ldap

package
v4.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 4, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FullNameMapper 

type FullNameMapper struct {
	pulumi.CustomResourceState

	// The name of the LDAP attribute containing the user's full name.
	LdapFullNameAttribute pulumi.StringOutput `pulumi:"ldapFullNameAttribute"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.
	ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.
	WriteOnly pulumi.BoolPtrOutput `pulumi:"writeOnly"`
}

Allows for creating and managing full name mappers for Keycloak users federated via LDAP.

The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a Keycloak user.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewFullNameMapper(ctx, "ldapFullNameMapper", &ldap.FullNameMapperArgs{
			RealmId:               realm.ID(),
			LdapUserFederationId:  ldapUserFederation.ID(),
			LdapFullNameAttribute: pulumi.String("cn"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/fullNameMapper:FullNameMapper ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetFullNameMapper 

func GetFullNameMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *FullNameMapperState, opts ...pulumi.ResourceOption) (*FullNameMapper, error)

GetFullNameMapper gets an existing FullNameMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewFullNameMapper 

func NewFullNameMapper(ctx *pulumi.Context,
	name string, args *FullNameMapperArgs, opts ...pulumi.ResourceOption) (*FullNameMapper, error)

NewFullNameMapper registers a new resource with the given unique name, arguments, and options.

func (*FullNameMapper) ElementType 

func (*FullNameMapper) ElementType() reflect.Type

func (*FullNameMapper) ToFullNameMapperOutput 

func (i *FullNameMapper) ToFullNameMapperOutput() FullNameMapperOutput

func (*FullNameMapper) ToFullNameMapperOutputWithContext 

func (i *FullNameMapper) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput

type FullNameMapperArgs 

type FullNameMapperArgs struct {
	// The name of the LDAP attribute containing the user's full name.
	LdapFullNameAttribute pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.
	ReadOnly pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.
	WriteOnly pulumi.BoolPtrInput
}

The set of arguments for constructing a FullNameMapper resource.

func (FullNameMapperArgs) ElementType 

func (FullNameMapperArgs) ElementType() reflect.Type

type FullNameMapperArray 

type FullNameMapperArray []FullNameMapperInput

func (FullNameMapperArray) ElementType 

func (FullNameMapperArray) ElementType() reflect.Type

func (FullNameMapperArray) ToFullNameMapperArrayOutput 

func (i FullNameMapperArray) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput

func (FullNameMapperArray) ToFullNameMapperArrayOutputWithContext 

func (i FullNameMapperArray) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput

type FullNameMapperArrayInput 

type FullNameMapperArrayInput interface {
	pulumi.Input

	ToFullNameMapperArrayOutput() FullNameMapperArrayOutput
	ToFullNameMapperArrayOutputWithContext(context.Context) FullNameMapperArrayOutput
}

FullNameMapperArrayInput is an input type that accepts FullNameMapperArray and FullNameMapperArrayOutput values. You can construct a concrete instance of `FullNameMapperArrayInput` via: 

FullNameMapperArray{ FullNameMapperArgs{...} }

type FullNameMapperArrayOutput 

type FullNameMapperArrayOutput struct{ *pulumi.OutputState }

func (FullNameMapperArrayOutput) ElementType 

func (FullNameMapperArrayOutput) ElementType() reflect.Type

func (FullNameMapperArrayOutput) Index 

func (o FullNameMapperArrayOutput) Index(i pulumi.IntInput) FullNameMapperOutput

func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutput 

func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput

func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext 

func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput

type FullNameMapperInput 

type FullNameMapperInput interface {
	pulumi.Input

	ToFullNameMapperOutput() FullNameMapperOutput
	ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput
}

type FullNameMapperMap 

type FullNameMapperMap map[string]FullNameMapperInput

func (FullNameMapperMap) ElementType 

func (FullNameMapperMap) ElementType() reflect.Type

func (FullNameMapperMap) ToFullNameMapperMapOutput 

func (i FullNameMapperMap) ToFullNameMapperMapOutput() FullNameMapperMapOutput

func (FullNameMapperMap) ToFullNameMapperMapOutputWithContext 

func (i FullNameMapperMap) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput

type FullNameMapperMapInput 

type FullNameMapperMapInput interface {
	pulumi.Input

	ToFullNameMapperMapOutput() FullNameMapperMapOutput
	ToFullNameMapperMapOutputWithContext(context.Context) FullNameMapperMapOutput
}

