proxmoxve.Realm.Ldap

Proxmox Virtual Environment (Proxmox VE) v7.13.0, Feb 10 26

Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

Import

#!/usr/bin/env sh

LDAP realms can be imported using the realm identifier, e.g.:

$ pulumi import proxmoxve:Realm/ldap:Ldap example example.com

-> When importing, the bind_password attribute cannot be imported since it’s not returned by the Proxmox API. You’ll need to set this attribute in your Terraform configuration after the import to manage it with Terraform.

Create Ldap Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Ldap(name: string, args: LdapArgs, opts?: CustomResourceOptions);

@overload
def Ldap(resource_name: str,
         args: LdapArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Ldap(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         base_dn: Optional[str] = None,
         server1: Optional[str] = None,
         realm: Optional[str] = None,
         cert_path: Optional[str] = None,
         mode: Optional[str] = None,
         cert_key_path: Optional[str] = None,
         ca_path: Optional[str] = None,
         comment: Optional[str] = None,
         default: Optional[bool] = None,
         filter: Optional[str] = None,
         group_classes: Optional[str] = None,
         group_dn: Optional[str] = None,
         group_filter: Optional[str] = None,
         group_name_attr: Optional[str] = None,
         case_sensitive: Optional[bool] = None,
         port: Optional[int] = None,
         bind_password: Optional[str] = None,
         secure: Optional[bool] = None,
         bind_dn: Optional[str] = None,
         server2: Optional[str] = None,
         ssl_version: Optional[str] = None,
         sync_attributes: Optional[str] = None,
         sync_defaults_options: Optional[str] = None,
         user_attr: Optional[str] = None,
         user_classes: Optional[str] = None,
         verify: Optional[bool] = None)

func NewLdap(ctx *Context, name string, args LdapArgs, opts ...ResourceOption) (*Ldap, error)

public Ldap(string name, LdapArgs args, CustomResourceOptions? opts = null)

public Ldap(String name, LdapArgs args)
public Ldap(String name, LdapArgs args, CustomResourceOptions options)

type: proxmoxve:Realm:Ldap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LdapArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LdapArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LdapArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LdapArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LdapArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ldapResource = new ProxmoxVE.Realm.Ldap("ldapResource", new()
{
    BaseDn = "string",
    Server1 = "string",
    Realm = "string",
    CertPath = "string",
    Mode = "string",
    CertKeyPath = "string",
    CaPath = "string",
    Comment = "string",
    Default = false,
    Filter = "string",
    GroupClasses = "string",
    GroupDn = "string",
    GroupFilter = "string",
    GroupNameAttr = "string",
    CaseSensitive = false,
    Port = 0,
    BindPassword = "string",
    BindDn = "string",
    Server2 = "string",
    SslVersion = "string",
    SyncAttributes = "string",
    SyncDefaultsOptions = "string",
    UserAttr = "string",
    UserClasses = "string",
    Verify = false,
});

example, err := realm.NewLdap(ctx, "ldapResource", &realm.LdapArgs{
	BaseDn:              pulumi.String("string"),
	Server1:             pulumi.String("string"),
	Realm:               pulumi.String("string"),
	CertPath:            pulumi.String("string"),
	Mode:                pulumi.String("string"),
	CertKeyPath:         pulumi.String("string"),
	CaPath:              pulumi.String("string"),
	Comment:             pulumi.String("string"),
	Default:             pulumi.Bool(false),
	Filter:              pulumi.String("string"),
	GroupClasses:        pulumi.String("string"),
	GroupDn:             pulumi.String("string"),
	GroupFilter:         pulumi.String("string"),
	GroupNameAttr:       pulumi.String("string"),
	CaseSensitive:       pulumi.Bool(false),
	Port:                pulumi.Int(0),
	BindPassword:        pulumi.String("string"),
	BindDn:              pulumi.String("string"),
	Server2:             pulumi.String("string"),
	SslVersion:          pulumi.String("string"),
	SyncAttributes:      pulumi.String("string"),
	SyncDefaultsOptions: pulumi.String("string"),
	UserAttr:            pulumi.String("string"),
	UserClasses:         pulumi.String("string"),
	Verify:              pulumi.Bool(false),
})

