HashiCorp Vault v7.4.0 published on Wednesday, Nov 5, 2025 by Pulumi
vault.ldap.AuthBackend
Start a Neo task
Explain and create a vault.ldap.AuthBackend resource
Provides a resource for managing an LDAP auth backend within Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const ldap = new vault.ldap.AuthBackend("ldap", {
path: "ldap",
url: "ldaps://dc-01.example.org",
userdn: "OU=Users,OU=Accounts,DC=example,DC=org",
userattr: "sAMAccountName",
upndomain: "EXAMPLE.ORG",
discoverdn: false,
groupdn: "OU=Groups,DC=example,DC=org",
groupfilter: "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
rotationSchedule: "0 * * * SAT",
rotationWindow: 3600,
requestTimeout: 30,
dereferenceAliases: "always",
enableSamaccountnameLogin: false,
anonymousGroupSearch: false,
});
import pulumi
import pulumi_vault as vault
ldap = vault.ldap.AuthBackend("ldap",
path="ldap",
url="ldaps://dc-01.example.org",
userdn="OU=Users,OU=Accounts,DC=example,DC=org",
userattr="sAMAccountName",
upndomain="EXAMPLE.ORG",
discoverdn=False,
groupdn="OU=Groups,DC=example,DC=org",
groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
rotation_schedule="0 * * * SAT",
rotation_window=3600,
request_timeout=30,
dereference_aliases="always",
enable_samaccountname_login=False,
anonymous_group_search=False)
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v7/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
Path: pulumi.String("ldap"),
Url: pulumi.String("ldaps://dc-01.example.org"),
Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
Userattr: pulumi.String("sAMAccountName"),
Upndomain: pulumi.String("EXAMPLE.ORG"),
Discoverdn: pulumi.Bool(false),
Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"),
Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
RotationSchedule: pulumi.String("0 * * * SAT"),
RotationWindow: pulumi.Int(3600),
RequestTimeout: pulumi.Int(30),
DereferenceAliases: pulumi.String("always"),
EnableSamaccountnameLogin: pulumi.Bool(false),
AnonymousGroupSearch: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var ldap = new Vault.Ldap.AuthBackend("ldap", new()
{
Path = "ldap",
Url = "ldaps://dc-01.example.org",
Userdn = "OU=Users,OU=Accounts,DC=example,DC=org",
Userattr = "sAMAccountName",
Upndomain = "EXAMPLE.ORG",
Discoverdn = false,
Groupdn = "OU=Groups,DC=example,DC=org",
Groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
RotationSchedule = "0 * * * SAT",
RotationWindow = 3600,
RequestTimeout = 30,
DereferenceAliases = "always",
EnableSamaccountnameLogin = false,
AnonymousGroupSearch = false,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.AuthBackend;
import com.pulumi.vault.ldap.AuthBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ldap = new AuthBackend("ldap", AuthBackendArgs.builder()
.path("ldap")
.url("ldaps://dc-01.example.org")
.userdn("OU=Users,OU=Accounts,DC=example,DC=org")
.userattr("sAMAccountName")
.upndomain("EXAMPLE.ORG")
.discoverdn(false)
.groupdn("OU=Groups,DC=example,DC=org")
.groupfilter("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
.rotationSchedule("0 * * * SAT")
.rotationWindow(3600)
.requestTimeout(30)
.dereferenceAliases("always")
.enableSamaccountnameLogin(false)
.anonymousGroupSearch(false)
.build());
}
}
resources:
ldap:
type: vault:ldap:AuthBackend
properties:
path: ldap
url: ldaps://dc-01.example.org
userdn: OU=Users,OU=Accounts,DC=example,DC=org
userattr: sAMAccountName
upndomain: EXAMPLE.ORG
discoverdn: false
groupdn: OU=Groups,DC=example,DC=org
groupfilter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
rotationSchedule: 0 * * * SAT
rotationWindow: 3600
requestTimeout: 30
dereferenceAliases: always
enableSamaccountnameLogin: false
anonymousGroupSearch: false
Create AuthBackend Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthBackend(name: string, args: AuthBackendArgs, opts?: CustomResourceOptions);@overload
def AuthBackend(resource_name: str,
args: AuthBackendArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthBackend(resource_name: str,
opts: Optional[ResourceOptions] = None,
url: Optional[str] = None,
path: Optional[str] = None,
groupdn: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
connection_timeout: Optional[int] = None,
deny_null_bind: Optional[bool] = None,
dereference_aliases: Optional[str] = None,
description: Optional[str] = None,
disable_automated_rotation: Optional[bool] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