FullNameMapperMapInput is an input type that accepts FullNameMapperMap and FullNameMapperMapOutput values. You can construct a concrete instance of `FullNameMapperMapInput` via: 

FullNameMapperMap{ "key": FullNameMapperArgs{...} }

type FullNameMapperMapOutput 

type FullNameMapperMapOutput struct{ *pulumi.OutputState }

func (FullNameMapperMapOutput) ElementType 

func (FullNameMapperMapOutput) ElementType() reflect.Type

func (FullNameMapperMapOutput) MapIndex 

func (o FullNameMapperMapOutput) MapIndex(k pulumi.StringInput) FullNameMapperOutput

func (FullNameMapperMapOutput) ToFullNameMapperMapOutput 

func (o FullNameMapperMapOutput) ToFullNameMapperMapOutput() FullNameMapperMapOutput

func (FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext 

func (o FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput

type FullNameMapperOutput 

type FullNameMapperOutput struct{ *pulumi.OutputState }

func (FullNameMapperOutput) ElementType 

func (FullNameMapperOutput) ElementType() reflect.Type

func (FullNameMapperOutput) LdapFullNameAttribute added in v4.11.0 

func (o FullNameMapperOutput) LdapFullNameAttribute() pulumi.StringOutput

The name of the LDAP attribute containing the user's full name.

func (FullNameMapperOutput) LdapUserFederationId added in v4.11.0 

func (o FullNameMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (FullNameMapperOutput) Name added in v4.11.0 

func (o FullNameMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (FullNameMapperOutput) ReadOnly added in v4.11.0 

func (o FullNameMapperOutput) ReadOnly() pulumi.BoolPtrOutput

When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.

func (FullNameMapperOutput) RealmId added in v4.11.0 

func (o FullNameMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (FullNameMapperOutput) ToFullNameMapperOutput 

func (o FullNameMapperOutput) ToFullNameMapperOutput() FullNameMapperOutput

func (FullNameMapperOutput) ToFullNameMapperOutputWithContext 

func (o FullNameMapperOutput) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput

func (FullNameMapperOutput) WriteOnly added in v4.11.0 

func (o FullNameMapperOutput) WriteOnly() pulumi.BoolPtrOutput

When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.

type FullNameMapperState 

type FullNameMapperState struct {
	// The name of the LDAP attribute containing the user's full name.
	LdapFullNameAttribute pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.
	ReadOnly pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.
	WriteOnly pulumi.BoolPtrInput
}

func (FullNameMapperState) ElementType 

func (FullNameMapperState) ElementType() reflect.Type

type GroupMapper 

type GroupMapper struct {
	pulumi.CustomResourceState

	// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.
	DropNonExistingGroupsDuringSync pulumi.BoolPtrOutput `pulumi:"dropNonExistingGroupsDuringSync"`
	// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.
	GroupNameLdapAttribute pulumi.StringOutput `pulumi:"groupNameLdapAttribute"`
	// List of strings representing the object classes for the group. Must contain at least one.
	GroupObjectClasses pulumi.StringArrayOutput `pulumi:"groupObjectClasses"`
	// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.
	GroupsLdapFilter pulumi.StringPtrOutput `pulumi:"groupsLdapFilter"`
	// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.
	GroupsPath pulumi.StringOutput `pulumi:"groupsPath"`
	// When `true`, missing groups in the hierarchy will be ignored.
	IgnoreMissingGroups pulumi.BoolPtrOutput `pulumi:"ignoreMissingGroups"`
	// The LDAP DN where groups can be found.
	LdapGroupsDn pulumi.StringOutput `pulumi:"ldapGroupsDn"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.
	MappedGroupAttributes pulumi.StringArrayOutput `pulumi:"mappedGroupAttributes"`
	// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.
	MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"`
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"`
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"`
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"`
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrOutput `pulumi:"mode"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.
	PreserveGroupInheritance pulumi.BoolPtrOutput `pulumi:"preserveGroupInheritance"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"`
}

Allows for creating and managing group mappers for Keycloak users federated via LDAP.

