add ldap management

This commit is contained in:
vincent 2022-08-10 19:30:38 +02:00
parent c0729bba2b
commit 47d24d45e9
2 changed files with 23 additions and 0 deletions

19
vault/ldap.tf Normal file
View File

@ -0,0 +1,19 @@
resource "vault_ldap_auth_backend" "ldap" {
path = "ldap"
url = "ldap://ldap.ducamps.win"
userdn = "dc=ducamps,dc=win"
userattr = "uid"
discoverdn = false
groupdn = "cn=groups,dc=ducamps,dc=win"
groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"
binddn = "uid=vaultserviceaccount,cn=users,dc=ducamps,dc=win"
groupattr = "cn"
bindpass = var.ldap_bindpass
}
resource "vault_ldap_auth_backend_group" "vault_admin" {
groupname = "vault_admin"
policies = ["admin_policy"]
backend = vault_ldap_auth_backend.ldap.path
}

View File

@ -1,3 +1,7 @@
variable vault_token { variable vault_token {
} }
variable ldap_bindpass {
type= string
default = null
}