vault.ldap.AuthBackend
Explore with Pulumi AI
Provides a resource for managing an LDAP auth backend within Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
discoverdn: false,
groupdn: "OU=Groups,DC=example,DC=org",
groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
path: "ldap",
upndomain: "EXAMPLE.ORG",
url: "ldaps://dc-01.example.org",
userattr: "sAMAccountName",
userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
});
import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
discoverdn=False,
groupdn="OU=Groups,DC=example,DC=org",
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
path="ldap",
upndomain="EXAMPLE.ORG",
url="ldaps://dc-01.example.org",
userattr="sAMAccountName",
userdn="OU=Users,OU=Accounts,DC=example,DC=org")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
Discoverdn: pulumi.Bool(false),
Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"),
Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
Path: pulumi.String("ldap"),
Upndomain: pulumi.String("EXAMPLE.ORG"),
Url: pulumi.String("ldaps://dc-01.example.org"),
Userattr: pulumi.String("sAMAccountName"),
Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var ldap = new Vault.Ldap.AuthBackend("ldap", new()
{
Discoverdn = false,
Groupdn = "OU=Groups,DC=example,DC=org",
Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
Path = "ldap",
Upndomain = "EXAMPLE.ORG",
Url = "ldaps://dc-01.example.org",
Userattr = "sAMAccountName",
Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
.discoverdn(false)
.groupdn("OU=Groups,DC=example,DC=org")
.groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
.path("ldap")
.upndomain("EXAMPLE.ORG")
.url("ldaps://dc-01.example.org")
.userattr("sAMAccountName")
.userdn("OU=Users,OU=Accounts,DC=example,DC=org")
.build());
}
}
resources:
ldap:
type: vault:ldap:AuthBackend
properties:
discoverdn: false
groupdn: OU=Groups,DC=example,DC=org
groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
path: ldap
upndomain: EXAMPLE.ORG
url: ldaps://dc-01.example.org
userattr: sAMAccountName
userdn: OU=Users,OU=Accounts,DC=example,DC=org
Create AuthBackend Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthBackend(name: string, args: AuthBackendArgs, opts?: CustomResourceOptions);
@overload
def AuthBackend(resource_name: str,
args: AuthBackendArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthBackend(resource_name: str,
opts: Optional[ResourceOptions] = None,
url: Optional[str] = None,
starttls: Optional[bool] = None,
client_tls_cert: Optional[str] = None,
path: Optional[str] = None,
binddn: Optional[str] = None,
client_tls_key: Optional[str] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
certificate: Optional[str] = None,
tls_max_version: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
bindpass: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None)
func NewAuthBackend(ctx *Context, name string, args AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)
public AuthBackend(string name, AuthBackendArgs args, CustomResourceOptions? opts = null)
public AuthBackend(String name, AuthBackendArgs args)
public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
type: vault:ldap:AuthBackend
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var exampleauthBackendResourceResourceFromLdapauthBackend = new Vault.Ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", new()
{
Url = "string",
Starttls = false,
ClientTlsCert = "string",
Path = "string",
Binddn = "string",
ClientTlsKey = "string",
DenyNullBind = false,
Description = "string",
DisableRemount = false,
Discoverdn = false,
Groupattr = "string",
Groupdn = "string",
Groupfilter = "string",
InsecureTls = false,
Local = false,
MaxPageSize = 0,
Namespace = "string",
Certificate = "string",
TlsMaxVersion = "string",
CaseSensitiveNames = false,
TlsMinVersion = "string",
TokenBoundCidrs = new[]
{
"string",
},
TokenExplicitMaxTtl = 0,
TokenMaxTtl = 0,
TokenNoDefaultPolicy = false,
TokenNumUses = 0,
TokenPeriod = 0,
TokenPolicies = new[]
{
"string",
},
TokenTtl = 0,
TokenType = "string",
Upndomain = "string",
Bindpass = "string",
UseTokenGroups = false,
Userattr = "string",
Userdn = "string",
Userfilter = "string",
UsernameAsAlias = false,
});
example, err := ldap.NewAuthBackend(ctx, "exampleauthBackendResourceResourceFromLdapauthBackend", &ldap.AuthBackendArgs{
Url: pulumi.String("string"),
Starttls: pulumi.Bool(false),
ClientTlsCert: pulumi.String("string"),
Path: pulumi.String("string"),
Binddn: pulumi.String("string"),
ClientTlsKey: pulumi.String("string"),
DenyNullBind: pulumi.Bool(false),
Description: pulumi.String("string"),
DisableRemount: pulumi.Bool(false),
Discoverdn: pulumi.Bool(false),
Groupattr: pulumi.String("string"),
Groupdn: pulumi.String("string"),
Groupfilter: pulumi.String("string"),
InsecureTls: pulumi.Bool(false),
Local: pulumi.Bool(false),
MaxPageSize: pulumi.Int(0),
Namespace: pulumi.String("string"),
Certificate: pulumi.String("string"),
TlsMaxVersion: pulumi.String("string"),
CaseSensitiveNames: pulumi.Bool(false),
TlsMinVersion: pulumi.String("string"),
TokenBoundCidrs: pulumi.StringArray{
pulumi.String("string"),
},
TokenExplicitMaxTtl: pulumi.Int(0),
TokenMaxTtl: pulumi.Int(0),
TokenNoDefaultPolicy: pulumi.Bool(false),
TokenNumUses: pulumi.Int(0),
TokenPeriod: pulumi.Int(0),
TokenPolicies: pulumi.StringArray{
pulumi.String("string"),
},
TokenTtl: pulumi.Int(0),
TokenType: pulumi.String("string"),
Upndomain: pulumi.String("string"),
Bindpass: pulumi.String("string"),
UseTokenGroups: pulumi.Bool(false),
Userattr: pulumi.String("string"),
