Creates a static role for LDAP Secret Backend for Vault.
resource "vault_ldap_secret_backend" "config" {
path = "my-custom-ldap"
binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"
bindpass = "SuperSecretPassw0rd"
url = "ldaps://localhost"
insecure_tls = "true"
userdn = "CN=Users,DC=corp,DC=example,DC=net"
}
resource "vault_ldap_secret_backend_static_role" "role" {
mount = vault_ldap_secret_backend.config.path
username = "alice"
dn = "cn=alice,ou=Users,DC=corp,DC=example,DC=net"
role_name = "alice"
rotation_period = 60
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
mount
- (Optional) The unique path this backend should be mounted at. Must
not begin or end with a /
. Defaults to ldap
.
role_name
- (Required) Name of the role.
username
- (Required) The username of the existing LDAP entry to manage password rotation for.
dn
- (Optional) Distinguished name (DN) of the existing LDAP entry to manage
password rotation for. If given, it will take precedence over username
for the LDAP
search performed during password rotation. Cannot be modified after creation.
rotation_period
- (Required) How often Vault should rotate the password of the user entry.
skip_import_rotation
- (Optional) Causes vault to skip the initial secret rotation on import. Not applicable to updates.
Requires Vault 1.16 or above.
No additional attributes are exported by this resource.
LDAP secret backend static role can be imported using the full path to the role
of the form: <mount_path>/static-role/<role_name>
e.g.
$ terraform import vault_ldap_secret_backend_static_role.role ldap/static-role/example-role