var ldapResource = new Ldap("ldapResource", LdapArgs.builder()
    .baseDn("string")
    .server1("string")
    .realm("string")
    .certPath("string")
    .mode("string")
    .certKeyPath("string")
    .caPath("string")
    .comment("string")
    .default_(false)
    .filter("string")
    .groupClasses("string")
    .groupDn("string")
    .groupFilter("string")
    .groupNameAttr("string")
    .caseSensitive(false)
    .port(0)
    .bindPassword("string")
    .bindDn("string")
    .server2("string")
    .sslVersion("string")
    .syncAttributes("string")
    .syncDefaultsOptions("string")
    .userAttr("string")
    .userClasses("string")
    .verify(false)
    .build());

ldap_resource = proxmoxve.realm.Ldap("ldapResource",
    base_dn="string",
    server1="string",
    realm="string",
    cert_path="string",
    mode="string",
    cert_key_path="string",
    ca_path="string",
    comment="string",
    default=False,
    filter="string",
    group_classes="string",
    group_dn="string",
    group_filter="string",
    group_name_attr="string",
    case_sensitive=False,
    port=0,
    bind_password="string",
    bind_dn="string",
    server2="string",
    ssl_version="string",
    sync_attributes="string",
    sync_defaults_options="string",
    user_attr="string",
    user_classes="string",
    verify=False)

const ldapResource = new proxmoxve.realm.Ldap("ldapResource", {
    baseDn: "string",
    server1: "string",
    realm: "string",
    certPath: "string",
    mode: "string",
    certKeyPath: "string",
    caPath: "string",
    comment: "string",
    "default": false,
    filter: "string",
    groupClasses: "string",
    groupDn: "string",
    groupFilter: "string",
    groupNameAttr: "string",
    caseSensitive: false,
    port: 0,
    bindPassword: "string",
    bindDn: "string",
    server2: "string",
    sslVersion: "string",
    syncAttributes: "string",
    syncDefaultsOptions: "string",
    userAttr: "string",
    userClasses: "string",
    verify: false,
});

type: proxmoxve:Realm:Ldap
properties:
    baseDn: string
    bindDn: string
    bindPassword: string
    caPath: string
    caseSensitive: false
    certKeyPath: string
    certPath: string
    comment: string
    default: false
    filter: string
    groupClasses: string
    groupDn: string
    groupFilter: string
    groupNameAttr: string
    mode: string
    port: 0
    realm: string
    server1: string
    server2: string
    sslVersion: string
    syncAttributes: string
    syncDefaultsOptions: string
    userAttr: string
    userClasses: string
    verify: false

Ldap Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Ldap resource accepts the following input properties:

BaseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
Realm string: Realm identifier (e.g., 'example.com').
Server1 string: Primary LDAP server hostname or IP address.
BindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
BindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
CaPath string: Path to CA certificate file for SSL verification.
CaseSensitive bool: Enable case-sensitive username matching.
CertKeyPath string: Path to client certificate key.
CertPath string: Path to client certificate for SSL authentication.
Comment string: Description of the realm.
Default bool: Use this realm as the default for login.
Filter string: LDAP filter for user searches.
GroupClasses string: LDAP objectClasses for groups (comma-separated).
GroupDn string: LDAP base DN for group searches.
GroupFilter string: LDAP filter for group searches.
GroupNameAttr string: LDAP attribute representing the group name.
Mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
Port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
Secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
Server2 string: Fallback LDAP server hostname or IP address.
SslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
SyncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
SyncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
UserAttr string: LDAP attribute representing the username.
UserClasses string: LDAP objectClasses for users (comma-separated).
Verify bool: Verify LDAP server SSL certificate.

BaseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
Realm string: Realm identifier (e.g., 'example.com').
Server1 string: Primary LDAP server hostname or IP address.
BindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
BindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
CaPath string: Path to CA certificate file for SSL verification.
CaseSensitive bool: Enable case-sensitive username matching.
CertKeyPath string: Path to client certificate key.
CertPath string: Path to client certificate for SSL authentication.
Comment string: Description of the realm.
Default bool: Use this realm as the default for login.
Filter string: LDAP filter for user searches.
GroupClasses string: LDAP objectClasses for groups (comma-separated).
GroupDn string: LDAP base DN for group searches.
GroupFilter string: LDAP filter for group searches.
GroupNameAttr string: LDAP attribute representing the group name.
Mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
Port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
Secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
Server2 string: Fallback LDAP server hostname or IP address.
SslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
SyncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
SyncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
UserAttr string: LDAP attribute representing the username.
UserClasses string: LDAP objectClasses for users (comma-separated).
Verify bool: Verify LDAP server SSL certificate.