Userdn: pulumi.String("string"),
Userfilter: pulumi.String("string"),
UsernameAsAlias: pulumi.Bool(false),
})
var exampleauthBackendResourceResourceFromLdapauthBackend = new AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", AuthBackendArgs.builder()
.url("string")
.starttls(false)
.clientTlsCert("string")
.path("string")
.binddn("string")
.clientTlsKey("string")
.denyNullBind(false)
.description("string")
.disableRemount(false)
.discoverdn(false)
.groupattr("string")
.groupdn("string")
.groupfilter("string")
.insecureTls(false)
.local(false)
.maxPageSize(0)
.namespace("string")
.certificate("string")
.tlsMaxVersion("string")
.caseSensitiveNames(false)
.tlsMinVersion("string")
.tokenBoundCidrs("string")
.tokenExplicitMaxTtl(0)
.tokenMaxTtl(0)
.tokenNoDefaultPolicy(false)
.tokenNumUses(0)
.tokenPeriod(0)
.tokenPolicies("string")
.tokenTtl(0)
.tokenType("string")
.upndomain("string")
.bindpass("string")
.useTokenGroups(false)
.userattr("string")
.userdn("string")
.userfilter("string")
.usernameAsAlias(false)
.build());
exampleauth_backend_resource_resource_from_ldapauth_backend = vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend",
url="string",
starttls=False,
client_tls_cert="string",
path="string",
binddn="string",
client_tls_key="string",
deny_null_bind=False,
description="string",
disable_remount=False,
discoverdn=False,
groupattr="string",
groupdn="string",
groupfilter="string",
insecure_tls=False,
local=False,
max_page_size=0,
namespace="string",
certificate="string",
tls_max_version="string",
case_sensitive_names=False,
tls_min_version="string",
token_bound_cidrs=["string"],
token_explicit_max_ttl=0,
token_max_ttl=0,
token_no_default_policy=False,
token_num_uses=0,
token_period=0,
token_policies=["string"],
token_ttl=0,
token_type="string",
upndomain="string",
bindpass="string",
use_token_groups=False,
userattr="string",
userdn="string",
userfilter="string",
username_as_alias=False)
const exampleauthBackendResourceResourceFromLdapauthBackend = new vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", {
url: "string",
starttls: false,
clientTlsCert: "string",
path: "string",
binddn: "string",
clientTlsKey: "string",
denyNullBind: false,
description: "string",
disableRemount: false,
discoverdn: false,
groupattr: "string",
groupdn: "string",
groupfilter: "string",
insecureTls: false,
local: false,
maxPageSize: 0,
namespace: "string",
certificate: "string",
tlsMaxVersion: "string",
caseSensitiveNames: false,
tlsMinVersion: "string",
tokenBoundCidrs: ["string"],
tokenExplicitMaxTtl: 0,
tokenMaxTtl: 0,
tokenNoDefaultPolicy: false,
tokenNumUses: 0,
tokenPeriod: 0,
tokenPolicies: ["string"],
tokenTtl: 0,
tokenType: "string",
upndomain: "string",
bindpass: "string",
useTokenGroups: false,
userattr: "string",
userdn: "string",
userfilter: "string",
usernameAsAlias: false,
});
type: vault:ldap:AuthBackend
properties:
binddn: string
bindpass: string
caseSensitiveNames: false
certificate: string
clientTlsCert: string
clientTlsKey: string
denyNullBind: false
description: string
disableRemount: false
discoverdn: false
groupattr: string
groupdn: string
groupfilter: string
insecureTls: false
local: false
maxPageSize: 0
namespace: string
path: string
starttls: false
tlsMaxVersion: string
tlsMinVersion: string
tokenBoundCidrs:
- string
tokenExplicitMaxTtl: 0
tokenMaxTtl: 0
tokenNoDefaultPolicy: false
tokenNumUses: 0
tokenPeriod: 0
tokenPolicies:
- string
tokenTtl: 0
tokenType: string
upndomain: string
url: string
useTokenGroups: false
userattr: string
userdn: string
userfilter: string
usernameAsAlias: false
AuthBackend Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AuthBackend resource accepts the following input properties:
- Url string
- The URL of the LDAP server
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - Token
Max intTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies List<string> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Url string
- The URL of the LDAP server
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - Token
Max intTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies []string - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit IntegerMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max IntegerTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num IntegerUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Integer - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Integer - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url string
- The URL of the LDAP server
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddn
when performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- description string
- Description for the LDAP auth backend mount
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit numberMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max numberTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No booleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num numberUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period number - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies string[] - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl number - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type string - The type of token to generate, service or batch
- upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url str
- The URL of the LDAP server
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddn
when performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- description str
- Description for the LDAP auth backend mount
