Auth
Provides a resource to create a user in an LDAP auth backend within Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
path: "ldap",
url: "ldaps://dc-01.example.org",
userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
userattr: "sAMAccountName",
upndomain: "EXAMPLE.ORG",
discoverdn: false,
groupdn: "OU=Groups,DC=example,DC=org",
groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
});
const user = new vault.ldap.AuthBackendUser("user", {
username: "test-user",
policies: [
"dba",
"sysops",
],
backend: ldap.path,
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
path="ldap",
url="ldaps://dc-01.example.org",
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
userattr="sAMAccountName",
upndomain="EXAMPLE.ORG",
discoverdn=False,
groupdn="OU=Groups,DC=example,DC=org",
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
user = vault.ldap.AuthBackendUser("user",
username="test-user",
policies=[
"dba",
"sysops",
],
backend=ldap.path)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var ldap = new Vault.Ldap.AuthBackend("ldap", new()
{
Path = "ldap",
Url = "ldaps://dc-01.example.org",
Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
Userattr = "sAMAccountName",
Upndomain = "EXAMPLE.ORG",
Discoverdn = false,
Groupdn = "OU=Groups,DC=example,DC=org",
Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
});
var user = new Vault.Ldap.AuthBackendUser("user", new()
{
Username = "test-user",
Policies = new[]
{
"dba",
"sysops",
},
Backend = ldap.Path,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
Path: pulumi.String("ldap"),
Url: pulumi.String("ldaps://dc-01.example.org"),
Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
Userattr: pulumi.String("sAMAccountName"),
Upndomain: pulumi.String("EXAMPLE.ORG"),
Discoverdn: pulumi.Bool(false),
Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"),
Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
})
if err != nil {
return err
}
_, err = ldap.NewAuthBackendUser(ctx, "user", &ldap.AuthBackendUserArgs{
Username: pulumi.String("test-user"),
Policies: pulumi.StringArray{
pulumi.String("dba"),
pulumi.String("sysops"),
},
Backend: ldap.Path,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import com.pulumi.vault.ldap.AuthBackendUser;
import com.pulumi.vault.ldap.AuthBackendUserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
.path("ldap")
.url("ldaps://dc-01.example.org")
.userdn("OU=Users,OU=Accounts,DC=example,DC=org")
.userattr("sAMAccountName")
.upndomain("EXAMPLE.ORG")
.discoverdn(false)
.groupdn("OU=Groups,DC=example,DC=org")
.groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
.build());
var user = new AuthBackendUser("user", AuthBackendUserArgs.builder()
.username("test-user")
.policies(
"dba",
"sysops")
.backend(ldap.path())
.build());
}
}Content copied to clipboard
resources:
ldap:
type: vault:ldap:AuthBackend
properties:
path: ldap
url: ldaps://dc-01.example.org
userdn: OU=Users,OU=Accounts,DC=example,DC=org
userattr: sAMAccountName
upndomain: EXAMPLE.ORG
discoverdn: false
groupdn: OU=Groups,DC=example,DC=org
groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
user:
type: vault:ldap:AuthBackendUser
properties:
username: test-user
policies:
- dba
- sysops
backend: ${ldap.path}Content copied to clipboard
Import
LDAP authentication backend users can be imported using the path, e.g.
$ pulumi import vault:ldap/authBackendUser:AuthBackendUser foo auth/ldap/users/fooContent copied to clipboard
Properties
Link copied to clipboard
Path to the authentication backend For more details on the usage of each argument consult the Vault LDAP API documentation.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard