vault_ldap_secret_backend_dynamic_role

Creates a dynamic role for LDAP Secret Backend for Vault.

Example Usage

resource "vault_ldap_secret_backend" "config" {
  path          = "my-custom-ldap"
  binddn        = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"
  bindpass      = "SuperSecretPassw0rd"
  url           = "ldaps://localhost"
  userdn        = "CN=Users,DC=corp,DC=example,DC=net"
}

resource "vault_ldap_secret_backend_dynamic_role" "role" {
  mount         = vault_ldap_secret_backend.config.path
  role_name     = "alice"
  creation_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
EOT
  deletion_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
EOT
}

Argument Reference

The following arguments are supported:

Attributes Reference

No additional attributes are exported by this resource.

Import

LDAP secret backend dynamic role can be imported using the full path to the role of the form: <mount_path>/dynamic-role/<role_name> e.g.

$ terraform import vault_ldap_secret_backend_dynamic_role.role ldap/role/dynamic-role