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token_
explicit_ intmax_ ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token_
max_ intttl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
no_ booldefault_ policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token_
num_ intuses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token_
period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token_
policies Sequence[str] - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token_
ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
type str - The type of token to generate, service or batch
- upndomain str
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit NumberMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max NumberTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num NumberUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Number - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Number - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:
Look up Existing AuthBackend Resource
Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
binddn: Optional[str] = None,
bindpass: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
url: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None) -> AuthBackend
func GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)
public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)
public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
- The accessor for this auth mount.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - Token
Max intTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies List<string> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Accessor string
- The accessor for this auth mount.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddn
when performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Description string
- Description for the LDAP auth backend mount
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - Token
Max intTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies []string - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string - The type of token to generate, service or batch
- Upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit IntegerMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max IntegerTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num IntegerUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Integer - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Integer - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor string
- The accessor for this auth mount.
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddn
when performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- description string
- Description for the LDAP auth backend mount
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit numberMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max numberTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No booleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num numberUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period number - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies string[] - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl number - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type string - The type of token to generate, service or batch
- upndomain string
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url string
- The URL of the LDAP server
- use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor str
- The accessor for this auth mount.
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddn
when performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- description str
- Description for the LDAP auth backend mount
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token_
explicit_ intmax_ ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token_
max_ intttl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
no_ booldefault_ policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token_
num_ intuses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token_
period int - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token_
policies Sequence[str] - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token_
ttl int - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
type str - The type of token to generate, service or batch
- upndomain str
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url str
- The URL of the LDAP server
- use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddn
when performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- description String
- Description for the LDAP auth backend mount
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit NumberMax Ttl - If set, will encode an
explicit max TTL
onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal. - token
Max NumberTtl - The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy - If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num NumberUses - The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Number - If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> - List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Number - The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String - The type of token to generate, service or batch
- upndomain String
- The
userPrincipalDomain
used to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Import
LDAP authentication backends can be imported using the path
, e.g.
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.