HashiCorp Vault v6.7.1, May 2 25

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

vault.ldap.SecretBackendDynamicRole

Explore with Pulumi AI

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const config = new vault.ldap.SecretBackend("config", {
    path: "my-custom-ldap",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://localhost",
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
const role = new vault.ldap.SecretBackendDynamicRole("role", {
    mount: config.path,
    roleName: "alice",
    creationLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`,
    deletionLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`,
});

import pulumi
import pulumi_vault as vault

config = vault.ldap.SecretBackend("config",
    path="my-custom-ldap",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://localhost",
    userdn="CN=Users,DC=corp,DC=example,DC=net")
role = vault.ldap.SecretBackendDynamicRole("role",
    mount=config.path,
    role_name="alice",
    creation_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
""",
    deletion_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
""")

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:     pulumi.String("my-custom-ldap"),
			Binddn:   pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass: pulumi.String("SuperSecretPassw0rd"),
			Url:      pulumi.String("ldaps://localhost"),
			Userdn:   pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
			Mount:    config.Path,
			RoleName: pulumi.String("alice"),
			CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`),
			DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var config = new Vault.Ldap.SecretBackend("config", new()
    {
        Path = "my-custom-ldap",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://localhost",
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });

    var role = new Vault.Ldap.SecretBackendDynamicRole("role", new()
    {
        Mount = config.Path,
        RoleName = "alice",
        CreationLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
",
        DeletionLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import com.pulumi.vault.ldap.SecretBackendDynamicRole;
import com.pulumi.vault.ldap.SecretBackendDynamicRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .path("my-custom-ldap")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://localhost")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());

        var role = new SecretBackendDynamicRole("role", SecretBackendDynamicRoleArgs.builder()
            .mount(config.path())
            .roleName("alice")
            .creationLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
            """)
            .deletionLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
            """)
            .build());

    }
}

resources:
  config:
    type: vault:ldap:SecretBackend
    properties:
      path: my-custom-ldap
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://localhost
      userdn: CN=Users,DC=corp,DC=example,DC=net
  role:
    type: vault:ldap:SecretBackendDynamicRole
    properties:
      mount: ${config.path}
      roleName: alice
      creationLdif: |
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        objectClass: person
        objectClass: top
        cn: learn
        sn: {{.Password | utf16le | base64}}
        memberOf: cn=dev,ou=groups,dc=learn,dc=example
        userPassword: {{.Password}}        
      deletionLdif: |
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        changetype: delete
          rollback_ldif = <<EOT
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        changetype: delete

Create SecretBackendDynamicRole Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecretBackendDynamicRole(name: string, args: SecretBackendDynamicRoleArgs, opts?: CustomResourceOptions);

@overload
def SecretBackendDynamicRole(resource_name: str,
                             args: SecretBackendDynamicRoleArgs,
                             opts: Optional[ResourceOptions] = None)

@overload
def SecretBackendDynamicRole(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             creation_ldif: Optional[str] = None,
                             deletion_ldif: Optional[str] = None,
                             role_name: Optional[str] = None,
                             default_ttl: Optional[int] = None,
                             max_ttl: Optional[int] = None,
                             mount: Optional[str] = None,
                             namespace: Optional[str] = None,
                             rollback_ldif: Optional[str] = None,
                             username_template: Optional[str] = None)

func NewSecretBackendDynamicRole(ctx *Context, name string, args SecretBackendDynamicRoleArgs, opts ...ResourceOption) (*SecretBackendDynamicRole, error)

public SecretBackendDynamicRole(string name, SecretBackendDynamicRoleArgs args, CustomResourceOptions? opts = null)

public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args)
public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args, CustomResourceOptions options)

type: vault:ldap:SecretBackendDynamicRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretBackendDynamicRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretBackendDynamicRoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretBackendDynamicRoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretBackendDynamicRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretBackendDynamicRoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretBackendDynamicRoleResource = new Vault.Ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", new()
{
    CreationLdif = "string",
    DeletionLdif = "string",
    RoleName = "string",
    DefaultTtl = 0,
    MaxTtl = 0,
    Mount = "string",
    Namespace = "string",
    RollbackLdif = "string",
    UsernameTemplate = "string",
});

example, err := ldap.NewSecretBackendDynamicRole(ctx, "secretBackendDynamicRoleResource", &ldap.SecretBackendDynamicRoleArgs{
	CreationLdif:     pulumi.String("string"),
	DeletionLdif:     pulumi.String("string"),
	RoleName:         pulumi.String("string"),
	DefaultTtl:       pulumi.Int(0),
	MaxTtl:           pulumi.Int(0),
	Mount:            pulumi.String("string"),
	Namespace:        pulumi.String("string"),
	RollbackLdif:     pulumi.String("string"),
	UsernameTemplate: pulumi.String("string"),
})

var secretBackendDynamicRoleResource = new SecretBackendDynamicRole("secretBackendDynamicRoleResource", SecretBackendDynamicRoleArgs.builder()
    .creationLdif("string")
    .deletionLdif("string")
    .roleName("string")
    .defaultTtl(0)
    .maxTtl(0)
    .mount("string")
    .namespace("string")
    .rollbackLdif("string")
    .usernameTemplate("string")
    .build());

secret_backend_dynamic_role_resource = vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource",
    creation_ldif="string",
    deletion_ldif="string",
    role_name="string",
    default_ttl=0,
    max_ttl=0,
    mount="string",
    namespace="string",
    rollback_ldif="string",
    username_template="string")

const secretBackendDynamicRoleResource = new vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", {
    creationLdif: "string",
    deletionLdif: "string",
    roleName: "string",
    defaultTtl: 0,
    maxTtl: 0,
    mount: "string",
    namespace: "string",
    rollbackLdif: "string",
    usernameTemplate: "string",
});

type: vault:ldap:SecretBackendDynamicRole
properties:
    creationLdif: string
    defaultTtl: 0
    deletionLdif: string
    maxTtl: 0
    mount: string
    namespace: string
    roleName: string
    rollbackLdif: string
    usernameTemplate: string

SecretBackendDynamicRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretBackendDynamicRole resource accepts the following input properties:

CreationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
DeletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
RoleName string: Name of the role.
DefaultTtl int: Specifies the TTL for the leases associated with this role.
MaxTtl int: Specifies the maximum TTL for the leases associated with this role.
Mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
UsernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

CreationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
DeletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
RoleName string: Name of the role.
DefaultTtl int: Specifies the TTL for the leases associated with this role.
MaxTtl int: Specifies the maximum TTL for the leases associated with this role.
Mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
UsernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif String: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
deletionLdif String: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
roleName String: Name of the role.
defaultTtl Integer: Specifies the TTL for the leases associated with this role.
maxTtl Integer: Specifies the maximum TTL for the leases associated with this role.
mount String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
rollbackLdif String: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate String: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
deletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
roleName string: Name of the role.
defaultTtl number: Specifies the TTL for the leases associated with this role.
maxTtl number: Specifies the maximum TTL for the leases associated with this role.
mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
rollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creation_ldif str: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
deletion_ldif str: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
role_name str: Name of the role.
default_ttl int: Specifies the TTL for the leases associated with this role.
max_ttl int: Specifies the maximum TTL for the leases associated with this role.
mount str: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
rollback_ldif str: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
username_template str: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif String: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
deletionLdif String: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
roleName String: Name of the role.
defaultTtl Number: Specifies the TTL for the leases associated with this role.
maxTtl Number: Specifies the maximum TTL for the leases associated with this role.
mount String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
rollbackLdif String: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate String: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendDynamicRole resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecretBackendDynamicRole Resource

Get an existing SecretBackendDynamicRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretBackendDynamicRoleState, opts?: CustomResourceOptions): SecretBackendDynamicRole

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        creation_ldif: Optional[str] = None,
        default_ttl: Optional[int] = None,
        deletion_ldif: Optional[str] = None,
        max_ttl: Optional[int] = None,
        mount: Optional[str] = None,
        namespace: Optional[str] = None,
        role_name: Optional[str] = None,
        rollback_ldif: Optional[str] = None,
        username_template: Optional[str] = None) -> SecretBackendDynamicRole

func GetSecretBackendDynamicRole(ctx *Context, name string, id IDInput, state *SecretBackendDynamicRoleState, opts ...ResourceOption) (*SecretBackendDynamicRole, error)

public static SecretBackendDynamicRole Get(string name, Input<string> id, SecretBackendDynamicRoleState? state, CustomResourceOptions? opts = null)

public static SecretBackendDynamicRole get(String name, Output<String> id, SecretBackendDynamicRoleState state, CustomResourceOptions options)

resources:  _:    type: vault:ldap:SecretBackendDynamicRole    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
DefaultTtl int: Specifies the TTL for the leases associated with this role.
DeletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
MaxTtl int: Specifies the maximum TTL for the leases associated with this role.
Mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RoleName string: Name of the role.
RollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
UsernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

CreationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
DefaultTtl int: Specifies the TTL for the leases associated with this role.
DeletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
MaxTtl int: Specifies the maximum TTL for the leases associated with this role.
Mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
RoleName string: Name of the role.
RollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
UsernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif String: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
defaultTtl Integer: Specifies the TTL for the leases associated with this role.
deletionLdif String: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
maxTtl Integer: Specifies the maximum TTL for the leases associated with this role.
mount String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
roleName String: Name of the role.
rollbackLdif String: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate String: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif string: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
defaultTtl number: Specifies the TTL for the leases associated with this role.
deletionLdif string: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
maxTtl number: Specifies the maximum TTL for the leases associated with this role.
mount string: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
roleName string: Name of the role.
rollbackLdif string: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate string: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creation_ldif str: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
default_ttl int: Specifies the TTL for the leases associated with this role.
deletion_ldif str: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
max_ttl int: Specifies the maximum TTL for the leases associated with this role.
mount str: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
role_name str: Name of the role.
rollback_ldif str: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
username_template str: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

creationLdif String: A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
defaultTtl Number: Specifies the TTL for the leases associated with this role.
deletionLdif String: A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
maxTtl Number: Specifies the maximum TTL for the leases associated with this role.
mount String: The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
roleName String: Name of the role.
rollbackLdif String: A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
usernameTemplate String: A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

Import

LDAP secret backend dynamic role can be imported using the full path to the role of the form: <mount_path>/dynamic-role/<role_name> e.g.

$ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.7.1 published on Friday, May 2, 2025 by Pulumi

pulumi/pulumi-vault

vault.ldap.SecretBackendDynamicRole

On this page

On this page

Example Usage

Create SecretBackendDynamicRole Resource

Constructor syntax

Parameters

Constructor example

SecretBackendDynamicRole Resource Properties

Inputs

Outputs

Look up Existing SecretBackendDynamicRole Resource

Import

Package Details

On this page

On this page