Provides a resource to create a group in an LDAP auth backend within Vault.
resource "vault_ldap_auth_backend" "ldap" {
path = "ldap"
url = "ldaps://dc-01.example.org"
userdn = "OU=Users,OU=Accounts,DC=example,DC=org"
userattr = "sAMAccountName"
upndomain = "EXAMPLE.ORG"
discoverdn = false
groupdn = "OU=Groups,DC=example,DC=org"
groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
}
resource "vault_ldap_auth_backend_group" "group" {
groupname = "dba"
policies = ["dba"]
backend = vault_ldap_auth_backend.ldap.path
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
groupname
- (Required) The LDAP groupname
policies
- (Optional) Policies which should be granted to members of the group
backend
- (Optional) Path to the authentication backend
For more details on the usage of each argument consult the Vault LDAP API documentation.
No additional attributes are exposed by this resource.
LDAP authentication backend groups can be imported using the path
, e.g.
$ terraform import vault_ldap_auth_backend_group.foo auth/ldap/groups/foo