The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also create the groups within Keycloak if they do not already exist.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewGroupMapper(ctx, "ldapGroupMapper", &ldap.GroupMapperArgs{
			RealmId:                realm.ID(),
			LdapUserFederationId:   ldapUserFederation.ID(),
			LdapGroupsDn:           pulumi.String("dc=example,dc=org"),
			GroupNameLdapAttribute: pulumi.String("cn"),
			GroupObjectClasses: pulumi.StringArray{
				pulumi.String("groupOfNames"),
			},
			MembershipAttributeType:     pulumi.String("DN"),
			MembershipLdapAttribute:     pulumi.String("member"),
			MembershipUserLdapAttribute: pulumi.String("cn"),
			MemberofLdapAttribute:       pulumi.String("memberOf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/groupMapper:GroupMapper ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetGroupMapper 

func GetGroupMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GroupMapperState, opts ...pulumi.ResourceOption) (*GroupMapper, error)

GetGroupMapper gets an existing GroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGroupMapper 

func NewGroupMapper(ctx *pulumi.Context,
	name string, args *GroupMapperArgs, opts ...pulumi.ResourceOption) (*GroupMapper, error)

NewGroupMapper registers a new resource with the given unique name, arguments, and options.

func (*GroupMapper) ElementType 

func (*GroupMapper) ElementType() reflect.Type

func (*GroupMapper) ToGroupMapperOutput 

func (i *GroupMapper) ToGroupMapperOutput() GroupMapperOutput

func (*GroupMapper) ToGroupMapperOutputWithContext 

func (i *GroupMapper) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput

type GroupMapperArgs 

type GroupMapperArgs struct {
	// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.
	DropNonExistingGroupsDuringSync pulumi.BoolPtrInput
	// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.
	GroupNameLdapAttribute pulumi.StringInput
	// List of strings representing the object classes for the group. Must contain at least one.
	GroupObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.
	GroupsLdapFilter pulumi.StringPtrInput
	// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.
	GroupsPath pulumi.StringPtrInput
	// When `true`, missing groups in the hierarchy will be ignored.
	IgnoreMissingGroups pulumi.BoolPtrInput
	// The LDAP DN where groups can be found.
	LdapGroupsDn pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.
	MappedGroupAttributes pulumi.StringArrayInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.
	PreserveGroupInheritance pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

The set of arguments for constructing a GroupMapper resource.

func (GroupMapperArgs) ElementType 

func (GroupMapperArgs) ElementType() reflect.Type

type GroupMapperArray 

type GroupMapperArray []GroupMapperInput

func (GroupMapperArray) ElementType 

func (GroupMapperArray) ElementType() reflect.Type

func (GroupMapperArray) ToGroupMapperArrayOutput 

func (i GroupMapperArray) ToGroupMapperArrayOutput() GroupMapperArrayOutput

func (GroupMapperArray) ToGroupMapperArrayOutputWithContext 

func (i GroupMapperArray) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput

type GroupMapperArrayInput 

type GroupMapperArrayInput interface {
	pulumi.Input

	ToGroupMapperArrayOutput() GroupMapperArrayOutput
	ToGroupMapperArrayOutputWithContext(context.Context) GroupMapperArrayOutput
}

GroupMapperArrayInput is an input type that accepts GroupMapperArray and GroupMapperArrayOutput values. You can construct a concrete instance of `GroupMapperArrayInput` via: 

GroupMapperArray{ GroupMapperArgs{...} }

type GroupMapperArrayOutput 

type GroupMapperArrayOutput struct{ *pulumi.OutputState }

func (GroupMapperArrayOutput) ElementType 

func (GroupMapperArrayOutput) ElementType() reflect.Type

func (GroupMapperArrayOutput) Index 

func (o GroupMapperArrayOutput) Index(i pulumi.IntInput) GroupMapperOutput

func (GroupMapperArrayOutput) ToGroupMapperArrayOutput 

func (o GroupMapperArrayOutput) ToGroupMapperArrayOutput() GroupMapperArrayOutput

func (GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext 

func (o GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput

type GroupMapperInput 

type GroupMapperInput interface {
	pulumi.Input

	ToGroupMapperOutput() GroupMapperOutput
	ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput
}

type GroupMapperMap 

type GroupMapperMap map[string]GroupMapperInput

func (GroupMapperMap) ElementType 

func (GroupMapperMap) ElementType() reflect.Type

func (GroupMapperMap) ToGroupMapperMapOutput 

func (i GroupMapperMap) ToGroupMapperMapOutput() GroupMapperMapOutput

func (GroupMapperMap) ToGroupMapperMapOutputWithContext 

func (i GroupMapperMap) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput

type GroupMapperMapInput 

type GroupMapperMapInput interface {
	pulumi.Input

	ToGroupMapperMapOutput() GroupMapperMapOutput
	ToGroupMapperMapOutputWithContext(context.Context) GroupMapperMapOutput
}

