vault_ldap_dynamic_credentials

Reads dynamic role credentials from an LDAP secret backend in Vault

Example Usage

resource "vault_ldap_secret_backend" "test" {
  binddn                    = "..."
  bindpass                  = "..."
  url                       = "..."
}

resource "vault_ldap_secret_backend_dynamic_role" "role" {
  mount         = vault_ldap_secret_backend.test.path
  role_name     = "%s"
  creation_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=example,dc=org
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
userPassword: {{.Password}}
EOT
  deletion_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=example,dc=org
changetype: delete
EOT
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=example,dc=org
changetype: delete
EOT
  default_ttl   = "60s"
  max_ttl       = "60s"
}

data "vault_ldap_dynamic_credentials" "creds" {
  mount     = vault_ldap_secret_backend.test.path
  role_name = vault_ldap_secret_backend_dynamic_role.role.role_name
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the arguments above, the following attributes are exported: