powerscale_ldap_provider (Data Source)
This datasource is used to query the existing LDAP providers from PowerScale array. The information fetched from this datasource can be used for getting the details or for further processing in resource block. PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
Example Usage
/*
Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.
Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://mozilla.org/MPL/2.0/
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
# PowerScale LDAP provider enables you to define, query, and modify directory services and resources.
# Returns a list of PowerScale LDAP providers based on names and scope filter block.
data "powerscale_ldap_provider" "example_ldap_provider" {
filter {
# Optional list of names to filter upon
names = ["ldap_provider_name"]
# If specified as "effective" or not specified, all fields are returned. If specified as "user", only fields with non-default values are shown. If specified as "default", the original values are returned.
scope = "effective"
}
}
# Output value of above block by executing 'terraform output' command.
# The user can use the fetched information by the variable data.powerscale_ldap_provider.example_ldap_provider
output "powerscale_ldap_provider_filter" {
value = data.powerscale_ldap_provider.example_ldap_provider
}
# Returns all of the PowerScale LDAP providers
data "powerscale_ldap_provider" "all" {
}
# Output value of above block by executing 'terraform output' command
# The user can use the fetched information by the variable data.powerscale_ldap_provider.all
output "powerscale_ldap_provider_all" {
value = data.powerscale_ldap_provider.all
}
Schema
Optional
filter
(Block, Optional) (see below for nested schema)
Read-Only
id
(String) Unique identifier of the LDAP provider instance.ldap_providers
(Attributes List) List of LDAP providers. (see below for nested schema)
Nested Schema for filter
Optional:
names
(Set of String)scope
(String) If specified as “effective” or not specified, all fields are returned. If specified as “user”, only fields with non-default values are shown. If specified as “default”, the original values are returned.
Nested Schema for ldap_providers
Read-Only:
alternate_security_identities_attribute
(String) Specifies the attribute name used when searching for alternate security identities.authentication
(Boolean) If true, enables authentication and identity management through the authentication provider.balance_servers
(Boolean) If true, connects the provider to a random server.base_dn
(String) Specifies the root of the tree in which to search identities.bind_dn
(String) Specifies the distinguished name for binding to the LDAP server.bind_mechanism
(String) Specifies which bind mechanism to use when connecting to an LDAP server. The only supported option is the ‘simple’ value.bind_timeout
(Number) Specifies the timeout in seconds when binding to an LDAP server.certificate_authority_file
(String) Specifies the path to the root certificates file.check_online_interval
(Number) Specifies the time in seconds between provider online checks.cn_attribute
(String) Specifies the canonical name.create_home_directory
(Boolean) Automatically create the home directory on the first login.crypt_password_attribute
(String) Specifies the hashed password value.email_attribute
(String) Specifies the LDAP Email attribute.enabled
(Boolean) If true, enables the LDAP provider.enumerate_groups
(Boolean) If true, allows the provider to enumerate groups.enumerate_users
(Boolean) If true, allows the provider to enumerate users.findable_groups
(List of String) Specifies the list of groups that can be resolved.findable_users
(List of String) Specifies the list of users that can be resolved.gecos_attribute
(String) Specifies the LDAP GECOS attribute.gid_attribute
(String) Specifies the LDAP GID attribute.group_base_dn
(String) Specifies the distinguished name of the entry where LDAP searches for groups are started.group_domain
(String) Specifies the domain for this provider through which groups are qualified.group_filter
(String) Specifies the LDAP filter for group objects.group_members_attribute
(String) Specifies the LDAP Group Members attribute.group_search_scope
(String) Specifies the depth from the base DN to perform LDAP searches. Acceptable values: “default”, “base”, “onelevel”, “subtree”, “children”.groupnet
(String) Groupnet identifier.home_directory_template
(String) Specifies the path to the home directory template.homedir_attribute
(String) Specifies the LDAP Homedir attribute.id
(String) Specifies the ID of the LDAP provider.ignore_tls_errors
(Boolean) If true, continues over secure connections even if identity checks fail.listable_groups
(List of String) Specifies the groups that can be viewed in the provider.listable_users
