vault.ldap.AuthBackend
Explore with Pulumi AI
Provides a resource for managing an LDAP auth backend within Vault.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var ldap = new Vault.Ldap.AuthBackend("ldap", new()
{
Discoverdn = false,
Groupdn = "OU=Groups,DC=example,DC=org",
Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
Path = "ldap",
Upndomain = "EXAMPLE.ORG",
Url = "ldaps://dc-01.example.org",
Userattr = "sAMAccountName",
Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
Discoverdn: pulumi.Bool(false),
Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"),
Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
Path: pulumi.String("ldap"),
Upndomain: pulumi.String("EXAMPLE.ORG"),
Url: pulumi.String("ldaps://dc-01.example.org"),
Userattr: pulumi.String("sAMAccountName"),
Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
.discoverdn(false)
.groupdn("OU=Groups,DC=example,DC=org")
.groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
.path("ldap")
.upndomain("EXAMPLE.ORG")
.url("ldaps://dc-01.example.org")
.userattr("sAMAccountName")
.userdn("OU=Users,OU=Accounts,DC=example,DC=org")
.build());
}
}
import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
discoverdn=False,
groupdn="OU=Groups,DC=example,DC=org",
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
path="ldap",
upndomain="EXAMPLE.ORG",
url="ldaps://dc-01.example.org",
userattr="sAMAccountName",
userdn="OU=Users,OU=Accounts,DC=example,DC=org")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
discoverdn: false,
groupdn: "OU=Groups,DC=example,DC=org",
groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
path: "ldap",
upndomain: "EXAMPLE.ORG",
url: "ldaps://dc-01.example.org",
userattr: "sAMAccountName",
userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
});
resources:
ldap:
type: vault:ldap:AuthBackend
properties:
discoverdn: false
groupdn: OU=Groups,DC=example,DC=org
groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
path: ldap
upndomain: EXAMPLE.ORG
url: ldaps://dc-01.example.org
userattr: sAMAccountName
userdn: OU=Users,OU=Accounts,DC=example,DC=org
Create AuthBackend Resource
new AuthBackend(name: string, args: AuthBackendArgs, opts?: CustomResourceOptions);
@overload
def AuthBackend(resource_name: str,
opts: Optional[ResourceOptions] = None,
binddn: Optional[str] = None,
bindpass: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
url: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None)
@overload
def AuthBackend(resource_name: str,
args: AuthBackendArgs,
opts: Optional[ResourceOptions] = None)
func NewAuthBackend(ctx *Context, name string, args AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)
public AuthBackend(string name, AuthBackendArgs args, CustomResourceOptions? opts = null)
public AuthBackend(String name, AuthBackendArgs args)
public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
type: vault:ldap:AuthBackend
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AuthBackend Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AuthBackend resource accepts the following input properties:
- Url string
The URL of the LDAP server
- Binddn string
DN of object to bind when performing user search
- Bindpass string
Password to use with
binddn
when performing user search- Case
Sensitive boolNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Description string
Description for the LDAP auth backend mount
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Groupattr string
LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
Base DN under which to perform group search
- Groupfilter string
Go template used to construct group membership query
- Insecure
Tls bool Control whether or TLS certificates must be validated
- Local bool
Specifies if the auth method is local only.
- Max
Page intSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
Path to mount the LDAP auth backend under
- Starttls bool
Control use of TLS when conecting to LDAP
- Tls
Max stringVersion Maximum acceptable version of TLS
- Tls
Min stringVersion Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- Token
Max intTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies List<string> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- Upndomain string
The userPrincipalDomain used to construct UPN string
- Use
Token boolGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
Attribute on user object matching username passed in
- Userdn string
Base DN under which to perform user search
- Userfilter string
LDAP user search filter
- Username
As boolAlias Force the auth method to use the username passed by the user as the alias name.
- Url string
The URL of the LDAP server
- Binddn string
DN of object to bind when performing user search
- Bindpass string
Password to use with
binddn
when performing user search- Case
Sensitive boolNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Description string
Description for the LDAP auth backend mount
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Groupattr string
LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
Base DN under which to perform group search
- Groupfilter string
Go template used to construct group membership query
- Insecure
Tls bool Control whether or TLS certificates must be validated
- Local bool
Specifies if the auth method is local only.