enable_samaccountname_login: Optional[bool] = None,
groupattr: Optional[str] = None,
rotation_period: Optional[int] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
anonymous_group_search: Optional[bool] = None,
bindpass: Optional[str] = None,
request_timeout: Optional[int] = None,
tune: Optional[AuthBackendTuneArgs] = None,
rotation_window: Optional[int] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
rotation_schedule: Optional[str] = None,
upndomain: Optional[str] = None,
binddn: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None)func NewAuthBackend(ctx *Context, name string, args AuthBackendArgs, opts ...ResourceOption) (*AuthBackend, error)public AuthBackend(string name, AuthBackendArgs args, CustomResourceOptions? opts = null)
public AuthBackend(String name, AuthBackendArgs args)
public AuthBackend(String name, AuthBackendArgs args, CustomResourceOptions options)
type: vault:ldap:AuthBackend
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthBackendArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleauthBackendResourceResourceFromLdapauthBackend = new Vault.Ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", new()
{
Url = "string",
Path = "string",
Groupdn = "string",
CaseSensitiveNames = false,
Certificate = "string",
ClientTlsCert = "string",
ClientTlsKey = "string",
ConnectionTimeout = 0,
DenyNullBind = false,
DereferenceAliases = "string",
Description = "string",
DisableAutomatedRotation = false,
DisableRemount = false,
Discoverdn = false,
EnableSamaccountnameLogin = false,
Groupattr = "string",
RotationPeriod = 0,
Groupfilter = "string",
InsecureTls = false,
Local = false,
MaxPageSize = 0,
Namespace = "string",
AnonymousGroupSearch = false,
Bindpass = "string",
RequestTimeout = 0,
Tune = new Vault.Ldap.Inputs.AuthBackendTuneArgs
{
AllowedResponseHeaders = new[]
{
"string",
},
AuditNonHmacRequestKeys = new[]
{
"string",
},
AuditNonHmacResponseKeys = new[]
{
"string",
},
DefaultLeaseTtl = "string",
ListingVisibility = "string",
MaxLeaseTtl = "string",
PassthroughRequestHeaders = new[]
{
"string",
},
TokenType = "string",
},
RotationWindow = 0,
Starttls = false,
TlsMaxVersion = "string",
TlsMinVersion = "string",
TokenBoundCidrs = new[]
{
"string",
},
TokenExplicitMaxTtl = 0,
TokenMaxTtl = 0,
TokenNoDefaultPolicy = false,
TokenNumUses = 0,
TokenPeriod = 0,
TokenPolicies = new[]
{
"string",
},
TokenTtl = 0,
TokenType = "string",
RotationSchedule = "string",
Upndomain = "string",
Binddn = "string",
UseTokenGroups = false,
Userattr = "string",
Userdn = "string",
Userfilter = "string",
UsernameAsAlias = false,
});
example, err := ldap.NewAuthBackend(ctx, "exampleauthBackendResourceResourceFromLdapauthBackend", &ldap.AuthBackendArgs{
Url: pulumi.String("string"),
Path: pulumi.String("string"),
Groupdn: pulumi.String("string"),
CaseSensitiveNames: pulumi.Bool(false),
Certificate: pulumi.String("string"),
ClientTlsCert: pulumi.String("string"),
ClientTlsKey: pulumi.String("string"),
ConnectionTimeout: pulumi.Int(0),
DenyNullBind: pulumi.Bool(false),
DereferenceAliases: pulumi.String("string"),
Description: pulumi.String("string"),
DisableAutomatedRotation: pulumi.Bool(false),
DisableRemount: pulumi.Bool(false),
Discoverdn: pulumi.Bool(false),
EnableSamaccountnameLogin: pulumi.Bool(false),
Groupattr: pulumi.String("string"),
RotationPeriod: pulumi.Int(0),
Groupfilter: pulumi.String("string"),
InsecureTls: pulumi.Bool(false),
Local: pulumi.Bool(false),
MaxPageSize: pulumi.Int(0),
Namespace: pulumi.String("string"),
AnonymousGroupSearch: pulumi.Bool(false),
Bindpass: pulumi.String("string"),
RequestTimeout: pulumi.Int(0),
Tune: &ldap.AuthBackendTuneArgs{
AllowedResponseHeaders: pulumi.StringArray{
pulumi.String("string"),
},
AuditNonHmacRequestKeys: pulumi.StringArray{
pulumi.String("string"),
},
AuditNonHmacResponseKeys: pulumi.StringArray{
pulumi.String("string"),
},
DefaultLeaseTtl: pulumi.String("string"),
ListingVisibility: pulumi.String("string"),
MaxLeaseTtl: pulumi.String("string"),
PassthroughRequestHeaders: pulumi.StringArray{
pulumi.String("string"),
},
TokenType: pulumi.String("string"),
},
RotationWindow: pulumi.Int(0),
Starttls: pulumi.Bool(false),
TlsMaxVersion: pulumi.String("string"),
TlsMinVersion: pulumi.String("string"),
TokenBoundCidrs: pulumi.StringArray{
pulumi.String("string"),
},
TokenExplicitMaxTtl: pulumi.Int(0),
TokenMaxTtl: pulumi.Int(0),
