapProviderName>
Example:
$ pulumi import powerscale:index/ldapProvider:LdapProvider example_ldap_provider ldapProviderName
after running this command, populate the name field and other required parameters in the config file to start managing this resource.
Note: running “terraform show” after importing shows the current config/state of the resource. You can copy/paste that config to make it easier to manage the resource.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- powerscale dell/terraform-provider-powerscale
- License
- Notes
- This Pulumi package is based on the
powerscaleTerraform Provider.