1. Packages
  2. Fortimanager Provider
  3. API Docs
  4. ObjectUserLdap
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortimanager.ObjectUserLdap

Explore with Pulumi AI

Configure LDAP server entries.

The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.

  • dynamic_mapping: fortimanager.ObjectUserLdapDynamicMapping

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const labelname = new fortimanager.ObjectUserLdap("labelname", {
    accountKeyFilter: "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
    accountKeyProcessing: "strip",
    caCert: "root_CA2",
    cnid: "cn",
    dn: "ew",
    groupMemberCheck: "posix-group-object",
    groupObjectFilter: "(&(objectcategory=group)(member=*))",
    groupSearchBase: "dwec",
    "interface": "1-A1",
    interfaceSelectMethod: "auto",
    memberAttr: "memberOf",
    obtainUserInfo: "enable",
    passwords: ["dfdqeww"],
    passwordExpiryWarning: "disable",
    passwordRenewal: "disable",
    port: 389,
    secure: "ldaps",
    server: "2.2.2.2",
    serverIdentityCheck: "enable",
    sourceIp: "0.0.0.0",
    sslMinProtoVersion: "TLSv1-2",
    twoFactor: "fortitoken-cloud",
    twoFactorAuthentication: "fortitoken",
    twoFactorNotification: "sms",
    type: "simple",
    userInfoExchangeServer: "ss",
});
Copy
import pulumi
import pulumi_fortimanager as fortimanager

labelname = fortimanager.ObjectUserLdap("labelname",
    account_key_filter="(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
    account_key_processing="strip",
    ca_cert="root_CA2",
    cnid="cn",
    dn="ew",
    group_member_check="posix-group-object",
    group_object_filter="(&(objectcategory=group)(member=*))",
    group_search_base="dwec",
    interface="1-A1",
    interface_select_method="auto",
    member_attr="memberOf",
    obtain_user_info="enable",
    passwords=["dfdqeww"],
    password_expiry_warning="disable",
    password_renewal="disable",
    port=389,
    secure="ldaps",
    server="2.2.2.2",
    server_identity_check="enable",
    source_ip="0.0.0.0",
    ssl_min_proto_version="TLSv1-2",
    two_factor="fortitoken-cloud",
    two_factor_authentication="fortitoken",
    two_factor_notification="sms",
    type="simple",
    user_info_exchange_server="ss")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewObjectUserLdap(ctx, "labelname", &fortimanager.ObjectUserLdapArgs{
			AccountKeyFilter:      pulumi.String("(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"),
			AccountKeyProcessing:  pulumi.String("strip"),
			CaCert:                pulumi.String("root_CA2"),
			Cnid:                  pulumi.String("cn"),
			Dn:                    pulumi.String("ew"),
			GroupMemberCheck:      pulumi.String("posix-group-object"),
			GroupObjectFilter:     pulumi.String("(&(objectcategory=group)(member=*))"),
			GroupSearchBase:       pulumi.String("dwec"),
			Interface:             pulumi.String("1-A1"),
			InterfaceSelectMethod: pulumi.String("auto"),
			MemberAttr:            pulumi.String("memberOf"),
			ObtainUserInfo:        pulumi.String("enable"),
			Passwords: pulumi.StringArray{
				pulumi.String("dfdqeww"),
			},
			PasswordExpiryWarning:   pulumi.String("disable"),
			PasswordRenewal:         pulumi.String("disable"),
			Port:                    pulumi.Float64(389),
			Secure:                  pulumi.String("ldaps"),
			Server:                  pulumi.String("2.2.2.2"),
			ServerIdentityCheck:     pulumi.String("enable"),
			SourceIp:                pulumi.String("0.0.0.0"),
			SslMinProtoVersion:      pulumi.String("TLSv1-2"),
			TwoFactor:               pulumi.String("fortitoken-cloud"),
			TwoFactorAuthentication: pulumi.String("fortitoken"),
			TwoFactorNotification:   pulumi.String("sms"),
			Type:                    pulumi.String("simple"),
			UserInfoExchangeServer:  pulumi.String("ss"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var labelname = new Fortimanager.ObjectUserLdap("labelname", new()
    {
        AccountKeyFilter = "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))",
        AccountKeyProcessing = "strip",
        CaCert = "root_CA2",
        Cnid = "cn",
        Dn = "ew",
        GroupMemberCheck = "posix-group-object",
        GroupObjectFilter = "(&(objectcategory=group)(member=*))",
        GroupSearchBase = "dwec",
        Interface = "1-A1",
        InterfaceSelectMethod = "auto",
        MemberAttr = "memberOf",
        ObtainUserInfo = "enable",
        Passwords = new[]
        {
            "dfdqeww",
        },
        PasswordExpiryWarning = "disable",
        PasswordRenewal = "disable",
        Port = 389,
        Secure = "ldaps",
        Server = "2.2.2.2",
        ServerIdentityCheck = "enable",
        SourceIp = "0.0.0.0",
        SslMinProtoVersion = "TLSv1-2",
        TwoFactor = "fortitoken-cloud",
        TwoFactorAuthentication = "fortitoken",
        TwoFactorNotification = "sms",
        Type = "simple",
        UserInfoExchangeServer = "ss",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectUserLdap;
import com.pulumi.fortimanager.ObjectUserLdapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var labelname = new ObjectUserLdap("labelname", ObjectUserLdapArgs.builder()
            .accountKeyFilter("(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))")
            .accountKeyProcessing("strip")
            .caCert("root_CA2")
            .cnid("cn")
            .dn("ew")
            .groupMemberCheck("posix-group-object")
            .groupObjectFilter("(&(objectcategory=group)(member=*))")
            .groupSearchBase("dwec")
            .interface_("1-A1")
            .interfaceSelectMethod("auto")
            .memberAttr("memberOf")
            .obtainUserInfo("enable")
            .passwords("dfdqeww")
            .passwordExpiryWarning("disable")
            .passwordRenewal("disable")
            .port(389)
            .secure("ldaps")
            .server("2.2.2.2")
            .serverIdentityCheck("enable")
            .sourceIp("0.0.0.0")
            .sslMinProtoVersion("TLSv1-2")
            .twoFactor("fortitoken-cloud")
            .twoFactorAuthentication("fortitoken")
            .twoFactorNotification("sms")
            .type("simple")
            .userInfoExchangeServer("ss")
            .build());

    }
}
Copy
resources:
  labelname:
    type: fortimanager:ObjectUserLdap
    properties:
      accountKeyFilter: (&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
      accountKeyProcessing: strip
      caCert: root_CA2
      cnid: cn
      dn: ew
      groupMemberCheck: posix-group-object
      groupObjectFilter: (&(objectcategory=group)(member=*))
      groupSearchBase: dwec
      interface: 1-A1
      interfaceSelectMethod: auto
      memberAttr: memberOf
      obtainUserInfo: enable
      passwords:
        - dfdqeww
      passwordExpiryWarning: disable
      passwordRenewal: disable
      port: 389
      secure: ldaps
      server: 2.2.2.2
      serverIdentityCheck: enable
      sourceIp: 0.0.0.0
      sslMinProtoVersion: TLSv1-2
      twoFactor: fortitoken-cloud
      twoFactorAuthentication: fortitoken
      twoFactorNotification: sms
      type: simple
      userInfoExchangeServer: ss
Copy