TokenNoDefaultPolicy: pulumi.Bool(false),
TokenNumUses: pulumi.Int(0),
TokenPeriod: pulumi.Int(0),
TokenPolicies: pulumi.StringArray{
pulumi.String("string"),
},
TokenTtl: pulumi.Int(0),
TokenType: pulumi.String("string"),
RotationSchedule: pulumi.String("string"),
Upndomain: pulumi.String("string"),
Binddn: pulumi.String("string"),
UseTokenGroups: pulumi.Bool(false),
Userattr: pulumi.String("string"),
Userdn: pulumi.String("string"),
Userfilter: pulumi.String("string"),
UsernameAsAlias: pulumi.Bool(false),
})
var exampleauthBackendResourceResourceFromLdapauthBackend = new com.pulumi.vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", com.pulumi.vault.ldap.AuthBackendArgs.builder()
.url("string")
.path("string")
.groupdn("string")
.caseSensitiveNames(false)
.certificate("string")
.clientTlsCert("string")
.clientTlsKey("string")
.connectionTimeout(0)
.denyNullBind(false)
.dereferenceAliases("string")
.description("string")
.disableAutomatedRotation(false)
.disableRemount(false)
.discoverdn(false)
.enableSamaccountnameLogin(false)
.groupattr("string")
.rotationPeriod(0)
.groupfilter("string")
.insecureTls(false)
.local(false)
.maxPageSize(0)
.namespace("string")
.anonymousGroupSearch(false)
.bindpass("string")
.requestTimeout(0)
.tune(AuthBackendTuneArgs.builder()
.allowedResponseHeaders("string")
.auditNonHmacRequestKeys("string")
.auditNonHmacResponseKeys("string")
.defaultLeaseTtl("string")
.listingVisibility("string")
.maxLeaseTtl("string")
.passthroughRequestHeaders("string")
.tokenType("string")
.build())
.rotationWindow(0)
.starttls(false)
.tlsMaxVersion("string")
.tlsMinVersion("string")
.tokenBoundCidrs("string")
.tokenExplicitMaxTtl(0)
.tokenMaxTtl(0)
.tokenNoDefaultPolicy(false)
.tokenNumUses(0)
.tokenPeriod(0)
.tokenPolicies("string")
.tokenTtl(0)
.tokenType("string")
.rotationSchedule("string")
.upndomain("string")
.binddn("string")
.useTokenGroups(false)
.userattr("string")
.userdn("string")
.userfilter("string")
.usernameAsAlias(false)
.build());
exampleauth_backend_resource_resource_from_ldapauth_backend = vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend",
url="string",
path="string",
groupdn="string",
case_sensitive_names=False,
certificate="string",
client_tls_cert="string",
client_tls_key="string",
connection_timeout=0,
deny_null_bind=False,
dereference_aliases="string",
description="string",
disable_automated_rotation=False,
disable_remount=False,
discoverdn=False,
enable_samaccountname_login=False,
groupattr="string",
rotation_period=0,
groupfilter="string",
insecure_tls=False,
local=False,
max_page_size=0,
namespace="string",
anonymous_group_search=False,
bindpass="string",
request_timeout=0,
tune={
"allowed_response_headers": ["string"],
"audit_non_hmac_request_keys": ["string"],
"audit_non_hmac_response_keys": ["string"],
"default_lease_ttl": "string",
"listing_visibility": "string",
"max_lease_ttl": "string",
"passthrough_request_headers": ["string"],
"token_type": "string",
},
rotation_window=0,
starttls=False,
tls_max_version="string",
tls_min_version="string",
token_bound_cidrs=["string"],
token_explicit_max_ttl=0,
token_max_ttl=0,
token_no_default_policy=False,
token_num_uses=0,
token_period=0,
token_policies=["string"],
token_ttl=0,
token_type="string",
rotation_schedule="string",
upndomain="string",
binddn="string",
use_token_groups=False,
userattr="string",
userdn="string",
userfilter="string",
username_as_alias=False)
const exampleauthBackendResourceResourceFromLdapauthBackend = new vault.ldap.AuthBackend("exampleauthBackendResourceResourceFromLdapauthBackend", {
url: "string",
path: "string",
groupdn: "string",
caseSensitiveNames: false,
certificate: "string",
clientTlsCert: "string",
clientTlsKey: "string",
connectionTimeout: 0,
denyNullBind: false,
dereferenceAliases: "string",
description: "string",
disableAutomatedRotation: false,
disableRemount: false,
discoverdn: false,
enableSamaccountnameLogin: false,
groupattr: "string",
rotationPeriod: 0,
groupfilter: "string",
insecureTls: false,
local: false,
maxPageSize: 0,
namespace: "string",
anonymousGroupSearch: false,
bindpass: "string",
requestTimeout: 0,
tune: {
allowedResponseHeaders: ["string"],
auditNonHmacRequestKeys: ["string"],
auditNonHmacResponseKeys: ["string"],
defaultLeaseTtl: "string",
listingVisibility: "string",
maxLeaseTtl: "string",
passthroughRequestHeaders: ["string"],
tokenType: "string",