baseDn String: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
realm String: Realm identifier (e.g., 'example.com').
server1 String: Primary LDAP server hostname or IP address.
bindDn String: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword String: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath String: Path to CA certificate file for SSL verification.
caseSensitive Boolean: Enable case-sensitive username matching.
certKeyPath String: Path to client certificate key.
certPath String: Path to client certificate for SSL authentication.
comment String: Description of the realm.
default_ Boolean: Use this realm as the default for login.
filter String: LDAP filter for user searches.
groupClasses String: LDAP objectClasses for groups (comma-separated).
groupDn String: LDAP base DN for group searches.
groupFilter String: LDAP filter for group searches.
groupNameAttr String: LDAP attribute representing the group name.
mode String: LDAP connection mode (ldap, ldaps, ldap+starttls).
port Integer: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
secure Boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server2 String: Fallback LDAP server hostname or IP address.
sslVersion String: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes String: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions String: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr String: LDAP attribute representing the username.
userClasses String: LDAP objectClasses for users (comma-separated).
verify Boolean: Verify LDAP server SSL certificate.

baseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
realm string: Realm identifier (e.g., 'example.com').
server1 string: Primary LDAP server hostname or IP address.
bindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath string: Path to CA certificate file for SSL verification.
caseSensitive boolean: Enable case-sensitive username matching.
certKeyPath string: Path to client certificate key.
certPath string: Path to client certificate for SSL authentication.
comment string: Description of the realm.
default boolean: Use this realm as the default for login.
filter string: LDAP filter for user searches.
groupClasses string: LDAP objectClasses for groups (comma-separated).
groupDn string: LDAP base DN for group searches.
groupFilter string: LDAP filter for group searches.
groupNameAttr string: LDAP attribute representing the group name.
mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
port number: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
secure boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server2 string: Fallback LDAP server hostname or IP address.
sslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr string: LDAP attribute representing the username.
userClasses string: LDAP objectClasses for users (comma-separated).
verify boolean: Verify LDAP server SSL certificate.

base_dn str: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
realm str: Realm identifier (e.g., 'example.com').
server1 str: Primary LDAP server hostname or IP address.
bind_dn str: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bind_password str: Password for the bind DN. Note: stored in Proxmox but not returned by API.
ca_path str: Path to CA certificate file for SSL verification.
case_sensitive bool: Enable case-sensitive username matching.
cert_key_path str: Path to client certificate key.
cert_path str: Path to client certificate for SSL authentication.
comment str: Description of the realm.
default bool: Use this realm as the default for login.
filter str: LDAP filter for user searches.
group_classes str: LDAP objectClasses for groups (comma-separated).
group_dn str: LDAP base DN for group searches.
group_filter str: LDAP filter for group searches.
group_name_attr str: LDAP attribute representing the group name.
mode str: LDAP connection mode (ldap, ldaps, ldap+starttls).
port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server2 str: Fallback LDAP server hostname or IP address.
ssl_version str: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
sync_attributes str: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
sync_defaults_options str: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
user_attr str: LDAP attribute representing the username.
user_classes str: LDAP objectClasses for users (comma-separated).
verify bool: Verify LDAP server SSL certificate.

baseDn String: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
realm String: Realm identifier (e.g., 'example.com').
server1 String: Primary LDAP server hostname or IP address.
bindDn String: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword String: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath String: Path to CA certificate file for SSL verification.
caseSensitive Boolean: Enable case-sensitive username matching.
certKeyPath String: Path to client certificate key.
certPath String: Path to client certificate for SSL authentication.
comment String: Description of the realm.
default Boolean: Use this realm as the default for login.
filter String: LDAP filter for user searches.
groupClasses String: LDAP objectClasses for groups (comma-separated).
groupDn String: LDAP base DN for group searches.
groupFilter String: LDAP filter for group searches.
groupNameAttr String: LDAP attribute representing the group name.
mode String: LDAP connection mode (ldap, ldaps, ldap+starttls).
port Number: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
secure Boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server2 String: Fallback LDAP server hostname or IP address.
sslVersion String: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes String: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions String: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr String: LDAP attribute representing the username.
userClasses String: LDAP objectClasses for users (comma-separated).
verify Boolean: Verify LDAP server SSL certificate.

