pulumi-vault-kotlin/com.pulumi.vault.ldap.kotlin/AuthBackendArgs

AuthBackendArgs

data class AuthBackendArgs(val binddn: Output<String>? = null, val bindpass: Output<String>? = null, val caseSensitiveNames: Output<Boolean>? = null, val certificate: Output<String>? = null, val clientTlsCert: Output<String>? = null, val clientTlsKey: Output<String>? = null, val connectionTimeout: Output<Int>? = null, val denyNullBind: Output<Boolean>? = null, val description: Output<String>? = null, val disableAutomatedRotation: Output<Boolean>? = null, val disableRemount: Output<Boolean>? = null, val discoverdn: Output<Boolean>? = null, val groupattr: Output<String>? = null, val groupdn: Output<String>? = null, val groupfilter: Output<String>? = null, val insecureTls: Output<Boolean>? = null, val local: Output<Boolean>? = null, val maxPageSize: Output<Int>? = null, val namespace: Output<String>? = null, val path: Output<String>? = null, val rotationPeriod: Output<Int>? = null, val rotationSchedule: Output<String>? = null, val rotationWindow: Output<Int>? = null, val starttls: Output<Boolean>? = null, val tlsMaxVersion: Output<String>? = null, val tlsMinVersion: Output<String>? = null, val tokenBoundCidrs: Output<List<String>>? = null, val tokenExplicitMaxTtl: Output<Int>? = null, val tokenMaxTtl: Output<Int>? = null, val tokenNoDefaultPolicy: Output<Boolean>? = null, val tokenNumUses: Output<Int>? = null, val tokenPeriod: Output<Int>? = null, val tokenPolicies: Output<List<String>>? = null, val tokenTtl: Output<Int>? = null, val tokenType: Output<String>? = null, val upndomain: Output<String>? = null, val url: Output<String>? = null, val useTokenGroups: Output<Boolean>? = null, val userattr: Output<String>? = null, val userdn: Output<String>? = null, val userfilter: Output<String>? = null, val usernameAsAlias: Output<Boolean>? = null) : ConvertibleToJava<AuthBackendArgs>

Provides a resource for managing an LDAP auth backend within Vault.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
    path: "ldap",
    url: "ldaps://dc-01.example.org",
    userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
    userattr: "sAMAccountName",
    upndomain: "EXAMPLE.ORG",
    discoverdn: false,
    groupdn: "OU=Groups,DC=example,DC=org",
    groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
    rotationSchedule: "0 * * * SAT",
    rotationWindow: 3600,
});

import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
    path="ldap",
    url="ldaps://dc-01.example.org",
    userdn="OU=Users,OU=Accounts,DC=example,DC=org",
    userattr="sAMAccountName",
    upndomain="EXAMPLE.ORG",
    discoverdn=False,
    groupdn="OU=Groups,DC=example,DC=org",
    groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
    rotation_schedule="0 * * * SAT",
    rotation_window=3600)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var ldap = new Vault.Ldap.AuthBackend("ldap", new()
    {
        Path = "ldap",
        Url = "ldaps://dc-01.example.org",
        Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
        Userattr = "sAMAccountName",
        Upndomain = "EXAMPLE.ORG",
        Discoverdn = false,
        Groupdn = "OU=Groups,DC=example,DC=org",
        Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
        RotationSchedule = "0 * * * SAT",
        RotationWindow = 3600,
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:             pulumi.String("ldap"),
			Url:              pulumi.String("ldaps://dc-01.example.org"),
			Userdn:           pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:         pulumi.String("sAMAccountName"),
			Upndomain:        pulumi.String("EXAMPLE.ORG"),
			Discoverdn:       pulumi.Bool(false),
			Groupdn:          pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter:      pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
			RotationSchedule: pulumi.String("0 * * * SAT"),
			RotationWindow:   pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
            .path("ldap")
            .url("ldaps://dc-01.example.org")
            .userdn("OU=Users,OU=Accounts,DC=example,DC=org")
            .userattr("sAMAccountName")
            .upndomain("EXAMPLE.ORG")
            .discoverdn(false)
            .groupdn("OU=Groups,DC=example,DC=org")
            .groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
            .rotationSchedule("0 * * * SAT")
            .rotationWindow(3600)
            .build());
    }
}

resources:
  ldap:
    type: vault:ldap:AuthBackend
    properties:
      path: ldap
      url: ldaps://dc-01.example.org
      userdn: OU=Users,OU=Accounts,DC=example,DC=org
      userattr: sAMAccountName
      upndomain: EXAMPLE.ORG
      discoverdn: false
      groupdn: OU=Groups,DC=example,DC=org
      groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
      rotationSchedule: 0 * * * SAT
      rotationWindow: 3600

Import

LDAP authentication backends can be imported using the path, e.g.