- Max
Page intSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
Path to mount the LDAP auth backend under
- Starttls bool
Control use of TLS when conecting to LDAP
- Tls
Max stringVersion Maximum acceptable version of TLS
- Tls
Min stringVersion Minimum acceptable version of TLS
- Token
Bound []stringCidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- Token
Max intTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies []string List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- Upndomain string
The userPrincipalDomain used to construct UPN string
- Use
Token boolGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
Attribute on user object matching username passed in
- Userdn string
Base DN under which to perform user search
- Userfilter string
LDAP user search filter
- Username
As boolAlias Force the auth method to use the username passed by the user as the alias name.
- url String
The URL of the LDAP server
- binddn String
DN of object to bind when performing user search
- bindpass String
Password to use with
binddn
when performing user search- case
Sensitive BooleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - description String
Description for the LDAP auth backend mount
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- groupattr String
LDAP attribute to follow on objects returned by groupfilter
- groupdn String
Base DN under which to perform group search
- groupfilter String
Go template used to construct group membership query
- insecure
Tls Boolean Control whether or TLS certificates must be validated
- local Boolean
Specifies if the auth method is local only.
- max
Page IntegerSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
Path to mount the LDAP auth backend under
- starttls Boolean
Control use of TLS when conecting to LDAP
- tls
Max StringVersion Maximum acceptable version of TLS
- tls
Min StringVersion Minimum acceptable version of TLS
- token
Bound List<String>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit IntegerMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max IntegerTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num IntegerUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Integer If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Integer The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain String
The userPrincipalDomain used to construct UPN string
- use
Token BooleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
Attribute on user object matching username passed in
- userdn String
Base DN under which to perform user search
- userfilter String
LDAP user search filter
- username
As BooleanAlias Force the auth method to use the username passed by the user as the alias name.
- url string
The URL of the LDAP server
- binddn string
DN of object to bind when performing user search
- bindpass string
Password to use with
binddn
when performing user search- case
Sensitive booleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - deny
Null booleanBind - description string
Description for the LDAP auth backend mount
- disable
Remount boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- groupattr string
LDAP attribute to follow on objects returned by groupfilter
- groupdn string
Base DN under which to perform group search
- groupfilter string
Go template used to construct group membership query
- insecure
Tls boolean Control whether or TLS certificates must be validated
- local boolean
Specifies if the auth method is local only.
- max
Page numberSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path string
Path to mount the LDAP auth backend under
- starttls boolean
Control use of TLS when conecting to LDAP
- tls
Max stringVersion Maximum acceptable version of TLS
- tls
Min stringVersion Minimum acceptable version of TLS
- token
Bound string[]Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit numberMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max numberTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No booleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num numberUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period number If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies string[] List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl number The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain string
The userPrincipalDomain used to construct UPN string
- use
Token booleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
Attribute on user object matching username passed in
- userdn string
Base DN under which to perform user search
- userfilter string
LDAP user search filter
- username
As booleanAlias Force the auth method to use the username passed by the user as the alias name.
- url str
The URL of the LDAP server
- binddn str
DN of object to bind when performing user search
- bindpass str
Password to use with
binddn
when performing user search- case_
sensitive_ boolnames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - deny_
null_ boolbind - description str
Description for the LDAP auth backend mount
- disable_
remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- groupattr str
LDAP attribute to follow on objects returned by groupfilter
- groupdn str
Base DN under which to perform group search
- groupfilter str
Go template used to construct group membership query
- insecure_
tls bool Control whether or TLS certificates must be validated
- local bool
Specifies if the auth method is local only.
- max_
page_ intsize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path str
Path to mount the LDAP auth backend under
- starttls bool
Control use of TLS when conecting to LDAP
- tls_
max_ strversion Maximum acceptable version of TLS
- tls_
min_ strversion Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token_
explicit_ intmax_ ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token_
max_ intttl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
no_ booldefault_ policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token_
num_ intuses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token_
period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token_
policies Sequence[str] List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token_
ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
type str The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain str
The userPrincipalDomain used to construct UPN string
- use_
token_ boolgroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
Attribute on user object matching username passed in
- userdn str
Base DN under which to perform user search
- userfilter str
LDAP user search filter
- username_
as_ boolalias Force the auth method to use the username passed by the user as the alias name.
- url String
The URL of the LDAP server
- binddn String
DN of object to bind when performing user search
- bindpass String
Password to use with
binddn
when performing user search- case
Sensitive BooleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - description String
Description for the LDAP auth backend mount
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- groupattr String
LDAP attribute to follow on objects returned by groupfilter
- groupdn String
Base DN under which to perform group search
- groupfilter String
Go template used to construct group membership query
- insecure
Tls Boolean Control whether or TLS certificates must be validated
- local Boolean
Specifies if the auth method is local only.