Create ObjectUserLdap Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectUserLdap(name: string, args?: ObjectUserLdapArgs, opts?: CustomResourceOptions);
@overload
def ObjectUserLdap(resource_name: str,
                   args: Optional[ObjectUserLdapArgs] = None,
                   opts: Optional[ResourceOptions] = None)

@overload
def ObjectUserLdap(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   account_key_cert_field: Optional[str] = None,
                   account_key_filter: Optional[str] = None,
                   account_key_processing: Optional[str] = None,
                   account_key_upn_san: Optional[str] = None,
                   adom: Optional[str] = None,
                   antiphish: Optional[str] = None,
                   ca_cert: Optional[str] = None,
                   client_cert: Optional[str] = None,
                   client_cert_auth: Optional[str] = None,
                   cnid: Optional[str] = None,
                   dn: Optional[str] = None,
                   dynamic_mappings: Optional[Sequence[ObjectUserLdapDynamicMappingArgs]] = None,
                   dynamic_sort_subtable: Optional[str] = None,
                   group_filter: Optional[str] = None,
                   group_member_check: Optional[str] = None,
                   group_object_filter: Optional[str] = None,
                   group_search_base: Optional[str] = None,
                   interface: Optional[str] = None,
                   interface_select_method: Optional[str] = None,
                   member_attr: Optional[str] = None,
                   name: Optional[str] = None,
                   object_user_ldap_id: Optional[str] = None,
                   obtain_user_info: Optional[str] = None,
                   password_attr: Optional[str] = None,
                   password_expiry_warning: Optional[str] = None,
                   password_renewal: Optional[str] = None,
                   passwords: Optional[Sequence[str]] = None,
                   port: Optional[float] = None,
                   scopetype: Optional[str] = None,
                   search_types: Optional[Sequence[str]] = None,
                   secondary_server: Optional[str] = None,
                   secure: Optional[str] = None,
                   server: Optional[str] = None,
                   server_identity_check: Optional[str] = None,
                   source_ip: Optional[str] = None,
                   source_ip_interfaces: Optional[Sequence[str]] = None,
                   source_port: Optional[float] = None,
                   ssl_min_proto_version: Optional[str] = None,
                   status_ttl: Optional[float] = None,
                   tertiary_server: Optional[str] = None,
                   two_factor: Optional[str] = None,
                   two_factor_authentication: Optional[str] = None,
                   two_factor_filter: Optional[str] = None,
                   two_factor_notification: Optional[str] = None,
                   type: Optional[str] = None,
                   user_info_exchange_server: Optional[str] = None,
                   username: Optional[str] = None)
func NewObjectUserLdap(ctx *Context, name string, args *ObjectUserLdapArgs, opts ...ResourceOption) (*ObjectUserLdap, error)
public ObjectUserLdap(string name, ObjectUserLdapArgs? args = null, CustomResourceOptions? opts = null)
public ObjectUserLdap(String name, ObjectUserLdapArgs args)
public ObjectUserLdap(String name, ObjectUserLdapArgs args, CustomResourceOptions options)
type: fortimanager:ObjectUserLdap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args ObjectUserLdapArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args ObjectUserLdapArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args ObjectUserLdapArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args ObjectUserLdapArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ObjectUserLdapArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectUserLdapResource = new Fortimanager.ObjectUserLdap("objectUserLdapResource", new()
{
    AccountKeyCertField = "string",
    AccountKeyFilter = "string",
    AccountKeyProcessing = "string",
    AccountKeyUpnSan = "string",
    Adom = "string",
    Antiphish = "string",
    CaCert = "string",
    ClientCert = "string",
    ClientCertAuth = "string",
    Cnid = "string",
    Dn = "string",
    DynamicMappings = new[]
    {
        new Fortimanager.Inputs.ObjectUserLdapDynamicMappingArgs
        {
            _scopes = new[]
            {
                new Fortimanager.Inputs.ObjectUserLdapDynamicMapping_ScopeArgs
                {
                    Name = "string",
                    Vdom = "string",
                },
            },
            AccountKeyCertField = "string",
            AccountKeyFilter = "string",
            AccountKeyName = "string",
            AccountKeyProcessing = "string",
            AccountKeyUpnSan = "string",
            Antiphish = "string",
            CaCert = "string",
            ClientCertAuth = "string",
            ClientCerts = new[]
            {
                "string",
            },
            Cnid = "string",
            Dn = "string",
            Filter = "string",
            Group = "string",
            GroupFilter = "string",
            GroupMemberCheck = "string",
            GroupObjectFilter = "string",
            GroupObjectSearchBase = "string",
            GroupSearchBase = "string",
            Interface = "string",
            InterfaceSelectMethod = "string",
            MaxConnections = 0,
            MemberAttr = "string",
            ObtainUserInfo = "string",
            PasswordAttr = "string",
            PasswordExpiryWarning = "string",
            PasswordRenewal = "string",
            Passwords = new[]
            {
                "string",
            },
            Port = 0,
            RetrieveProtectionProfile = "string",
            SearchTypes = new[]
            {
                "string",
            },
            SecondaryServer = "string",
            Secure = "string",
            Server = "string",
            ServerIdentityCheck = "string",
            SourceIp = "string",
            SourceIpInterfaces = new[]
            {
                "string",
            },
            SourcePort = 0,
            SslMaxProtoVersion = "string",
            SslMinProtoVersion = "string",
            StatusTtl = 0,
            TertiaryServer = "string",
            TwoFactor = "string",
            TwoFactorAuthentication = "string",
            TwoFactorFilter = "string",
            TwoFactorNotification = "string",
            Type = "string",
            UserInfoExchangeServer = "string",
            Username = "string",
        },
    },
    DynamicSortSubtable = "string",
    GroupFilter = "string",
    GroupMemberCheck = "string",
    GroupObjectFilter = "string",
    GroupSearchBase = "string",
    Interface = "string",
    InterfaceSelectMethod = "string",
    MemberAttr = "string",
    Name = "string",
    ObjectUserLdapId = "string",
    ObtainUserInfo = "string",
    PasswordAttr = "string",
    PasswordExpiryWarning = "string",
    PasswordRenewal = "string",
    Passwords = new[]
    {
        "string",
    },
    Port = 0,
    Scopetype = "string",
    SearchTypes = new[]
    {
        "string",
    },
    SecondaryServer = "string",
    Secure = "string",
    Server = "string",
    ServerIdentityCheck = "string",
    SourceIp = "string",
    SourceIpInterfaces = new[]
    {
        "string",
    },
    SourcePort = 0,
    SslMinProtoVersion = "string",
    StatusTtl = 0,
    TertiaryServer = "string",
    TwoFactor = "string",
    TwoFactorAuthentication = "string",
    TwoFactorFilter = "string",
    TwoFactorNotification = "string",
    Type = "string",
    UserInfoExchangeServer = "string",
    Username = "string",
});
Copy
example, err := fortimanager.NewObjectUserLdap(ctx, "objectUserLdapResource", &fortimanager.ObjectUserLdapArgs{
AccountKeyCertField: pulumi.String("string"),
AccountKeyFilter: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountKeyUpnSan: pulumi.String("string"),