},
rotationWindow: 0,
starttls: false,
tlsMaxVersion: "string",
tlsMinVersion: "string",
tokenBoundCidrs: ["string"],
tokenExplicitMaxTtl: 0,
tokenMaxTtl: 0,
tokenNoDefaultPolicy: false,
tokenNumUses: 0,
tokenPeriod: 0,
tokenPolicies: ["string"],
tokenTtl: 0,
tokenType: "string",
rotationSchedule: "string",
upndomain: "string",
binddn: "string",
useTokenGroups: false,
userattr: "string",
userdn: "string",
userfilter: "string",
usernameAsAlias: false,
});
type: vault:ldap:AuthBackend
properties:
anonymousGroupSearch: false
binddn: string
bindpass: string
caseSensitiveNames: false
certificate: string
clientTlsCert: string
clientTlsKey: string
connectionTimeout: 0
denyNullBind: false
dereferenceAliases: string
description: string
disableAutomatedRotation: false
disableRemount: false
discoverdn: false
enableSamaccountnameLogin: false
groupattr: string
groupdn: string
groupfilter: string
insecureTls: false
local: false
maxPageSize: 0
namespace: string
path: string
requestTimeout: 0
rotationPeriod: 0
rotationSchedule: string
rotationWindow: 0
starttls: false
tlsMaxVersion: string
tlsMinVersion: string
tokenBoundCidrs:
- string
tokenExplicitMaxTtl: 0
tokenMaxTtl: 0
tokenNoDefaultPolicy: false
tokenNumUses: 0
tokenPeriod: 0
tokenPolicies:
- string
tokenTtl: 0
tokenType: string
tune:
allowedResponseHeaders:
- string
auditNonHmacRequestKeys:
- string
auditNonHmacResponseKeys:
- string
defaultLeaseTtl: string
listingVisibility: string
maxLeaseTtl: string
passthroughRequestHeaders:
- string
tokenType: string
upndomain: string
url: string
useTokenGroups: false
userattr: string
userdn: string
userfilter: string
usernameAsAlias: false
AuthBackend Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthBackend resource accepts the following input properties:
- Url string
- The URL of the LDAP server
- Anonymous
Group boolSearch - Allows anonymous group searches.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddnwhen performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- Description string
- Description for the LDAP auth backend mount
- Disable
Automated boolRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Enable
Samaccountname boolLogin - Enables login using the sAMAccountName attribute.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Request
Timeout int - The timeout(in sec) for requests to the LDAP server.
- Rotation
Period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- Rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- Rotation
Window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies List<string> - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- Tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- Upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Url string
- The URL of the LDAP server
- Anonymous
Group boolSearch - Allows anonymous group searches.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddnwhen performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- Description string
- Description for the LDAP auth backend mount
- Disable
Automated boolRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Enable
Samaccountname boolLogin - Enables login using the sAMAccountName attribute.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Request
Timeout int - The timeout(in sec) for requests to the LDAP server.
- Rotation
Period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- Rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- Rotation
Window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies []string - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- Tune
Auth
Backend Tune Args Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- Upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- anonymous
Group BooleanSearch - Allows anonymous group searches.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddnwhen performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Integer - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases String - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description String
- Description for the LDAP auth backend mount
- disable
Automated BooleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname BooleanLogin - Enables login using the sAMAccountName attribute.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- request
Timeout Integer - The timeout(in sec) for requests to the LDAP server.
