Provides a resource to create a user in an LDAP auth backend within Vault.
resource "vault_ldap_auth_backend" "ldap" {
path = "ldap"
url = "ldaps://dc-01.example.org"
userdn = "OU=Users,OU=Accounts,DC=example,DC=org"
userattr = "sAMAccountName"
upndomain = "EXAMPLE.ORG"
discoverdn = false
groupdn = "OU=Groups,DC=example,DC=org"
groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
}
resource "vault_ldap_auth_backend_user" "user" {
username = "test-user"
policies = ["dba", "sysops"]
backend = vault_ldap_auth_backend.ldap.path
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
username
- (Required) The LDAP username
policies
- (Optional) Policies which should be granted to user
groups
- (Optional) Override LDAP groups which should be granted to user
backend
- (Optional) Path to the authentication backend
For more details on the usage of each argument consult the Vault LDAP API documentation.
No additional attributes are exposed by this resource.
LDAP authentication backend users can be imported using the path
, e.g.
$ terraform import vault_ldap_auth_backend_user.foo auth/ldap/users/foo