- max
Page NumberSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
Path to mount the LDAP auth backend under
- starttls Boolean
Control use of TLS when conecting to LDAP
- tls
Max StringVersion Maximum acceptable version of TLS
- tls
Min StringVersion Minimum acceptable version of TLS
- token
Bound List<String>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit NumberMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max NumberTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num NumberUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Number If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Number The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain String
The userPrincipalDomain used to construct UPN string
- use
Token BooleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
Attribute on user object matching username passed in
- userdn String
Base DN under which to perform user search
- userfilter String
LDAP user search filter
- username
As BooleanAlias Force the auth method to use the username passed by the user as the alias name.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:
Look up Existing AuthBackend Resource
Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
binddn: Optional[str] = None,
bindpass: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
deny_null_bind: Optional[bool] = None,
description: Optional[str] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
upndomain: Optional[str] = None,
url: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None) -> AuthBackend
func GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)
public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)
public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
The accessor for this auth mount.
- Binddn string
DN of object to bind when performing user search
- Bindpass string
Password to use with
binddn
when performing user search- Case
Sensitive boolNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Description string
Description for the LDAP auth backend mount
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Groupattr string
LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
Base DN under which to perform group search
- Groupfilter string
Go template used to construct group membership query
- Insecure
Tls bool Control whether or TLS certificates must be validated
- Local bool
Specifies if the auth method is local only.
- Max
Page intSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
Path to mount the LDAP auth backend under
- Starttls bool
Control use of TLS when conecting to LDAP
- Tls
Max stringVersion Maximum acceptable version of TLS
- Tls
Min stringVersion Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- Token
Max intTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies List<string> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- Upndomain string
The userPrincipalDomain used to construct UPN string
- Url string
The URL of the LDAP server
- Use
Token boolGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
Attribute on user object matching username passed in
- Userdn string
Base DN under which to perform user search
- Userfilter string
LDAP user search filter
- Username
As boolAlias Force the auth method to use the username passed by the user as the alias name.
- Accessor string
The accessor for this auth mount.
- Binddn string
DN of object to bind when performing user search
- Bindpass string
Password to use with
binddn
when performing user search- Case
Sensitive boolNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Deny
Null boolBind - Description string
Description for the LDAP auth backend mount
- Disable
Remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Groupattr string
LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
Base DN under which to perform group search
- Groupfilter string
Go template used to construct group membership query
- Insecure
Tls bool Control whether or TLS certificates must be validated
- Local bool
Specifies if the auth method is local only.
- Max
Page intSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Path string
Path to mount the LDAP auth backend under
- Starttls bool
Control use of TLS when conecting to LDAP
- Tls
Max stringVersion Maximum acceptable version of TLS
- Tls
Min stringVersion Minimum acceptable version of TLS
- Token
Bound []stringCidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- Token
Explicit intMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- Token
Max intTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
No boolDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- Token
Num intUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- Token
Period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- Token
Policies []string List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- Token
Ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- Token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- Upndomain string
The userPrincipalDomain used to construct UPN string
- Url string
The URL of the LDAP server
- Use
Token boolGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
Attribute on user object matching username passed in
- Userdn string
Base DN under which to perform user search
- Userfilter string
LDAP user search filter
- Username
As boolAlias Force the auth method to use the username passed by the user as the alias name.
- accessor String
The accessor for this auth mount.
- binddn String
DN of object to bind when performing user search
- bindpass String
Password to use with
binddn
when performing user search- case
Sensitive BooleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - description String
Description for the LDAP auth backend mount
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- groupattr String
LDAP attribute to follow on objects returned by groupfilter
- groupdn String
Base DN under which to perform group search
- groupfilter String
Go template used to construct group membership query
- insecure
Tls Boolean Control whether or TLS certificates must be validated
- local Boolean
Specifies if the auth method is local only.
- max
Page IntegerSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
Path to mount the LDAP auth backend under
- starttls Boolean
Control use of TLS when conecting to LDAP
- tls
Max StringVersion Maximum acceptable version of TLS
- tls
Min StringVersion Minimum acceptable version of TLS
- token
Bound List<String>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit IntegerMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max IntegerTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num IntegerUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Integer If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Integer The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain String
The userPrincipalDomain used to construct UPN string
- url String
The URL of the LDAP server
- use
Token BooleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
Attribute on user object matching username passed in
- userdn String
Base DN under which to perform user search
- userfilter String
LDAP user search filter
- username
As BooleanAlias Force the auth method to use the username passed by the user as the alias name.
