Skip to content

Commit

Permalink
support ldap userfilter attribute (#1378)
Browse files Browse the repository at this point in the history
  • Loading branch information
@FalcoSuessgott
FalcoSuessgott authored May 5, 2022
1 parent 53dcdbe commit d8c735d
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
10 changes: 10 additions & 0 deletions vault/resource_ldap_auth_backend.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@ func ldapAuthBackendResource() *schema.Resource {
return strings.ToLower(v.(string))
},
},
"userfilter": {
Type: schema.TypeString,
Optional: true,
Computed: true,
},
"discoverdn": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -240,6 +245,10 @@ func ldapAuthBackendUpdate(d *schema.ResourceData, meta interface{}) error {
data["userattr"] = v.(string)
}

if v, ok := d.GetOk("userfilter"); ok {
data["userfilter"] = v.(string)
}

if v, ok := d.GetOkExists("discoverdn"); ok {
data["discoverdn"] = v.(bool)
}
Expand Down Expand Up @@ -339,6 +348,7 @@ func ldapAuthBackendRead(d *schema.ResourceData, meta interface{}) error {
d.Set("case_sensitive_names", resp.Data["case_sensitive_names"])
d.Set("userdn", resp.Data["userdn"])
d.Set("userattr", resp.Data["userattr"])
d.Set("userfilter", resp.Data["userfilter"])
d.Set("discoverdn", resp.Data["discoverdn"])
d.Set("deny_null_bind", resp.Data["deny_null_bind"])
d.Set("upndomain", resp.Data["upndomain"])
Expand Down
3 changes: 2 additions & 1 deletion vault/resource_ldap_auth_backend_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ func testLDAPAuthBackendCheck_attrs(path string) resource.TestCheckFunc {
"binddn": "binddn",
"userdn": "userdn",
"userattr": "userattr",
"userfilter": "userfilter",
"discoverdn": "discoverdn",
"deny_null_bind": "deny_null_bind",
"upndomain": "upndomain",
Expand Down Expand Up @@ -283,7 +284,7 @@ resource "vault_ldap_auth_backend" "test" {
discoverdn = false
deny_null_bind = true
description = "example"
userfilter = "({{.UserAttr}}={{.Username}})"
use_token_groups = %s
}
`, path, local, use_token_groups)
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/ldap_auth_backend.html.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ The following arguments are supported:

* `userattr` - (Optional) Attribute on user object matching username passed in

* `userfilter` - (Optional) LDAP user search filter

* `upndomain` - (Optional) The userPrincipalDomain used to construct UPN string

* `discoverdn`: (Optional) Use anonymous bind to discover the bind DN of a user.
Expand Down

0 comments on commit d8c735d

Please sign in to comment.