- rotation
Period Integer - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule String - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window Integer - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit IntegerMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max IntegerTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num IntegerUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Integer - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Integer - The initial ttl of the token to generate in seconds
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain String
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url string
- The URL of the LDAP server
- anonymous
Group booleanSearch - Allows anonymous group searches.
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddnwhen performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - connection
Timeout number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description string
- Description for the LDAP auth backend mount
- disable
Automated booleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname booleanLogin - Enables login using the sAMAccountName attribute.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- request
Timeout number - The timeout(in sec) for requests to the LDAP server.
- rotation
Period number - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window number - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit numberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max numberTtl - The maximum lifetime of the generated token
- token
No booleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num numberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period number - Generated Token's Period
- token
Policies string[] - Generated Token's Policies
- token
Ttl number - The initial ttl of the token to generate in seconds
- token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- url str
- The URL of the LDAP server
- anonymous_
group_ boolsearch - Allows anonymous group searches.
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddnwhen performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - connection_
timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- dereference_
aliases str - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description str
- Description for the LDAP auth backend mount
- disable_
automated_ boolrotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- enable_
samaccountname_ boollogin - Enables login using the sAMAccountName attribute.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- request_
timeout int - The timeout(in sec) for requests to the LDAP server.
- rotation_
period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation_
schedule str - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation_
window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token_
explicit_ intmax_ ttl - Generated Token's Explicit Maximum TTL in seconds
- token_
max_ intttl - The maximum lifetime of the generated token
- token_
no_ booldefault_ policy - If true, the 'default' policy will not automatically be added to generated tokens
- token_
num_ intuses - The maximum number of times a token may be used, a value of zero means unlimited
- token_
period int - Generated Token's Period
- token_
policies Sequence[str] - Generated Token's Policies
- token_
ttl int - The initial ttl of the token to generate in seconds
- token_
type str - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Args Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain str
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- url String
- The URL of the LDAP server
- anonymous
Group BooleanSearch - Allows anonymous group searches.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddnwhen performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases String - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description String
- Description for the LDAP auth backend mount
- disable
Automated BooleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname BooleanLogin - Enables login using the sAMAccountName attribute.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- request
Timeout Number - The timeout(in sec) for requests to the LDAP server.
- rotation
Period Number - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule String - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window Number - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit NumberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max NumberTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num NumberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Number - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Number - The initial ttl of the token to generate in seconds
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune Property Map
Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain String
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthBackend resource produces the following output properties:
Look up Existing AuthBackend Resource
Get an existing AuthBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthBackendState, opts?: CustomResourceOptions): AuthBackend@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accessor: Optional[str] = None,
anonymous_group_search: Optional[bool] = None,
binddn: Optional[str] = None,
bindpass: Optional[str] = None,
case_sensitive_names: Optional[bool] = None,
certificate: Optional[str] = None,
client_tls_cert: Optional[str] = None,
client_tls_key: Optional[str] = None,
connection_timeout: Optional[int] = None,
deny_null_bind: Optional[bool] = None,
dereference_aliases: Optional[str] = None,
description: Optional[str] = None,
disable_automated_rotation: Optional[bool] = None,
disable_remount: Optional[bool] = None,
discoverdn: Optional[bool] = None,
enable_samaccountname_login: Optional[bool] = None,
groupattr: Optional[str] = None,
groupdn: Optional[str] = None,
groupfilter: Optional[str] = None,
insecure_tls: Optional[bool] = None,
local: Optional[bool] = None,
max_page_size: Optional[int] = None,
namespace: Optional[str] = None,
path: Optional[str] = None,
request_timeout: Optional[int] = None,
rotation_period: Optional[int] = None,
rotation_schedule: Optional[str] = None,
rotation_window: Optional[int] = None,
starttls: Optional[bool] = None,
tls_max_version: Optional[str] = None,
tls_min_version: Optional[str] = None,
token_bound_cidrs: Optional[Sequence[str]] = None,
token_explicit_max_ttl: Optional[int] = None,
token_max_ttl: Optional[int] = None,
token_no_default_policy: Optional[bool] = None,
token_num_uses: Optional[int] = None,
token_period: Optional[int] = None,
token_policies: Optional[Sequence[str]] = None,
token_ttl: Optional[int] = None,
token_type: Optional[str] = None,
tune: Optional[AuthBackendTuneArgs] = None,
upndomain: Optional[str] = None,
url: Optional[str] = None,
use_token_groups: Optional[bool] = None,
userattr: Optional[str] = None,
userdn: Optional[str] = None,
userfilter: Optional[str] = None,
username_as_alias: Optional[bool] = None) -> AuthBackendfunc GetAuthBackend(ctx *Context, name string, id IDInput, state *AuthBackendState, opts ...ResourceOption) (*AuthBackend, error)public static AuthBackend Get(string name, Input<string> id, AuthBackendState? state, CustomResourceOptions? opts = null)public static AuthBackend get(String name, Output<String> id, AuthBackendState state, CustomResourceOptions options)resources: _: type: vault:ldap:AuthBackend get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accessor string
- The accessor for this auth mount.