Outputs

All input properties are implicitly available as output properties. Additionally, the Ldap resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Ldap Resource

Get an existing Ldap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LdapState, opts?: CustomResourceOptions): Ldap

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        base_dn: Optional[str] = None,
        bind_dn: Optional[str] = None,
        bind_password: Optional[str] = None,
        ca_path: Optional[str] = None,
        case_sensitive: Optional[bool] = None,
        cert_key_path: Optional[str] = None,
        cert_path: Optional[str] = None,
        comment: Optional[str] = None,
        default: Optional[bool] = None,
        filter: Optional[str] = None,
        group_classes: Optional[str] = None,
        group_dn: Optional[str] = None,
        group_filter: Optional[str] = None,
        group_name_attr: Optional[str] = None,
        mode: Optional[str] = None,
        port: Optional[int] = None,
        realm: Optional[str] = None,
        secure: Optional[bool] = None,
        server1: Optional[str] = None,
        server2: Optional[str] = None,
        ssl_version: Optional[str] = None,
        sync_attributes: Optional[str] = None,
        sync_defaults_options: Optional[str] = None,
        user_attr: Optional[str] = None,
        user_classes: Optional[str] = None,
        verify: Optional[bool] = None) -> Ldap

func GetLdap(ctx *Context, name string, id IDInput, state *LdapState, opts ...ResourceOption) (*Ldap, error)

public static Ldap Get(string name, Input<string> id, LdapState? state, CustomResourceOptions? opts = null)

public static Ldap get(String name, Output<String> id, LdapState state, CustomResourceOptions options)

resources:  _:    type: proxmoxve:Realm:Ldap    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BaseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
BindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
BindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
CaPath string: Path to CA certificate file for SSL verification.
CaseSensitive bool: Enable case-sensitive username matching.
CertKeyPath string: Path to client certificate key.
CertPath string: Path to client certificate for SSL authentication.
Comment string: Description of the realm.
Default bool: Use this realm as the default for login.
Filter string: LDAP filter for user searches.
GroupClasses string: LDAP objectClasses for groups (comma-separated).
GroupDn string: LDAP base DN for group searches.
GroupFilter string: LDAP filter for group searches.
GroupNameAttr string: LDAP attribute representing the group name.
Mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
Port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
Realm string: Realm identifier (e.g., 'example.com').
Secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
Server1 string: Primary LDAP server hostname or IP address.
Server2 string: Fallback LDAP server hostname or IP address.
SslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
SyncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
SyncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
UserAttr string: LDAP attribute representing the username.
UserClasses string: LDAP objectClasses for users (comma-separated).
Verify bool: Verify LDAP server SSL certificate.

BaseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
BindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
BindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
CaPath string: Path to CA certificate file for SSL verification.
CaseSensitive bool: Enable case-sensitive username matching.
CertKeyPath string: Path to client certificate key.
CertPath string: Path to client certificate for SSL authentication.
Comment string: Description of the realm.
Default bool: Use this realm as the default for login.
Filter string: LDAP filter for user searches.
GroupClasses string: LDAP objectClasses for groups (comma-separated).
GroupDn string: LDAP base DN for group searches.
GroupFilter string: LDAP filter for group searches.
GroupNameAttr string: LDAP attribute representing the group name.
Mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
Port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
Realm string: Realm identifier (e.g., 'example.com').
Secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
Server1 string: Primary LDAP server hostname or IP address.
Server2 string: Fallback LDAP server hostname or IP address.
SslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
SyncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
SyncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
UserAttr string: LDAP attribute representing the username.
UserClasses string: LDAP objectClasses for users (comma-separated).
Verify bool: Verify LDAP server SSL certificate.

baseDn String: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
bindDn String: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword String: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath String: Path to CA certificate file for SSL verification.
caseSensitive Boolean: Enable case-sensitive username matching.
certKeyPath String: Path to client certificate key.
certPath String: Path to client certificate for SSL authentication.
comment String: Description of the realm.
default_ Boolean: Use this realm as the default for login.
filter String: LDAP filter for user searches.
groupClasses String: LDAP objectClasses for groups (comma-separated).
groupDn String: LDAP base DN for group searches.
groupFilter String: LDAP filter for group searches.
groupNameAttr String: LDAP attribute representing the group name.
mode String: LDAP connection mode (ldap, ldaps, ldap+starttls).
port Integer: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
realm String: Realm identifier (e.g., 'example.com').
secure Boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server1 String: Primary LDAP server hostname or IP address.
server2 String: Fallback LDAP server hostname or IP address.
sslVersion String: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes String: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions String: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr String: LDAP attribute representing the username.
userClasses String: LDAP objectClasses for users (comma-separated).
verify Boolean: Verify LDAP server SSL certificate.