Adom: pulumi.String("string"),
Antiphish: pulumi.String("string"),
CaCert: pulumi.String("string"),
ClientCert: pulumi.String("string"),
ClientCertAuth: pulumi.String("string"),
Cnid: pulumi.String("string"),
Dn: pulumi.String("string"),
DynamicMappings: .ObjectUserLdapDynamicMappingTypeArray{
&.ObjectUserLdapDynamicMappingTypeArgs{
_scopes: .ObjectUserLdapDynamicMapping_ScopeArray{
&.ObjectUserLdapDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AccountKeyCertField: pulumi.String("string"),
AccountKeyFilter: pulumi.String("string"),
AccountKeyName: pulumi.String("string"),
AccountKeyProcessing: pulumi.String("string"),
AccountKeyUpnSan: pulumi.String("string"),
Antiphish: pulumi.String("string"),
CaCert: pulumi.String("string"),
ClientCertAuth: pulumi.String("string"),
ClientCerts: pulumi.StringArray{
pulumi.String("string"),
},
Cnid: pulumi.String("string"),
Dn: pulumi.String("string"),
Filter: pulumi.String("string"),
Group: pulumi.String("string"),
GroupFilter: pulumi.String("string"),
GroupMemberCheck: pulumi.String("string"),
GroupObjectFilter: pulumi.String("string"),
GroupObjectSearchBase: pulumi.String("string"),
GroupSearchBase: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
MemberAttr: pulumi.String("string"),
ObtainUserInfo: pulumi.String("string"),
PasswordAttr: pulumi.String("string"),
PasswordExpiryWarning: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
Passwords: pulumi.StringArray{
pulumi.String("string"),
},
Port: pulumi.Float64(0),
RetrieveProtectionProfile: pulumi.String("string"),
SearchTypes: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryServer: pulumi.String("string"),
Secure: pulumi.String("string"),
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourceIpInterfaces: pulumi.StringArray{
pulumi.String("string"),
},
SourcePort: pulumi.Float64(0),
SslMaxProtoVersion: pulumi.String("string"),
SslMinProtoVersion: pulumi.String("string"),
StatusTtl: pulumi.Float64(0),
TertiaryServer: pulumi.String("string"),
TwoFactor: pulumi.String("string"),
TwoFactorAuthentication: pulumi.String("string"),
TwoFactorFilter: pulumi.String("string"),
TwoFactorNotification: pulumi.String("string"),
Type: pulumi.String("string"),
UserInfoExchangeServer: pulumi.String("string"),
Username: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
GroupFilter: pulumi.String("string"),
GroupMemberCheck: pulumi.String("string"),
GroupObjectFilter: pulumi.String("string"),
GroupSearchBase: pulumi.String("string"),
Interface: pulumi.String("string"),
InterfaceSelectMethod: pulumi.String("string"),
MemberAttr: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectUserLdapId: pulumi.String("string"),
ObtainUserInfo: pulumi.String("string"),
PasswordAttr: pulumi.String("string"),
PasswordExpiryWarning: pulumi.String("string"),
PasswordRenewal: pulumi.String("string"),
Passwords: pulumi.StringArray{
pulumi.String("string"),
},
Port: pulumi.Float64(0),
Scopetype: pulumi.String("string"),
SearchTypes: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryServer: pulumi.String("string"),
Secure: pulumi.String("string"),
Server: pulumi.String("string"),
ServerIdentityCheck: pulumi.String("string"),
SourceIp: pulumi.String("string"),
SourceIpInterfaces: pulumi.StringArray{
pulumi.String("string"),
},
SourcePort: pulumi.Float64(0),
SslMinProtoVersion: pulumi.String("string"),
StatusTtl: pulumi.Float64(0),
TertiaryServer: pulumi.String("string"),
TwoFactor: pulumi.String("string"),
TwoFactorAuthentication: pulumi.String("string"),
TwoFactorFilter: pulumi.String("string"),
TwoFactorNotification: pulumi.String("string"),
Type: pulumi.String("string"),
UserInfoExchangeServer: pulumi.String("string"),
Username: pulumi.String("string"),
})
Copy
var objectUserLdapResource = new ObjectUserLdap("objectUserLdapResource", ObjectUserLdapArgs.builder()
    .accountKeyCertField("string")
    .accountKeyFilter("string")
    .accountKeyProcessing("string")
    .accountKeyUpnSan("string")
    .adom("string")
    .antiphish("string")
    .caCert("string")
    .clientCert("string")
    .clientCertAuth("string")
    .cnid("string")
    .dn("string")
    .dynamicMappings(ObjectUserLdapDynamicMappingArgs.builder()
        ._scopes(ObjectUserLdapDynamicMapping_ScopeArgs.builder()
            .name("string")
            .vdom("string")
            .build())
        .accountKeyCertField("string")
        .accountKeyFilter("string")
        .accountKeyName("string")
        .accountKeyProcessing("string")
        .accountKeyUpnSan("string")
        .antiphish("string")
        .caCert("string")
        .clientCertAuth("string")
        .clientCerts("string")
        .cnid("string")
        .dn("string")
        .filter("string")
        .group("string")
        .groupFilter("string")
        .groupMemberCheck("string")
        .groupObjectFilter("string")
        .groupObjectSearchBase("string")
        .groupSearchBase("string")
        .interface_("string")
        .interfaceSelectMethod("string")
        .maxConnections(0)
        .memberAttr("string")
        .obtainUserInfo("string")
        .passwordAttr("string")
        .passwordExpiryWarning("string")
        .passwordRenewal("string")
        .passwords("string")
        .port(0)
        .retrieveProtectionProfile("string")
        .searchTypes("string")
        .secondaryServer("string")
        .secure("string")
        .server("string")
        .serverIdentityCheck("string")
        .sourceIp("string")
        .sourceIpInterfaces("string")
        .sourcePort(0)
        .sslMaxProtoVersion("string")
        .sslMinProtoVersion("string")
        .statusTtl(0)
        .tertiaryServer("string")
        .twoFactor("string")
        .twoFactorAuthentication("string")
        .twoFactorFilter("string")
        .twoFactorNotification("string")
        .type("string")
        .userInfoExchangeServer("string")
        .username("string")
        .build())
    .dynamicSortSubtable("string")
    .groupFilter("string")
    .groupMemberCheck("string")
    .groupObjectFilter("string")
    .groupSearchBase("string")
    .interface_("string")
    .interfaceSelectMethod("string")
    .memberAttr("string")
    .name("string")
    .objectUserLdapId("string")
    .obtainUserInfo("string")
    .passwordAttr("string")
    .passwordExpiryWarning("string")
    .passwordRenewal("string")
    .passwords("string")
    .port(0)
    .scopetype("string")
    .searchTypes("string")
    .secondaryServer("string")
    .secure("string")
    .server("string")
    .serverIdentityCheck("string")
    .sourceIp("string")
    .sourceIpInterfaces("string")
    .sourcePort(0)
    .sslMinProtoVersion("string")
    .statusTtl(0)
    .tertiaryServer("string")
    .twoFactor("string")
    .twoFactorAuthentication("string")
    .twoFactorFilter("string")
    .twoFactorNotification("string")
    .type("string")
    .userInfoExchangeServer("string")
    .username("string")
    .build());
Copy
object_user_ldap_resource = fortimanager.ObjectUserLdap("objectUserLdapResource",
    account_key_cert_field="string",
    account_key_filter="string",
    account_key_processing="string",
    account_key_upn_san="string",
    adom="string",
    antiphish="string",
    ca_cert="string",
    client_cert="string",
    client_cert_auth="string",
    cnid="string",
    dn="string",
    dynamic_mappings=[{
        "_scopes": [{
            "name": "string",
            "vdom": "string",
        }],
        "account_key_cert_field": "string",
        "account_key_filter": "string",
        "account_key_name": "string",
        "account_key_processing": "string",
        "account_key_upn_san": "string",
        "antiphish": "string",
        "ca_cert": "string",
        "client_cert_auth": "string",
        "client_certs": ["string"],
        "cnid": "string",
        "dn": "string",
        "filter": "string",
        "group": "string",
        "group_filter": "string",
        "group_member_check": "string",
        "group_object_filter": "string",
        "group_object_search_base": "string",
        "group_search_base": "string",