- Anonymous
Group boolSearch - Allows anonymous group searches.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddnwhen performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- Description string
- Description for the LDAP auth backend mount
- Disable
Automated boolRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Enable
Samaccountname boolLogin - Enables login using the sAMAccountName attribute.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Request
Timeout int - The timeout(in sec) for requests to the LDAP server.
- Rotation
Period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- Rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- Rotation
Window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound List<string>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies List<string> - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- Tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- Upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- Accessor string
- The accessor for this auth mount.
- Anonymous
Group boolSearch - Allows anonymous group searches.
- Binddn string
- DN of object to bind when performing user search
- Bindpass string
- Password to use with
binddnwhen performing user search - Case
Sensitive boolNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- Certificate string
- Trusted CA to validate TLS certificate
- Client
Tls stringCert - Client
Tls stringKey - Connection
Timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - Deny
Null boolBind - Prevents users from bypassing authentication when providing an empty password.
- Dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- Description string
- Description for the LDAP auth backend mount
- Disable
Automated boolRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- Disable
Remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- Discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- Enable
Samaccountname boolLogin - Enables login using the sAMAccountName attribute.
- Groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- Groupdn string
- Base DN under which to perform group search
- Groupfilter string
- Go template used to construct group membership query
- Insecure
Tls bool - Control whether or TLS certificates must be validated
- Local bool
- Specifies if the auth method is local only.
- Max
Page intSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Path string
- Path to mount the LDAP auth backend under
- Request
Timeout int - The timeout(in sec) for requests to the LDAP server.
- Rotation
Period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- Rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- Rotation
Window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - Starttls bool
- Control use of TLS when conecting to LDAP
- Tls
Max stringVersion - Maximum acceptable version of TLS
- Tls
Min stringVersion - Minimum acceptable version of TLS
- Token
Bound []stringCidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- Token
Explicit intMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- Token
Max intTtl - The maximum lifetime of the generated token
- Token
No boolDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- Token
Num intUses - The maximum number of times a token may be used, a value of zero means unlimited
- Token
Period int - Generated Token's Period
- Token
Policies []string - Generated Token's Policies
- Token
Ttl int - The initial ttl of the token to generate in seconds
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- Tune
Auth
Backend Tune Args Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- Upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - Url string
- The URL of the LDAP server
- Use
Token boolGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- Userattr string
- Attribute on user object matching username passed in
- Userdn string
- Base DN under which to perform user search
- Userfilter string
- LDAP user search filter
- Username
As boolAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- anonymous
Group BooleanSearch - Allows anonymous group searches.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddnwhen performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Integer - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases String - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description String
- Description for the LDAP auth backend mount
- disable
Automated BooleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname BooleanLogin - Enables login using the sAMAccountName attribute.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page IntegerSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- request
Timeout Integer - The timeout(in sec) for requests to the LDAP server.
- rotation
Period Integer - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule String - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window Integer - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit IntegerMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max IntegerTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num IntegerUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Integer - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Integer - The initial ttl of the token to generate in seconds
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain String
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor string
- The accessor for this auth mount.
- anonymous
Group booleanSearch - Allows anonymous group searches.
- binddn string
- DN of object to bind when performing user search
- bindpass string
- Password to use with
binddnwhen performing user search - case
Sensitive booleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate string
- Trusted CA to validate TLS certificate
- client
Tls stringCert - client
Tls stringKey - connection
Timeout number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null booleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases string - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description string
- Description for the LDAP auth backend mount
- disable
Automated booleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname booleanLogin - Enables login using the sAMAccountName attribute.
- groupattr string
- LDAP attribute to follow on objects returned by groupfilter
- groupdn string
- Base DN under which to perform group search
- groupfilter string
- Go template used to construct group membership query
- insecure
Tls boolean - Control whether or TLS certificates must be validated
- local boolean
- Specifies if the auth method is local only.