(List of String) Specifies the users that can be viewed in the provider.login_shell
(String) Specifies the login shell path.member_lookup_method
(String) Sets the method by which group member lookups are performed. Use caution when changing this option directly. Acceptable values: “default”, “rfc2307bis”.member_of_attribute
(String) Specifies the LDAP Query Member Of attribute, which performs reverse membership queries.name
(String) Specifies the name of the LDAP provider.name_attribute
(String) Specifies the LDAP UID attribute, which is used as the login name.netgroup_base_dn
(String) Specifies the distinguished name of the entry where LDAP searches for netgroups are started.netgroup_filter
(String) Specifies the LDAP filter for netgroup objects.netgroup_members_attribute
(String) Specifies the LDAP Netgroup Members attribute.netgroup_search_scope
(String) Specifies the depth from the base DN to perform LDAP searches. Acceptable values: “default”, “base”, “onelevel”, “subtree”, “children”.netgroup_triple_attribute
(String) Specifies the LDAP Netgroup Triple attribute.normalize_groups
(Boolean) Normalizes group names to lowercase before look up.normalize_users
(Boolean) Normalizes user names to lowercase before look up.nt_password_attribute
(String) Specifies the LDAP NT Password attribute.ntlm_support
(String) Specifies which NTLM versions to support for users with NTLM-compatible credentials. Acceptable values: “all”, “v2only”, “none”.ocsp_server_uris
(List of String) Specifies the OCSP server URIs. Only available for PowerScale 9.5 and above.provider_domain
(String) Specifies the provider domain.require_secure_connection
(Boolean) Determines whether to continue over a non-TLS connection.restrict_findable
(Boolean) If true, checks the provider for filtered lists of findable and unfindable users and groups.restrict_listable
(Boolean) If true, checks the provider for filtered lists of listable and unlistable users and groups.search_scope
(String) Specifies the default depth from the base DN to perform LDAP searches. Acceptable values: “default”, “base”, “onelevel”, “subtree”, “children”.search_timeout
(Number) Specifies the search timeout period in seconds.server_uris
(List of String) Specifies the server URIs.shadow_expire_attribute
(String) Sets the attribute name that indicates the absolute date to expire the account.shadow_flag_attribute
(String) Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.shadow_inactive_attribute
(String) Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.shadow_last_change_attribute
(String) Sets the attribute name that indicates the last change of the shadow information.shadow_max_attribute
(String) Sets the attribute name that indicates the maximum number of days a password can be valid.shadow_min_attribute
(String) Sets the attribute name that indicates the minimum number of days between shadow changes.shadow_user_filter
(String) Sets LDAP filter for shadow user objects.shadow_warning_attribute
(String) Sets the attribute name that indicates the number of days before the password expires to warn the user.shell_attribute
(String) Specifies the LDAP Shell attribute.ssh_public_key_attribute
(String) Sets the attribute name that indicates the SSH Public Key for the user.status
(String) Specifies the status of the provider.system
(Boolean) If true, indicates that this provider instance was created by OneFS and cannot be removed.tls_protocol_min
(String) Specifies the minimum TLS protocol version.tls_revocation_check_level
(String) This setting controls the behavior of the certificate revocation checking algorithm when the LDAP provider is presented with a digital certificate by an LDAP server. Acceptable values: “none”, “allowNoData”, “allowNoSrc”, “strict”. Only available for PowerScale 9.5 and above.uid_attribute
(String) Specifies the LDAP UID Number attribute.unfindable_groups
(List of String) Specifies the groups that cannot be resolved by the provider.unfindable_users
(List of String) Specifies users that cannot be resolved by the provider.unique_group_members_attribute
(String) Sets the LDAP Unique Group Members attribute.unlistable_groups
(List of String) Specifies a group that cannot be listed by the provider.unlistable_users
(List of String) Specifies a user that cannot be listed by the provider.user_base_dn
(String) Specifies the distinguished name of the entry at which to start LDAP searches for users.user_domain
(String) Specifies the domain for this provider through which users are qualified.user_filter
(String) Specifies the LDAP filter for user objects.user_search_scope
(String) Specifies the depth from the base DN to perform LDAP searches. Acceptable values: “default”, “base”, “onelevel”, “subtree”, “children”.zone_name
(String) Specifies the name of the access zone in which this provider was created.