        "interface": "string",
        "interface_select_method": "string",
        "max_connections": 0,
        "member_attr": "string",
        "obtain_user_info": "string",
        "password_attr": "string",
        "password_expiry_warning": "string",
        "password_renewal": "string",
        "passwords": ["string"],
        "port": 0,
        "retrieve_protection_profile": "string",
        "search_types": ["string"],
        "secondary_server": "string",
        "secure": "string",
        "server": "string",
        "server_identity_check": "string",
        "source_ip": "string",
        "source_ip_interfaces": ["string"],
        "source_port": 0,
        "ssl_max_proto_version": "string",
        "ssl_min_proto_version": "string",
        "status_ttl": 0,
        "tertiary_server": "string",
        "two_factor": "string",
        "two_factor_authentication": "string",
        "two_factor_filter": "string",
        "two_factor_notification": "string",
        "type": "string",
        "user_info_exchange_server": "string",
        "username": "string",
    }],
    dynamic_sort_subtable="string",
    group_filter="string",
    group_member_check="string",
    group_object_filter="string",
    group_search_base="string",
    interface="string",
    interface_select_method="string",
    member_attr="string",
    name="string",
    object_user_ldap_id="string",
    obtain_user_info="string",
    password_attr="string",
    password_expiry_warning="string",
    password_renewal="string",
    passwords=["string"],
    port=0,
    scopetype="string",
    search_types=["string"],
    secondary_server="string",
    secure="string",
    server="string",
    server_identity_check="string",
    source_ip="string",
    source_ip_interfaces=["string"],
    source_port=0,
    ssl_min_proto_version="string",
    status_ttl=0,
    tertiary_server="string",
    two_factor="string",
    two_factor_authentication="string",
    two_factor_filter="string",
    two_factor_notification="string",
    type="string",
    user_info_exchange_server="string",
    username="string")
Copy
const objectUserLdapResource = new fortimanager.ObjectUserLdap("objectUserLdapResource", {
    accountKeyCertField: "string",
    accountKeyFilter: "string",
    accountKeyProcessing: "string",
    accountKeyUpnSan: "string",
    adom: "string",
    antiphish: "string",
    caCert: "string",
    clientCert: "string",
    clientCertAuth: "string",
    cnid: "string",
    dn: "string",
    dynamicMappings: [{
        _scopes: [{
            name: "string",
            vdom: "string",
        }],
        accountKeyCertField: "string",
        accountKeyFilter: "string",
        accountKeyName: "string",
        accountKeyProcessing: "string",
        accountKeyUpnSan: "string",
        antiphish: "string",
        caCert: "string",
        clientCertAuth: "string",
        clientCerts: ["string"],
        cnid: "string",
        dn: "string",
        filter: "string",
        group: "string",
        groupFilter: "string",
        groupMemberCheck: "string",
        groupObjectFilter: "string",
        groupObjectSearchBase: "string",
        groupSearchBase: "string",
        "interface": "string",
        interfaceSelectMethod: "string",
        maxConnections: 0,
        memberAttr: "string",
        obtainUserInfo: "string",
        passwordAttr: "string",
        passwordExpiryWarning: "string",
        passwordRenewal: "string",
        passwords: ["string"],
        port: 0,
        retrieveProtectionProfile: "string",
        searchTypes: ["string"],
        secondaryServer: "string",
        secure: "string",
        server: "string",
        serverIdentityCheck: "string",
        sourceIp: "string",
        sourceIpInterfaces: ["string"],
        sourcePort: 0,
        sslMaxProtoVersion: "string",
        sslMinProtoVersion: "string",
        statusTtl: 0,
        tertiaryServer: "string",
        twoFactor: "string",
        twoFactorAuthentication: "string",
        twoFactorFilter: "string",
        twoFactorNotification: "string",
        type: "string",
        userInfoExchangeServer: "string",
        username: "string",
    }],
    dynamicSortSubtable: "string",
    groupFilter: "string",
    groupMemberCheck: "string",
    groupObjectFilter: "string",
    groupSearchBase: "string",
    "interface": "string",
    interfaceSelectMethod: "string",
    memberAttr: "string",
    name: "string",
    objectUserLdapId: "string",
    obtainUserInfo: "string",
    passwordAttr: "string",
    passwordExpiryWarning: "string",
    passwordRenewal: "string",
    passwords: ["string"],
    port: 0,
    scopetype: "string",
    searchTypes: ["string"],
    secondaryServer: "string",
    secure: "string",
    server: "string",
    serverIdentityCheck: "string",
    sourceIp: "string",
    sourceIpInterfaces: ["string"],
    sourcePort: 0,
    sslMinProtoVersion: "string",
    statusTtl: 0,
    tertiaryServer: "string",
    twoFactor: "string",
    twoFactorAuthentication: "string",
    twoFactorFilter: "string",
    twoFactorNotification: "string",
    type: "string",
    userInfoExchangeServer: "string",
    username: "string",
});
Copy
type: fortimanager:ObjectUserLdap
properties:
    accountKeyCertField: string
    accountKeyFilter: string
    accountKeyProcessing: string
    accountKeyUpnSan: string
    adom: string
    antiphish: string
    caCert: string
    clientCert: string
    clientCertAuth: string
    cnid: string
    dn: string
    dynamicMappings:
        - _scopes:
            - name: string
              vdom: string
          accountKeyCertField: string
          accountKeyFilter: string
          accountKeyName: string
          accountKeyProcessing: string
          accountKeyUpnSan: string
          antiphish: string
          caCert: string
          clientCertAuth: string
          clientCerts:
            - string
          cnid: string
          dn: string
          filter: string
          group: string
          groupFilter: string
          groupMemberCheck: string
          groupObjectFilter: string
          groupObjectSearchBase: string
          groupSearchBase: string
          interface: string
          interfaceSelectMethod: string
          maxConnections: 0
          memberAttr: string
          obtainUserInfo: string
          passwordAttr: string
          passwordExpiryWarning: string
          passwordRenewal: string
          passwords:
            - string
          port: 0
          retrieveProtectionProfile: string
          searchTypes:
            - string
          secondaryServer: string
          secure: string
          server: string
          serverIdentityCheck: string
          sourceIp: string
          sourceIpInterfaces:
            - string
          sourcePort: 0
          sslMaxProtoVersion: string
          sslMinProtoVersion: string
          statusTtl: 0
          tertiaryServer: string
          twoFactor: string
          twoFactorAuthentication: string
          twoFactorFilter: string
          twoFactorNotification: string
          type: string
          userInfoExchangeServer: string
          username: string
    dynamicSortSubtable: string
    groupFilter: string
    groupMemberCheck: string
    groupObjectFilter: string
    groupSearchBase: string
    interface: string
    interfaceSelectMethod: string
    memberAttr: string
    name: string
    objectUserLdapId: string
    obtainUserInfo: string
    passwordAttr: string
    passwordExpiryWarning: string
    passwordRenewal: string
    passwords:
        - string
    port: 0
    scopetype: string
    searchTypes:
        - string
    secondaryServer: string
    secure: string
    server: string
    serverIdentityCheck: string
    sourceIp: string
    sourceIpInterfaces:
        - string
    sourcePort: 0
    sslMinProtoVersion: string
    statusTtl: 0
    tertiaryServer: string
    twoFactor: string
    twoFactorAuthentication: string
    twoFactorFilter: string
    twoFactorNotification: string
    type: string
    userInfoExchangeServer: string
    username: string
Copy