GroupMapperMapInput is an input type that accepts GroupMapperMap and GroupMapperMapOutput values. You can construct a concrete instance of `GroupMapperMapInput` via: 

GroupMapperMap{ "key": GroupMapperArgs{...} }

type GroupMapperMapOutput 

type GroupMapperMapOutput struct{ *pulumi.OutputState }

func (GroupMapperMapOutput) ElementType 

func (GroupMapperMapOutput) ElementType() reflect.Type

func (GroupMapperMapOutput) MapIndex 

func (o GroupMapperMapOutput) MapIndex(k pulumi.StringInput) GroupMapperOutput

func (GroupMapperMapOutput) ToGroupMapperMapOutput 

func (o GroupMapperMapOutput) ToGroupMapperMapOutput() GroupMapperMapOutput

func (GroupMapperMapOutput) ToGroupMapperMapOutputWithContext 

func (o GroupMapperMapOutput) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput

type GroupMapperOutput 

type GroupMapperOutput struct{ *pulumi.OutputState }

func (GroupMapperOutput) DropNonExistingGroupsDuringSync added in v4.11.0 

func (o GroupMapperOutput) DropNonExistingGroupsDuringSync() pulumi.BoolPtrOutput

When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.

func (GroupMapperOutput) ElementType 

func (GroupMapperOutput) ElementType() reflect.Type

func (GroupMapperOutput) GroupNameLdapAttribute added in v4.11.0 

func (o GroupMapperOutput) GroupNameLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.

func (GroupMapperOutput) GroupObjectClasses added in v4.11.0 

func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput

List of strings representing the object classes for the group. Must contain at least one.

func (GroupMapperOutput) GroupsLdapFilter added in v4.11.0 

func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput

When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.

func (GroupMapperOutput) GroupsPath added in v4.11.0 

func (o GroupMapperOutput) GroupsPath() pulumi.StringOutput

Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.

func (GroupMapperOutput) IgnoreMissingGroups added in v4.11.0 

func (o GroupMapperOutput) IgnoreMissingGroups() pulumi.BoolPtrOutput

When `true`, missing groups in the hierarchy will be ignored.

func (GroupMapperOutput) LdapGroupsDn added in v4.11.0 

func (o GroupMapperOutput) LdapGroupsDn() pulumi.StringOutput

The LDAP DN where groups can be found.

func (GroupMapperOutput) LdapUserFederationId added in v4.11.0 

func (o GroupMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (GroupMapperOutput) MappedGroupAttributes added in v4.11.0 

func (o GroupMapperOutput) MappedGroupAttributes() pulumi.StringArrayOutput

Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.

func (GroupMapperOutput) MemberofLdapAttribute added in v4.11.0 

func (o GroupMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput

Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.

func (GroupMapperOutput) MembershipAttributeType added in v4.11.0 

func (o GroupMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput

Can be one of `DN` or `UID`. Defaults to `DN`.

func (GroupMapperOutput) MembershipLdapAttribute added in v4.11.0 

func (o GroupMapperOutput) MembershipLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used for membership mappings.

func (GroupMapperOutput) MembershipUserLdapAttribute added in v4.11.0 

func (o GroupMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute on a user that is used for membership mappings.

func (GroupMapperOutput) Mode added in v4.11.0 

func (o GroupMapperOutput) Mode() pulumi.StringPtrOutput

Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.

func (GroupMapperOutput) Name added in v4.11.0 

func (o GroupMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (GroupMapperOutput) PreserveGroupInheritance added in v4.11.0 

func (o GroupMapperOutput) PreserveGroupInheritance() pulumi.BoolPtrOutput

When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.

func (GroupMapperOutput) RealmId added in v4.11.0 

func (o GroupMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (GroupMapperOutput) ToGroupMapperOutput 

func (o GroupMapperOutput) ToGroupMapperOutput() GroupMapperOutput

func (GroupMapperOutput) ToGroupMapperOutputWithContext 

func (o GroupMapperOutput) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput

func (GroupMapperOutput) UserRolesRetrieveStrategy added in v4.11.0 

func (o GroupMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput

Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.

