aws-cdk-lib.aws_amazonmq.CfnBroker.LdapServerMetadataProperty

interface LdapServerMetadataProperty

LanguageType name
.NETAmazon.CDK.AWS.AmazonMQ.CfnBroker.LdapServerMetadataProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsamazonmq#CfnBroker_LdapServerMetadataProperty
Javasoftware.amazon.awscdk.services.amazonmq.CfnBroker.LdapServerMetadataProperty
Pythonaws_cdk.aws_amazonmq.CfnBroker.LdapServerMetadataProperty
TypeScript aws-cdk-lib » aws_amazonmq » CfnBroker » LdapServerMetadataProperty

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.

Does not apply to RabbitMQ brokers.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_amazonmq as amazonmq } from 'aws-cdk-lib';
const ldapServerMetadataProperty: amazonmq.CfnBroker.LdapServerMetadataProperty = {
  hosts: ['hosts'],
  roleBase: 'roleBase',
  roleSearchMatching: 'roleSearchMatching',
  serviceAccountPassword: 'serviceAccountPassword',
  serviceAccountUsername: 'serviceAccountUsername',
  userBase: 'userBase',
  userSearchMatching: 'userSearchMatching',

  // the properties below are optional
  roleName: 'roleName',
  roleSearchSubtree: false,
  userRoleName: 'userRoleName',
  userSearchSubtree: false,
};

Properties

NameTypeDescription
hostsstring[]Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory .
roleBasestringThe distinguished name of the node in the directory information tree (DIT) to search for roles or groups.
roleSearchMatchingstringThe LDAP search filter used to find roles within the roleBase.
serviceAccountPasswordstringService account password.
serviceAccountUsernamestringService account username.
userBasestringSelect a particular subtree of the directory information tree (DIT) to search for user entries.
userSearchMatchingstringThe LDAP search filter used to find users within the userBase .
roleName?stringThe group name attribute in a role entry whose value is the name of that role.
roleSearchSubtree?boolean | IResolvableThe directory search scope for the role.
userRoleName?stringThe name of the LDAP attribute in the user's directory entry for the user's group membership.
userSearchSubtree?boolean | IResolvableThe directory search scope for the user.

hosts

Type: string[]

Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory .

Optional failover server.


roleBase

Type: string

The distinguished name of the node in the directory information tree (DIT) to search for roles or groups.

For example, ou=group , ou=corp , dc=corp , dc=example , dc=com .


roleSearchMatching

Type: string

The LDAP search filter used to find roles within the roleBase.

The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1}) for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the RoleBases .


serviceAccountPassword

Type: string

Service account password.

A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin , dc=corp , dc=example , dc=com .


serviceAccountUsername

Type: string

Service account username.

A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin , ou=corp , dc=corp , dc=example , dc=com .


userBase

Type: string

Select a particular subtree of the directory information tree (DIT) to search for user entries.

The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users , ou=corp , dc=corp , dc=example , dc=com , the search for user entries is restricted to the subtree beneath ou=Users , ou=corp , dc=corp , dc=example , dc=com .


userSearchMatching

Type: string

The LDAP search filter used to find users within the userBase .

The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe , the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe , ou=Users , ou=corp , dc=corp , dc=example , dc=com .


roleName?

Type: string (optional)

The group name attribute in a role entry whose value is the name of that role.

For example, you can specify cn for a group entry's common name. If authentication succeeds, then the user is assigned the the value of the cn attribute for each role entry that they are a member of.


roleSearchSubtree?

Type: boolean | IResolvable (optional)

The directory search scope for the role.

If set to true, scope is to search the entire subtree.


userRoleName?

Type: string (optional)

The name of the LDAP attribute in the user's directory entry for the user's group membership.

In some cases, user roles may be identified by the value of an attribute in the user's directory entry. The UserRoleName option allows you to provide the name of this attribute.


userSearchSubtree?

Type: boolean | IResolvable (optional)

The directory search scope for the user.

If set to true, scope is to search the entire subtree.