ObjectUserLdap Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectUserLdap resource accepts the following input properties:

AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCert string
Client certificate name.
ClientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
DynamicMappings List<ObjectUserLdapDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MemberAttr string
Name of attribute from which to get group membership.
Name string
LDAP server entry name.
ObjectUserLdapId string
an identifier for the resource with format {{name}}.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Name of attribute to get password hash.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords List<string>
Password for initial binding.
Port double
Port to be used for communication with the LDAP server (default = 389).
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SearchTypes List<string>
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces List<string>
Source interface for communication with the LDAP server.
SourcePort double
Source port to be used for communication with the LDAP server.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCert string
Client certificate name.
ClientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
DynamicMappings []ObjectUserLdapDynamicMappingTypeArgs
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MemberAttr string
Name of attribute from which to get group membership.
Name string
LDAP server entry name.
ObjectUserLdapId string
an identifier for the resource with format {{name}}.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Name of attribute to get password hash.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords []string
Password for initial binding.
Port float64
Port to be used for communication with the LDAP server (default = 389).
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SearchTypes []string
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces []string
Source interface for communication with the LDAP server.
SourcePort float64
Source port to be used for communication with the LDAP server.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl float64
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish String
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert String
CA certificate name.
clientCert String
Client certificate name.
clientCertAuth String
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
dynamicMappings List<ObjectUserLdapDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupSearchBase String
Search base used for group searching.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String
Specify outgoing interface to reach server.
memberAttr String
Name of attribute from which to get group membership.
name String
LDAP server entry name.
objectUserLdapId String
an identifier for the resource with format {{name}}.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Name of attribute to get password hash.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Double
Port to be used for communication with the LDAP server (default = 389).
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Double
Source port to be used for communication with the LDAP server.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.
accountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter string
Account key filter, using the UPN as the search filter.
accountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert string
CA certificate name.
clientCert string
Client certificate name.
clientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn string
Distinguished name used to look up entries on the LDAP server.
dynamicMappings ObjectUserLdapDynamicMapping[]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter string
Filter used for group matching.
groupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter string
Filter used for group searching.
groupSearchBase string
Search base used for group searching.
interface string
Specify outgoing interface to reach server.
interfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
memberAttr string
Name of attribute from which to get group membership.
name string
LDAP server entry name.
objectUserLdapId string
an identifier for the resource with format {{name}}.
obtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr string
Name of attribute to get password hash.
passwordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
passwords string[]
Password for initial binding.
port number
Port to be used for communication with the LDAP server (default = 389).
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes string[]
Search type. Valid values: nested, recursive.
secondaryServer string
Secondary LDAP server CN domain name or IP.
secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server string
LDAP server CN domain name or IP.
serverIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp string
Source IP for communications to LDAP server.
sourceIpInterfaces string[]
Source interface for communication with the LDAP server.
sourcePort number
Source port to be used for communication with the LDAP server.
sslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer string
Tertiary LDAP server CN domain name or IP.
twoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer string
MS Exchange server from which to fetch user information.
username string
Username (full DN) for initial binding.
account_key_cert_field str
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
account_key_filter str
Account key filter, using the UPN as the search filter.
account_key_processing str
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
account_key_upn_san str
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish str
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
ca_cert str
CA certificate name.
client_cert str
Client certificate name.
client_cert_auth str
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid str
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn str
Distinguished name used to look up entries on the LDAP server.
dynamic_mappings Sequence[ObjectUserLdapDynamicMappingArgs]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
group_filter str
Filter used for group matching.
group_member_check str
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
group_object_filter str
Filter used for group searching.
group_search_base str
Search base used for group searching.
interface str
Specify outgoing interface to reach server.
interface_select_method str
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
member_attr str
Name of attribute from which to get group membership.
name str
LDAP server entry name.
object_user_ldap_id str
an identifier for the resource with format {{name}}.
obtain_user_info str
Enable/disable obtaining of user information. Valid values: disable, enable.
password_attr str
Name of attribute to get password hash.
password_expiry_warning str
Enable/disable password expiry warnings. Valid values: disable, enable.
password_renewal str
Enable/disable online password renewal. Valid values: disable, enable.
passwords Sequence[str]
Password for initial binding.
port float
Port to be used for communication with the LDAP server (default = 389).
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
search_types Sequence[str]
Search type. Valid values: nested, recursive.
secondary_server str
Secondary LDAP server CN domain name or IP.
secure str
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server str
LDAP server CN domain name or IP.
server_identity_check str
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
source_ip str
Source IP for communications to LDAP server.
source_ip_interfaces Sequence[str]
Source interface for communication with the LDAP server.
source_port float
Source port to be used for communication with the LDAP server.
ssl_min_proto_version str
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
status_ttl float
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiary_server str
Tertiary LDAP server CN domain name or IP.
two_factor str
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
two_factor_authentication str
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
two_factor_filter str
Filter used to synchronize users to FortiToken Cloud.
two_factor_notification str
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type str
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
user_info_exchange_server str
MS Exchange server from which to fetch user information.
username str
Username (full DN) for initial binding.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish String
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert String
CA certificate name.
clientCert String
Client certificate name.
clientCertAuth String
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
dynamicMappings List<Property Map>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupSearchBase String
Search base used for group searching.
interface String
Specify outgoing interface to reach server.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
memberAttr String
Name of attribute from which to get group membership.
name String
LDAP server entry name.
objectUserLdapId String
an identifier for the resource with format {{name}}.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Name of attribute to get password hash.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Number
Port to be used for communication with the LDAP server (default = 389).
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Number
Source port to be used for communication with the LDAP server.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectUserLdap resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing ObjectUserLdap Resource

