The LDAP auth method resource allows you to configure a Boundary auth_method_ldap.
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_auth_method_ldap" "forumsys_ldap" {
name = "forumsys public LDAP"
scope_id = "global" # add the new auth method to the global scope
urls = ["ldap://ldap.forumsys.com"] # the addr of the LDAP server
user_dn = "dc=example,dc=com" # the basedn for users
user_attr = "uid" # the user attribute
group_dn = "dc=example,dc=com" # the basedn for groups
bind_dn = "cn=read-only-admin,dc=example,dc=com" # the dn to use when binding
bind_password = "password" # passwd to use when binding
state = "active-public" # make sure the new auth-method is available to everyone
enable_groups = true # this turns-on the discovery of a user's groups
discover_dn = true # this turns-on the discovery of an authenticating user's dn
}
scope_id
(String) The scope ID.account_attribute_maps
(List of String) Account attribute maps fullname and email.anon_group_search
(Boolean) Use anon bind when performing LDAP group searches (optional).bind_dn
(String) The distinguished name of entry to bind when performing user and group searches (optional).bind_password
(String) The password to use along with bind-dn performing user and group searches (optional).bind_password_hmac
(String) The HMAC of the bind password returned by the Boundary controller, which is used for comparison after initial setting of the value.certificates
(List of String) PEM-encoded X.509 CA certificate in ASN.1 DER form that can be used as a trust anchor when connecting to an LDAP server(optional). This may be specified multiple timesclient_certificate
(String) PEM-encoded X.509 client certificate in ASN.1 DER form that can be used to authenticate against an LDAP server(optional).client_certificate_key
(String) PEM-encoded X.509 client certificate key in PKCS #8, ASN.1 DER form used with the client certificate (optional).client_certificate_key_hmac
(String) The HMAC of the client certificate key returned by the Boundary controller, which is used for comparison after initial setting of the value.dereference_aliases
(String) Control how aliases are dereferenced when performing the search. Can be one of: NeverDerefAliases, DerefInSearching, DerefFindingBaseObj, and DerefAlways (optional).description
(String) The auth method description.discover_dn
(Boolean) Use anon bind to discover the bind DN of a user (optional).enable_groups
(Boolean) Find the authenticated user's groups during authentication (optional).group_attr
(String) The attribute that enumerates a user's group membership from entries returned by a group search (optional).group_dn
(String) The base DN under which to perform group search.group_filter
(String) A go template used to construct a LDAP group search filter (optional).insecure_tls
(Boolean) Skip the LDAP server SSL certificate validation (optional) - insecure and use with caution.is_primary_for_scope
(Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the the user will be automatically created when they login using an LDAP account.maximum_page_size
(Number) MaximumPageSize specifies a maximum search result size to use when retrieving the authenticated user's groups (optional).name
(String) The auth method name. Defaults to the resource name.start_tls
(Boolean) Issue StartTLS command after connecting (optional).state
(String) Can be one of 'inactive', 'active-private', or 'active-public'. Defaults to active-public.type
(String) The type of auth method; hardcoded.upn_domain
(String) The userPrincipalDomain used to construct the UPN string for the authenticating user (optional).urls
(List of String) The LDAP URLs that specify LDAP servers to connect to (required). May be specified multiple times.use_token_groups
(Boolean) Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships (optional).user_attr
(String) The attribute on user entry matching the username passed when authenticating (optional).user_dn
(String) The base DN under which to perform user search (optional).user_filter
(String) A go template used to construct a LDAP user search filter (optional).id
(String) The ID of the auth method.Import is supported using the following syntax:
terraform import boundary_auth_method_ldap.foo <my-id>