- accessor string
The accessor for this auth mount.
- binddn string
DN of object to bind when performing user search
- bindpass string
Password to use with
binddn
when performing user search- case
Sensitive booleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - deny
Null booleanBind - description string
Description for the LDAP auth backend mount
- disable
Remount boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- groupattr string
LDAP attribute to follow on objects returned by groupfilter
- groupdn string
Base DN under which to perform group search
- groupfilter string
Go template used to construct group membership query
- insecure
Tls boolean Control whether or TLS certificates must be validated
- local boolean
Specifies if the auth method is local only.
- max
Page numberSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path string
Path to mount the LDAP auth backend under
- starttls boolean
Control use of TLS when conecting to LDAP
- tls
Max stringVersion Maximum acceptable version of TLS
- tls
Min stringVersion Minimum acceptable version of TLS
- token
Bound string[]Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit numberMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max numberTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No booleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num numberUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period number If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies string[] List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl number The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type string The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain string
The userPrincipalDomain used to construct UPN string
- url string
The URL of the LDAP server
- use
Token booleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
Attribute on user object matching username passed in
- userdn string
Base DN under which to perform user search
- userfilter string
LDAP user search filter
- username
As booleanAlias Force the auth method to use the username passed by the user as the alias name.
- accessor str
The accessor for this auth mount.
- binddn str
DN of object to bind when performing user search
- bindpass str
Password to use with
binddn
when performing user search- case_
sensitive_ boolnames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - deny_
null_ boolbind - description str
Description for the LDAP auth backend mount
- disable_
remount bool If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- groupattr str
LDAP attribute to follow on objects returned by groupfilter
- groupdn str
Base DN under which to perform group search
- groupfilter str
Go template used to construct group membership query
- insecure_
tls bool Control whether or TLS certificates must be validated
- local bool
Specifies if the auth method is local only.
- max_
page_ intsize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path str
Path to mount the LDAP auth backend under
- starttls bool
Control use of TLS when conecting to LDAP
- tls_
max_ strversion Maximum acceptable version of TLS
- tls_
min_ strversion Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token_
explicit_ intmax_ ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token_
max_ intttl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
no_ booldefault_ policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token_
num_ intuses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token_
period int If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token_
policies Sequence[str] List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token_
ttl int The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token_
type str The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain str
The userPrincipalDomain used to construct UPN string
- url str
The URL of the LDAP server
- use_
token_ boolgroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
Attribute on user object matching username passed in
- userdn str
Base DN under which to perform user search
- userfilter str
LDAP user search filter
- username_
as_ boolalias Force the auth method to use the username passed by the user as the alias name.
- accessor String
The accessor for this auth mount.
- binddn String
DN of object to bind when performing user search
- bindpass String
Password to use with
binddn
when performing user search- case
Sensitive BooleanNames Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - deny
Null BooleanBind - description String
Description for the LDAP auth backend mount
- disable
Remount Boolean If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- groupattr String
LDAP attribute to follow on objects returned by groupfilter
- groupdn String
Base DN under which to perform group search
- groupfilter String
Go template used to construct group membership query
- insecure
Tls Boolean Control whether or TLS certificates must be validated
- local Boolean
Specifies if the auth method is local only.
- max
Page NumberSize Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- path String
Path to mount the LDAP auth backend under
- starttls Boolean
Control use of TLS when conecting to LDAP
- tls
Max StringVersion Maximum acceptable version of TLS
- tls
Min StringVersion Minimum acceptable version of TLS
- token
Bound List<String>Cidrs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- token
Explicit NumberMax Ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if
token_ttl
andtoken_max_ttl
would otherwise allow a renewal.- token
Max NumberTtl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
No BooleanDefault Policy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
- token
Num NumberUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- token
Period Number If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
- token
Policies List<String> List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
- token
Ttl Number The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
- token
Type String The type of token that should be generated. Can be
service
,batch
, ordefault
to use the mount's tuned default (which unless changed will beservice
tokens). For token store roles, there are two additional possibilities:default-service
anddefault-batch
which specify the type to return unless the client requests a different type at generation time.- upndomain String
The userPrincipalDomain used to construct UPN string
- url String
The URL of the LDAP server
- use
Token BooleanGroups Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
Attribute on user object matching username passed in
- userdn String
Base DN under which to perform user search
- userfilter String
LDAP user search filter
- username
As BooleanAlias Force the auth method to use the username passed by the user as the alias name.
Import
LDAP authentication backends can be imported using the path
, e.g.
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vault
Terraform Provider.