Get an existing ObjectUserLdap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectUserLdapState, opts?: CustomResourceOptions): ObjectUserLdap
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_key_cert_field: Optional[str] = None,
        account_key_filter: Optional[str] = None,
        account_key_processing: Optional[str] = None,
        account_key_upn_san: Optional[str] = None,
        adom: Optional[str] = None,
        antiphish: Optional[str] = None,
        ca_cert: Optional[str] = None,
        client_cert: Optional[str] = None,
        client_cert_auth: Optional[str] = None,
        cnid: Optional[str] = None,
        dn: Optional[str] = None,
        dynamic_mappings: Optional[Sequence[ObjectUserLdapDynamicMappingArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        group_filter: Optional[str] = None,
        group_member_check: Optional[str] = None,
        group_object_filter: Optional[str] = None,
        group_search_base: Optional[str] = None,
        interface: Optional[str] = None,
        interface_select_method: Optional[str] = None,
        member_attr: Optional[str] = None,
        name: Optional[str] = None,
        object_user_ldap_id: Optional[str] = None,
        obtain_user_info: Optional[str] = None,
        password_attr: Optional[str] = None,
        password_expiry_warning: Optional[str] = None,
        password_renewal: Optional[str] = None,
        passwords: Optional[Sequence[str]] = None,
        port: Optional[float] = None,
        scopetype: Optional[str] = None,
        search_types: Optional[Sequence[str]] = None,
        secondary_server: Optional[str] = None,
        secure: Optional[str] = None,
        server: Optional[str] = None,
        server_identity_check: Optional[str] = None,
        source_ip: Optional[str] = None,
        source_ip_interfaces: Optional[Sequence[str]] = None,
        source_port: Optional[float] = None,
        ssl_min_proto_version: Optional[str] = None,
        status_ttl: Optional[float] = None,
        tertiary_server: Optional[str] = None,
        two_factor: Optional[str] = None,
        two_factor_authentication: Optional[str] = None,
        two_factor_filter: Optional[str] = None,
        two_factor_notification: Optional[str] = None,
        type: Optional[str] = None,
        user_info_exchange_server: Optional[str] = None,
        username: Optional[str] = None) -> ObjectUserLdap
func GetObjectUserLdap(ctx *Context, name string, id IDInput, state *ObjectUserLdapState, opts ...ResourceOption) (*ObjectUserLdap, error)
public static ObjectUserLdap Get(string name, Input<string> id, ObjectUserLdapState? state, CustomResourceOptions? opts = null)
public static ObjectUserLdap get(String name, Output<String> id, ObjectUserLdapState state, CustomResourceOptions options)
resources:  _:    type: fortimanager:ObjectUserLdap    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCert string
Client certificate name.
ClientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
DynamicMappings List<ObjectUserLdapDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MemberAttr string
Name of attribute from which to get group membership.
Name string
LDAP server entry name.
ObjectUserLdapId string
an identifier for the resource with format {{name}}.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Name of attribute to get password hash.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords List<string>
Password for initial binding.
Port double
Port to be used for communication with the LDAP server (default = 389).
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SearchTypes List<string>
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces List<string>
Source interface for communication with the LDAP server.
SourcePort double
Source port to be used for communication with the LDAP server.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
Antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCert string
Client certificate name.
ClientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
DynamicMappings []ObjectUserLdapDynamicMappingTypeArgs
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MemberAttr string
Name of attribute from which to get group membership.
Name string
LDAP server entry name.
ObjectUserLdapId string
an identifier for the resource with format {{name}}.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Name of attribute to get password hash.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords []string
Password for initial binding.
Port float64
Port to be used for communication with the LDAP server (default = 389).
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
SearchTypes []string
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces []string
Source interface for communication with the LDAP server.
SourcePort float64
Source port to be used for communication with the LDAP server.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl float64
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish String
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert String
CA certificate name.
clientCert String
Client certificate name.
clientCertAuth String
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
dynamicMappings List<ObjectUserLdapDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupSearchBase String
Search base used for group searching.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String
Specify outgoing interface to reach server.
memberAttr String
Name of attribute from which to get group membership.
name String
LDAP server entry name.
objectUserLdapId String
an identifier for the resource with format {{name}}.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Name of attribute to get password hash.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Double
Port to be used for communication with the LDAP server (default = 389).
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Double
Source port to be used for communication with the LDAP server.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.
accountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter string
Account key filter, using the UPN as the search filter.
accountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish string
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert string
CA certificate name.
clientCert string
Client certificate name.
clientCertAuth string
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn string
Distinguished name used to look up entries on the LDAP server.
dynamicMappings ObjectUserLdapDynamicMapping[]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter string
Filter used for group matching.
groupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter string
Filter used for group searching.
groupSearchBase string
Search base used for group searching.
interface string
Specify outgoing interface to reach server.
interfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
memberAttr string
Name of attribute from which to get group membership.
name string
LDAP server entry name.
objectUserLdapId string
an identifier for the resource with format {{name}}.
obtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr string
Name of attribute to get password hash.
passwordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
passwords string[]
Password for initial binding.
port number
Port to be used for communication with the LDAP server (default = 389).
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes string[]
Search type. Valid values: nested, recursive.
secondaryServer string
Secondary LDAP server CN domain name or IP.
secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server string
LDAP server CN domain name or IP.
serverIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp string
Source IP for communications to LDAP server.
sourceIpInterfaces string[]
Source interface for communication with the LDAP server.
sourcePort number
Source port to be used for communication with the LDAP server.
sslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer string
Tertiary LDAP server CN domain name or IP.
twoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer string
MS Exchange server from which to fetch user information.
username string
Username (full DN) for initial binding.
account_key_cert_field str
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
account_key_filter str
Account key filter, using the UPN as the search filter.
account_key_processing str
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
account_key_upn_san str
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish str
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
ca_cert str
CA certificate name.
client_cert str
Client certificate name.
client_cert_auth str
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid str
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn str
Distinguished name used to look up entries on the LDAP server.
dynamic_mappings Sequence[ObjectUserLdapDynamicMappingArgs]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
group_filter str
Filter used for group matching.
group_member_check str
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
group_object_filter str
Filter used for group searching.
group_search_base str
Search base used for group searching.
interface str
Specify outgoing interface to reach server.
interface_select_method str
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
member_attr str
Name of attribute from which to get group membership.
name str
LDAP server entry name.
object_user_ldap_id str
an identifier for the resource with format {{name}}.
obtain_user_info str
Enable/disable obtaining of user information. Valid values: disable, enable.
password_attr str
Name of attribute to get password hash.
password_expiry_warning str
Enable/disable password expiry warnings. Valid values: disable, enable.
password_renewal str
Enable/disable online password renewal. Valid values: disable, enable.
passwords Sequence[str]
Password for initial binding.
port float
Port to be used for communication with the LDAP server (default = 389).
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
search_types Sequence[str]
Search type. Valid values: nested, recursive.
secondary_server str
Secondary LDAP server CN domain name or IP.
secure str
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server str
LDAP server CN domain name or IP.
server_identity_check str
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
source_ip str
Source IP for communications to LDAP server.
source_ip_interfaces Sequence[str]
Source interface for communication with the LDAP server.
source_port float
Source port to be used for communication with the LDAP server.
ssl_min_proto_version str
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
status_ttl float
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiary_server str
Tertiary LDAP server CN domain name or IP.
two_factor str
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
two_factor_authentication str
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
two_factor_filter str
Filter used to synchronize users to FortiToken Cloud.
two_factor_notification str
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type str
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
user_info_exchange_server str
MS Exchange server from which to fetch user information.
username str
Username (full DN) for initial binding.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
antiphish String
Enable/disable AntiPhishing credential backend. Valid values: disable, enable.
caCert String
CA certificate name.
clientCert String
Client certificate name.
clientCertAuth String
Enable/disable using client certificate for TLS authentication. Valid values: disable, enable.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
dynamicMappings List<Property Map>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupSearchBase String
Search base used for group searching.
interface String
Specify outgoing interface to reach server.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
memberAttr String
Name of attribute from which to get group membership.
name String
LDAP server entry name.
objectUserLdapId String
an identifier for the resource with format {{name}}.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Name of attribute to get password hash.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Number
Port to be used for communication with the LDAP server (default = 389).
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Number
Source port to be used for communication with the LDAP server.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.