- max
Page numberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path string
- Path to mount the LDAP auth backend under
- request
Timeout number - The timeout(in sec) for requests to the LDAP server.
- rotation
Period number - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule string - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window number - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls boolean
- Control use of TLS when conecting to LDAP
- tls
Max stringVersion - Maximum acceptable version of TLS
- tls
Min stringVersion - Minimum acceptable version of TLS
- token
Bound string[]Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit numberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max numberTtl - The maximum lifetime of the generated token
- token
No booleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num numberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period number - Generated Token's Period
- token
Policies string[] - Generated Token's Policies
- token
Ttl number - The initial ttl of the token to generate in seconds
- token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain string
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - url string
- The URL of the LDAP server
- use
Token booleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr string
- Attribute on user object matching username passed in
- userdn string
- Base DN under which to perform user search
- userfilter string
- LDAP user search filter
- username
As booleanAlias - Force the auth method to use the username passed by the user as the alias name.
- accessor str
- The accessor for this auth mount.
- anonymous_
group_ boolsearch - Allows anonymous group searches.
- binddn str
- DN of object to bind when performing user search
- bindpass str
- Password to use with
binddnwhen performing user search - case_
sensitive_ boolnames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate str
- Trusted CA to validate TLS certificate
- client_
tls_ strcert - client_
tls_ strkey - connection_
timeout int - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny_
null_ boolbind - Prevents users from bypassing authentication when providing an empty password.
- dereference_
aliases str - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description str
- Description for the LDAP auth backend mount
- disable_
automated_ boolrotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable_
remount bool - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn bool
- Use anonymous bind to discover the bind DN of a user.
- enable_
samaccountname_ boollogin - Enables login using the sAMAccountName attribute.
- groupattr str
- LDAP attribute to follow on objects returned by groupfilter
- groupdn str
- Base DN under which to perform group search
- groupfilter str
- Go template used to construct group membership query
- insecure_
tls bool - Control whether or TLS certificates must be validated
- local bool
- Specifies if the auth method is local only.
- max_
page_ intsize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path str
- Path to mount the LDAP auth backend under
- request_
timeout int - The timeout(in sec) for requests to the LDAP server.
- rotation_
period int - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation_
schedule str - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation_
window int - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls bool
- Control use of TLS when conecting to LDAP
- tls_
max_ strversion - Maximum acceptable version of TLS
- tls_
min_ strversion - Minimum acceptable version of TLS
- token_
bound_ Sequence[str]cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token_
explicit_ intmax_ ttl - Generated Token's Explicit Maximum TTL in seconds
- token_
max_ intttl - The maximum lifetime of the generated token
- token_
no_ booldefault_ policy - If true, the 'default' policy will not automatically be added to generated tokens
- token_
num_ intuses - The maximum number of times a token may be used, a value of zero means unlimited
- token_
period int - Generated Token's Period
- token_
policies Sequence[str] - Generated Token's Policies
- token_
ttl int - The initial ttl of the token to generate in seconds
- token_
type str - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune
Auth
Backend Tune Args Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain str
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - url str
- The URL of the LDAP server
- use_
token_ boolgroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr str
- Attribute on user object matching username passed in
- userdn str
- Base DN under which to perform user search
- userfilter str
- LDAP user search filter
- username_
as_ boolalias - Force the auth method to use the username passed by the user as the alias name.
- accessor String
- The accessor for this auth mount.
- anonymous
Group BooleanSearch - Allows anonymous group searches.
- binddn String
- DN of object to bind when performing user search
- bindpass String
- Password to use with
binddnwhen performing user search - case
Sensitive BooleanNames - Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
- certificate String
- Trusted CA to validate TLS certificate
- client
Tls StringCert - client
Tls StringKey - connection
Timeout Number - Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in
url(integer: 30) - deny
Null BooleanBind - Prevents users from bypassing authentication when providing an empty password.
- dereference
Aliases String - Specifies how aliases are dereferenced during LDAP searches. Valid values are 'never','searching','finding', and 'always'.
- description String
- Description for the LDAP auth backend mount
- disable
Automated BooleanRotation - Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
- disable
Remount Boolean - If set, opts out of mount migration on path updates. See here for more info on Mount Migration
- discoverdn Boolean
- Use anonymous bind to discover the bind DN of a user.
- enable
Samaccountname BooleanLogin - Enables login using the sAMAccountName attribute.
- groupattr String
- LDAP attribute to follow on objects returned by groupfilter
- groupdn String
- Base DN under which to perform group search
- groupfilter String
- Go template used to construct group membership query
- insecure
Tls Boolean - Control whether or TLS certificates must be validated
- local Boolean
- Specifies if the auth method is local only.