$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap

Constructors

AuthBackendArgs

constructor(binddn: Output<String>? = null, bindpass: Output<String>? = null, caseSensitiveNames: Output<Boolean>? = null, certificate: Output<String>? = null, clientTlsCert: Output<String>? = null, clientTlsKey: Output<String>? = null, connectionTimeout: Output<Int>? = null, denyNullBind: Output<Boolean>? = null, description: Output<String>? = null, disableAutomatedRotation: Output<Boolean>? = null, disableRemount: Output<Boolean>? = null, discoverdn: Output<Boolean>? = null, groupattr: Output<String>? = null, groupdn: Output<String>? = null, groupfilter: Output<String>? = null, insecureTls: Output<Boolean>? = null, local: Output<Boolean>? = null, maxPageSize: Output<Int>? = null, namespace: Output<String>? = null, path: Output<String>? = null, rotationPeriod: Output<Int>? = null, rotationSchedule: Output<String>? = null, rotationWindow: Output<Int>? = null, starttls: Output<Boolean>? = null, tlsMaxVersion: Output<String>? = null, tlsMinVersion: Output<String>? = null, tokenBoundCidrs: Output<List<String>>? = null, tokenExplicitMaxTtl: Output<Int>? = null, tokenMaxTtl: Output<Int>? = null, tokenNoDefaultPolicy: Output<Boolean>? = null, tokenNumUses: Output<Int>? = null, tokenPeriod: Output<Int>? = null, tokenPolicies: Output<List<String>>? = null, tokenTtl: Output<Int>? = null, tokenType: Output<String>? = null, upndomain: Output<String>? = null, url: Output<String>? = null, useTokenGroups: Output<Boolean>? = null, userattr: Output<String>? = null, userdn: Output<String>? = null, userfilter: Output<String>? = null, usernameAsAlias: Output<Boolean>? = null)

Properties

binddn

val binddn: Output<String>? = null

DN of object to bind when performing user search

bindpass

val bindpass: Output<String>? = null

Password to use with binddn when performing user search

caseSensitiveNames

val caseSensitiveNames: Output<Boolean>? = null

Control case senstivity of objects fetched from LDAP, this is used for object matching in vault

certificate

val certificate: Output<String>? = null

Trusted CA to validate TLS certificate

clientTlsCert

val clientTlsCert: Output<String>? = null

clientTlsKey

val clientTlsKey: Output<String>? = null

connectionTimeout

val connectionTimeout: Output<Int>? = null

Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in url (integer: 30)

denyNullBind

val denyNullBind: Output<Boolean>? = null

Prevents users from bypassing authentication when providing an empty password.

description

val description: Output<String>? = null

Description for the LDAP auth backend mount

disableAutomatedRotation

val disableAutomatedRotation: Output<Boolean>? = null

Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.

disableRemount

val disableRemount: Output<Boolean>? = null

If set, opts out of mount migration on path updates. See here for more info on Mount Migration

discoverdn

val discoverdn: Output<Boolean>? = null

Use anonymous bind to discover the bind DN of a user.

groupattr

val groupattr: Output<String>? = null

LDAP attribute to follow on objects returned by groupfilter

groupdn

val groupdn: Output<String>? = null

Base DN under which to perform group search

groupfilter

val groupfilter: Output<String>? = null

Go template used to construct group membership query

insecureTls

val insecureTls: Output<Boolean>? = null

Control whether or TLS certificates must be validated

local

val local: Output<Boolean>? = null

Specifies if the auth method is local only.

maxPageSize

val maxPageSize: Output<Int>? = null

Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

path

val path: Output<String>? = null

Path to mount the LDAP auth backend under

rotationPeriod

val rotationPeriod: Output<Int>? = null

The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.

rotationSchedule

val rotationSchedule: Output<String>? = null

The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.

rotationWindow

val rotationWindow: Output<Int>? = null

The maximum amount of time in seconds allowed to complete a rotation when a scheduled token rotation occurs. The default rotation window is unbound and the minimum allowable window is 3600. Requires Vault Enterprise 1.19+.

starttls

val starttls: Output<Boolean>? = null

Control use of TLS when conecting to LDAP

tlsMaxVersion

val tlsMaxVersion: Output<String>? = null

Maximum acceptable version of TLS

tlsMinVersion

val tlsMinVersion: Output<String>? = null

Minimum acceptable version of TLS

tokenBoundCidrs