Supporting Types

ObjectUserLdapDynamicMapping
, ObjectUserLdapDynamicMappingArgs

AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyName string
Account-Key-Name.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Antiphish string
Antiphish. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCertAuth string
Client-Cert-Auth. Valid values: disable, enable.
ClientCerts List<string>
Client-Cert.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
Filter string
Filter.
Group string
Group.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupObjectSearchBase string
Group-Object-Search-Base.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MaxConnections double
Max-Connections.
MemberAttr string
Name of attribute from which to get group membership.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Password-Attr.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords List<string>
Password for initial binding.
Port double
Port to be used for communication with the LDAP server (default = 389).
RetrieveProtectionProfile string
Retrieve-Protection-Profile.
SearchTypes List<string>
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces List<string>
Source interface for communication with the LDAP server.
SourcePort double
Source-Port.
SslMaxProtoVersion string
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
_scopes List<ObjectUserLdapDynamicMapping_Scope>
_Scope. The structure of _scope block is documented below.
AccountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
AccountKeyFilter string
Account key filter, using the UPN as the search filter.
AccountKeyName string
Account-Key-Name.
AccountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
AccountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
Antiphish string
Antiphish. Valid values: disable, enable.
CaCert string
CA certificate name.
ClientCertAuth string
Client-Cert-Auth. Valid values: disable, enable.
ClientCerts []string
Client-Cert.
Cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
Dn string
Distinguished name used to look up entries on the LDAP server.
Filter string
Filter.
Group string
Group.
GroupFilter string
Filter used for group matching.
GroupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
GroupObjectFilter string
Filter used for group searching.
GroupObjectSearchBase string
Group-Object-Search-Base.
GroupSearchBase string
Search base used for group searching.
Interface string
Specify outgoing interface to reach server.
InterfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
MaxConnections float64
Max-Connections.
MemberAttr string
Name of attribute from which to get group membership.
ObtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
PasswordAttr string
Password-Attr.
PasswordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
PasswordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
Passwords []string
Password for initial binding.
Port float64
Port to be used for communication with the LDAP server (default = 389).
RetrieveProtectionProfile string
Retrieve-Protection-Profile.
SearchTypes []string
Search type. Valid values: nested, recursive.
SecondaryServer string
Secondary LDAP server CN domain name or IP.
Secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
Server string
LDAP server CN domain name or IP.
ServerIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
SourceIp string
Source IP for communications to LDAP server.
SourceIpInterfaces []string
Source interface for communication with the LDAP server.
SourcePort float64
Source-Port.
SslMaxProtoVersion string
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
SslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
StatusTtl float64
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
TertiaryServer string
Tertiary LDAP server CN domain name or IP.
TwoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
TwoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
TwoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
TwoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
Type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
UserInfoExchangeServer string
MS Exchange server from which to fetch user information.
Username string
Username (full DN) for initial binding.
_scopes []ObjectUserLdapDynamicMapping_Scope
_Scope. The structure of _scope block is documented below.
_scopes List<ObjectUserLdapDynamicMapping_Scope>
_Scope. The structure of _scope block is documented below.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyName String
Account-Key-Name.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
antiphish String
Antiphish. Valid values: disable, enable.
caCert String
CA certificate name.
clientCertAuth String
Client-Cert-Auth. Valid values: disable, enable.
clientCerts List<String>
Client-Cert.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
filter String
Filter.
group String
Group.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupObjectSearchBase String
Group-Object-Search-Base.
groupSearchBase String
Search base used for group searching.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String
Specify outgoing interface to reach server.
maxConnections Double
Max-Connections.
memberAttr String
Name of attribute from which to get group membership.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Password-Attr.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Double
Port to be used for communication with the LDAP server (default = 389).
retrieveProtectionProfile String
Retrieve-Protection-Profile.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Double
Source-Port.
sslMaxProtoVersion String
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Double
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.
_scopes ObjectUserLdapDynamicMapping_Scope[]
_Scope. The structure of _scope block is documented below.
accountKeyCertField string
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter string
Account key filter, using the UPN as the search filter.
accountKeyName string
Account-Key-Name.
accountKeyProcessing string
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan string
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
antiphish string
Antiphish. Valid values: disable, enable.
caCert string
CA certificate name.
clientCertAuth string
Client-Cert-Auth. Valid values: disable, enable.
clientCerts string[]
Client-Cert.
cnid string
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn string
Distinguished name used to look up entries on the LDAP server.
filter string
Filter.
group string
Group.
groupFilter string
Filter used for group matching.
groupMemberCheck string
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter string
Filter used for group searching.
groupObjectSearchBase string
Group-Object-Search-Base.
groupSearchBase string
Search base used for group searching.
interface string
Specify outgoing interface to reach server.
interfaceSelectMethod string
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
maxConnections number
Max-Connections.
memberAttr string
Name of attribute from which to get group membership.
obtainUserInfo string
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr string
Password-Attr.
passwordExpiryWarning string
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal string
Enable/disable online password renewal. Valid values: disable, enable.
passwords string[]
Password for initial binding.
port number
Port to be used for communication with the LDAP server (default = 389).
retrieveProtectionProfile string
Retrieve-Protection-Profile.
searchTypes string[]
Search type. Valid values: nested, recursive.
secondaryServer string
Secondary LDAP server CN domain name or IP.
secure string
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server string
LDAP server CN domain name or IP.
serverIdentityCheck string
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp string
Source IP for communications to LDAP server.
sourceIpInterfaces string[]
Source interface for communication with the LDAP server.
sourcePort number
Source-Port.
sslMaxProtoVersion string