- max
Page NumberSize - Sets the max page size for LDAP lookups, by default it's set to -1. Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+.
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - path String
- Path to mount the LDAP auth backend under
- request
Timeout Number - The timeout(in sec) for requests to the LDAP server.
- rotation
Period Number - The amount of time in seconds Vault should wait before rotating the root credential. A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
- rotation
Schedule String - The schedule, in cron-style time format, defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
- rotation
Window Number - The maximum amount of time in seconds allowed to complete
a rotation when a scheduled token rotation occurs. The default rotation window is
unbound and the minimum allowable window is
3600. Requires Vault Enterprise 1.19+. - starttls Boolean
- Control use of TLS when conecting to LDAP
- tls
Max StringVersion - Maximum acceptable version of TLS
- tls
Min StringVersion - Minimum acceptable version of TLS
- token
Bound List<String>Cidrs - Specifies the blocks of IP addresses which are allowed to use the generated token
- token
Explicit NumberMax Ttl - Generated Token's Explicit Maximum TTL in seconds
- token
Max NumberTtl - The maximum lifetime of the generated token
- token
No BooleanDefault Policy - If true, the 'default' policy will not automatically be added to generated tokens
- token
Num NumberUses - The maximum number of times a token may be used, a value of zero means unlimited
- token
Period Number - Generated Token's Period
- token
Policies List<String> - Generated Token's Policies
- token
Ttl Number - The initial ttl of the token to generate in seconds
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- tune Property Map
Extra configuration block. Structure is documented below.
The
tuneblock is used to tune the auth backend:- upndomain String
- The
userPrincipalDomainused to construct the UPN string for the authenticating user. - url String
- The URL of the LDAP server
- use
Token BooleanGroups - Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
- userattr String
- Attribute on user object matching username passed in
- userdn String
- Base DN under which to perform user search
- userfilter String
- LDAP user search filter
- username
As BooleanAlias - Force the auth method to use the username passed by the user as the alias name.
Supporting Types
AuthBackendTune, AuthBackendTuneArgs
- Allowed
Response List<string>Headers - List of headers to whitelist and allowing a plugin to include them in the response.
- Audit
Non List<string>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non List<string>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease stringTtl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- Max
Lease stringTtl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- Passthrough
Request List<string>Headers - List of headers to whitelist and pass from the request to the backend.
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- Allowed
Response []stringHeaders - List of headers to whitelist and allowing a plugin to include them in the response.
- Audit
Non []stringHmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- Audit
Non []stringHmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- Default
Lease stringTtl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- Listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- Max
Lease stringTtl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- Passthrough
Request []stringHeaders - List of headers to whitelist and pass from the request to the backend.
- Token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- allowed
Response List<String>Headers - List of headers to whitelist and allowing a plugin to include them in the response.
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease StringTtl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- max
Lease StringTtl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- passthrough
Request List<String>Headers - List of headers to whitelist and pass from the request to the backend.
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- allowed
Response string[]Headers - List of headers to whitelist and allowing a plugin to include them in the response.
- audit
Non string[]Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non string[]Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease stringTtl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- listing
Visibility string - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- max
Lease stringTtl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- passthrough
Request string[]Headers - List of headers to whitelist and pass from the request to the backend.
- token
Type string - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- allowed_
response_ Sequence[str]headers - List of headers to whitelist and allowing a plugin to include them in the response.
- audit_
non_ Sequence[str]hmac_ request_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit_
non_ Sequence[str]hmac_ response_ keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default_
lease_ strttl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- listing_
visibility str - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- max_
lease_ strttl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- passthrough_
request_ Sequence[str]headers - List of headers to whitelist and pass from the request to the backend.
- token_
type str - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
- allowed
Response List<String>Headers - List of headers to whitelist and allowing a plugin to include them in the response.
- audit
Non List<String>Hmac Request Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
- audit
Non List<String>Hmac Response Keys - Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
- default
Lease StringTtl - Specifies the default time-to-live. If set, this overrides the global default. Must be a valid duration string
- listing
Visibility String - Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
- max
Lease StringTtl - Specifies the maximum time-to-live. If set, this overrides the global default. Must be a valid duration string
- passthrough
Request List<String>Headers - List of headers to whitelist and pass from the request to the backend.
- token
Type String - Specifies the type of tokens that should be returned by the mount. Valid values are "default-service", "default-batch", "service", "batch".
Import
LDAP authentication backends can be imported using the path, e.g.
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.