baseDn string: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
bindDn string: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword string: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath string: Path to CA certificate file for SSL verification.
caseSensitive boolean: Enable case-sensitive username matching.
certKeyPath string: Path to client certificate key.
certPath string: Path to client certificate for SSL authentication.
comment string: Description of the realm.
default boolean: Use this realm as the default for login.
filter string: LDAP filter for user searches.
groupClasses string: LDAP objectClasses for groups (comma-separated).
groupDn string: LDAP base DN for group searches.
groupFilter string: LDAP filter for group searches.
groupNameAttr string: LDAP attribute representing the group name.
mode string: LDAP connection mode (ldap, ldaps, ldap+starttls).
port number: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
realm string: Realm identifier (e.g., 'example.com').
secure boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server1 string: Primary LDAP server hostname or IP address.
server2 string: Fallback LDAP server hostname or IP address.
sslVersion string: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes string: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions string: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr string: LDAP attribute representing the username.
userClasses string: LDAP objectClasses for users (comma-separated).
verify boolean: Verify LDAP server SSL certificate.

base_dn str: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
bind_dn str: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bind_password str: Password for the bind DN. Note: stored in Proxmox but not returned by API.
ca_path str: Path to CA certificate file for SSL verification.
case_sensitive bool: Enable case-sensitive username matching.
cert_key_path str: Path to client certificate key.
cert_path str: Path to client certificate for SSL authentication.
comment str: Description of the realm.
default bool: Use this realm as the default for login.
filter str: LDAP filter for user searches.
group_classes str: LDAP objectClasses for groups (comma-separated).
group_dn str: LDAP base DN for group searches.
group_filter str: LDAP filter for group searches.
group_name_attr str: LDAP attribute representing the group name.
mode str: LDAP connection mode (ldap, ldaps, ldap+starttls).
port int: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
realm str: Realm identifier (e.g., 'example.com').
secure bool: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server1 str: Primary LDAP server hostname or IP address.
server2 str: Fallback LDAP server hostname or IP address.
ssl_version str: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
sync_attributes str: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
sync_defaults_options str: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
user_attr str: LDAP attribute representing the username.
user_classes str: LDAP objectClasses for users (comma-separated).
verify bool: Verify LDAP server SSL certificate.

baseDn String: LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
bindDn String: LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
bindPassword String: Password for the bind DN. Note: stored in Proxmox but not returned by API.
caPath String: Path to CA certificate file for SSL verification.
caseSensitive Boolean: Enable case-sensitive username matching.
certKeyPath String: Path to client certificate key.
certPath String: Path to client certificate for SSL authentication.
comment String: Description of the realm.
default Boolean: Use this realm as the default for login.
filter String: LDAP filter for user searches.
groupClasses String: LDAP objectClasses for groups (comma-separated).
groupDn String: LDAP base DN for group searches.
groupFilter String: LDAP filter for group searches.
groupNameAttr String: LDAP attribute representing the group name.
mode String: LDAP connection mode (ldap, ldaps, ldap+starttls).
port Number: LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
realm String: Realm identifier (e.g., 'example.com').
secure Boolean: Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
Deprecated: Deprecated by Proxmox: use mode instead.
server1 String: Primary LDAP server hostname or IP address.
server2 String: Fallback LDAP server hostname or IP address.
sslVersion String: SSL/TLS version (tlsv1, tlsv11, tlsv12, tlsv1_3).
syncAttributes String: Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
syncDefaultsOptions String: Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
userAttr String: LDAP attribute representing the username.
userClasses String: LDAP objectClasses for users (comma-separated).
verify Boolean: Verify LDAP server SSL certificate.

Package Details

Repository: proxmoxve muhlba91/pulumi-proxmoxve
License: Apache-2.0
Notes: This Pulumi package is based on the proxmox Terraform Provider.

Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

On this page

On this page

Import

Create Ldap Resource

Constructor syntax

Parameters

Constructor example

Ldap Resource Properties

Inputs

Outputs

Look up Existing Ldap Resource

Package Details

On this page

On this page