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
sslMinProtoVersion string
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer string
Tertiary LDAP server CN domain name or IP.
twoFactor string
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication string
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter string
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification string
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type string
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer string
MS Exchange server from which to fetch user information.
username string
Username (full DN) for initial binding.
_scopes Sequence[ObjectUserLdapDynamicMapping_Scope]
_Scope. The structure of _scope block is documented below.
account_key_cert_field str
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
account_key_filter str
Account key filter, using the UPN as the search filter.
account_key_name str
Account-Key-Name.
account_key_processing str
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
account_key_upn_san str
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
antiphish str
Antiphish. Valid values: disable, enable.
ca_cert str
CA certificate name.
client_cert_auth str
Client-Cert-Auth. Valid values: disable, enable.
client_certs Sequence[str]
Client-Cert.
cnid str
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn str
Distinguished name used to look up entries on the LDAP server.
filter str
Filter.
group str
Group.
group_filter str
Filter used for group matching.
group_member_check str
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
group_object_filter str
Filter used for group searching.
group_object_search_base str
Group-Object-Search-Base.
group_search_base str
Search base used for group searching.
interface str
Specify outgoing interface to reach server.
interface_select_method str
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
max_connections float
Max-Connections.
member_attr str
Name of attribute from which to get group membership.
obtain_user_info str
Enable/disable obtaining of user information. Valid values: disable, enable.
password_attr str
Password-Attr.
password_expiry_warning str
Enable/disable password expiry warnings. Valid values: disable, enable.
password_renewal str
Enable/disable online password renewal. Valid values: disable, enable.
passwords Sequence[str]
Password for initial binding.
port float
Port to be used for communication with the LDAP server (default = 389).
retrieve_protection_profile str
Retrieve-Protection-Profile.
search_types Sequence[str]
Search type. Valid values: nested, recursive.
secondary_server str
Secondary LDAP server CN domain name or IP.
secure str
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server str
LDAP server CN domain name or IP.
server_identity_check str
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
source_ip str
Source IP for communications to LDAP server.
source_ip_interfaces Sequence[str]
Source interface for communication with the LDAP server.
source_port float
Source-Port.
ssl_max_proto_version str
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
ssl_min_proto_version str
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
status_ttl float
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiary_server str
Tertiary LDAP server CN domain name or IP.
two_factor str
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
two_factor_authentication str
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
two_factor_filter str
Filter used to synchronize users to FortiToken Cloud.
two_factor_notification str
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type str
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
user_info_exchange_server str
MS Exchange server from which to fetch user information.
username str
Username (full DN) for initial binding.
_scopes List<Property Map>
_Scope. The structure of _scope block is documented below.
accountKeyCertField String
Define subject identity field in certificate for user access right checking. Valid values: othername, rfc822name, dnsname.
accountKeyFilter String
Account key filter, using the UPN as the search filter.
accountKeyName String
Account-Key-Name.
accountKeyProcessing String
Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: same, strip.
accountKeyUpnSan String
Define SAN in certificate for user principle name matching. Valid values: othername, rfc822name, dnsname.
antiphish String
Antiphish. Valid values: disable, enable.
caCert String
CA certificate name.
clientCertAuth String
Client-Cert-Auth. Valid values: disable, enable.
clientCerts List<String>
Client-Cert.
cnid String
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn".
dn String
Distinguished name used to look up entries on the LDAP server.
filter String
Filter.
group String
Group.
groupFilter String
Filter used for group matching.
groupMemberCheck String
Group member checking methods. Valid values: user-attr, group-object, posix-group-object.
groupObjectFilter String
Filter used for group searching.
groupObjectSearchBase String
Group-Object-Search-Base.
groupSearchBase String
Search base used for group searching.
interface String
Specify outgoing interface to reach server.
interfaceSelectMethod String
Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
maxConnections Number
Max-Connections.
memberAttr String
Name of attribute from which to get group membership.
obtainUserInfo String
Enable/disable obtaining of user information. Valid values: disable, enable.
passwordAttr String
Password-Attr.
passwordExpiryWarning String
Enable/disable password expiry warnings. Valid values: disable, enable.
passwordRenewal String
Enable/disable online password renewal. Valid values: disable, enable.
passwords List<String>
Password for initial binding.
port Number
Port to be used for communication with the LDAP server (default = 389).
retrieveProtectionProfile String
Retrieve-Protection-Profile.
searchTypes List<String>
Search type. Valid values: nested, recursive.
secondaryServer String
Secondary LDAP server CN domain name or IP.
secure String
Port to be used for authentication. Valid values: disable, starttls, ldaps.
server String
LDAP server CN domain name or IP.
serverIdentityCheck String
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: disable, enable.
sourceIp String
Source IP for communications to LDAP server.
sourceIpInterfaces List<String>
Source interface for communication with the LDAP server.
sourcePort Number
Source-Port.
sslMaxProtoVersion String
Ssl-Max-Proto-Version. Valid values: TLSv1-1, TLSv1-2, SSLv3, TLSv1, TLSv1-3.
sslMinProtoVersion String
Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: default, TLSv1, TLSv1-1, TLSv1-2, SSLv3.
statusTtl Number
Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300).
tertiaryServer String
Tertiary LDAP server CN domain name or IP.
twoFactor String
Enable/disable two-factor authentication. Valid values: disable, fortitoken-cloud.
twoFactorAuthentication String
Authentication method by FortiToken Cloud. Valid values: fortitoken, email, sms.
twoFactorFilter String
Filter used to synchronize users to FortiToken Cloud.
twoFactorNotification String
Notification method for user activation by FortiToken Cloud. Valid values: email, sms.
type String
Authentication type for LDAP searches. Valid values: simple, anonymous, regular.
userInfoExchangeServer String
MS Exchange server from which to fetch user information.
username String
Username (full DN) for initial binding.

ObjectUserLdapDynamicMapping_Scope
, ObjectUserLdapDynamicMapping_ScopeArgs

Name string
Name.
Vdom string
Vdom.
Name string
Name.
Vdom string
Vdom.
name String
Name.
vdom String
Vdom.
name string
Name.
vdom string
Vdom.
name str
Name.
vdom str
Vdom.
name String
Name.
vdom String
Vdom.

Import

ObjectUser Ldap can be imported using any of these accepted formats:

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectUserLdap:ObjectUserLdap labelname {{name}}
Copy

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes
This Pulumi package is based on the fortimanager Terraform Provider.