type GroupMapperState 

type GroupMapperState struct {
	// When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.
	DropNonExistingGroupsDuringSync pulumi.BoolPtrInput
	// The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.
	GroupNameLdapAttribute pulumi.StringPtrInput
	// List of strings representing the object classes for the group. Must contain at least one.
	GroupObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.
	GroupsLdapFilter pulumi.StringPtrInput
	// Keycloak group path the LDAP groups are added to. For example if value `/Applications/App1` is used, then LDAP groups will be available in Keycloak under group `App1`, which is the child of top level group `Applications`. The configured group path must already exist in Keycloak when creating this mapper.
	GroupsPath pulumi.StringPtrInput
	// When `true`, missing groups in the hierarchy will be ignored.
	IgnoreMissingGroups pulumi.BoolPtrInput
	// The LDAP DN where groups can be found.
	LdapGroupsDn pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.
	MappedGroupAttributes pulumi.StringArrayInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringPtrInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringPtrInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.
	PreserveGroupInheritance pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

func (GroupMapperState) ElementType 

func (GroupMapperState) ElementType() reflect.Type

type HardcodedGroupMapper 

type HardcodedGroupMapper struct {
	pulumi.CustomResourceState

	// Group to grant to user.
	Group pulumi.StringOutput `pulumi:"group"`
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

func GetHardcodedGroupMapper 

func GetHardcodedGroupMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *HardcodedGroupMapperState, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)

GetHardcodedGroupMapper gets an existing HardcodedGroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewHardcodedGroupMapper 

func NewHardcodedGroupMapper(ctx *pulumi.Context,
	name string, args *HardcodedGroupMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)

NewHardcodedGroupMapper registers a new resource with the given unique name, arguments, and options.

func (*HardcodedGroupMapper) ElementType 

func (*HardcodedGroupMapper) ElementType() reflect.Type

func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutput 

func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput

func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext 

func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput

type HardcodedGroupMapperArgs 

type HardcodedGroupMapperArgs struct {
	// Group to grant to user.
	Group pulumi.StringInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a HardcodedGroupMapper resource.

func (HardcodedGroupMapperArgs) ElementType 

func (HardcodedGroupMapperArgs) ElementType() reflect.Type

type HardcodedGroupMapperArray 

type HardcodedGroupMapperArray []HardcodedGroupMapperInput

func (HardcodedGroupMapperArray) ElementType 

func (HardcodedGroupMapperArray) ElementType() reflect.Type

func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput 

func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput

func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext 

func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput

type HardcodedGroupMapperArrayInput 

type HardcodedGroupMapperArrayInput interface {
	pulumi.Input

	ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput
	ToHardcodedGroupMapperArrayOutputWithContext(context.Context) HardcodedGroupMapperArrayOutput
}

HardcodedGroupMapperArrayInput is an input type that accepts HardcodedGroupMapperArray and HardcodedGroupMapperArrayOutput values. You can construct a concrete instance of `HardcodedGroupMapperArrayInput` via: 

HardcodedGroupMapperArray{ HardcodedGroupMapperArgs{...} }

type HardcodedGroupMapperArrayOutput 

type HardcodedGroupMapperArrayOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperArrayOutput) ElementType 

func (HardcodedGroupMapperArrayOutput) ElementType() reflect.Type

func (HardcodedGroupMapperArrayOutput) Index 

func (o HardcodedGroupMapperArrayOutput) Index(i pulumi.IntInput) HardcodedGroupMapperOutput

func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput 

func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput

func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext 

func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput

type HardcodedGroupMapperInput 

type HardcodedGroupMapperInput interface {
	pulumi.Input

	ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput
	ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput
}

type HardcodedGroupMapperMap 

type HardcodedGroupMapperMap map[string]HardcodedGroupMapperInput

func (HardcodedGroupMapperMap) ElementType 

func (HardcodedGroupMapperMap) ElementType() reflect.Type

func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput 

func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput

func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext 

func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput

type HardcodedGroupMapperMapInput 

type HardcodedGroupMapperMapInput interface {
	pulumi.Input

	ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput
	ToHardcodedGroupMapperMapOutputWithContext(context.Context) HardcodedGroupMapperMapOutput
}

HardcodedGroupMapperMapInput is an input type that accepts HardcodedGroupMapperMap and HardcodedGroupMapperMapOutput values. You can construct a concrete instance of `HardcodedGroupMapperMapInput` via: 

HardcodedGroupMapperMap{ "key": HardcodedGroupMapperArgs{...} }

type HardcodedGroupMapperMapOutput 

type HardcodedGroupMapperMapOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperMapOutput) ElementType 

func (HardcodedGroupMapperMapOutput) ElementType() reflect.Type

func (HardcodedGroupMapperMapOutput) MapIndex 

func (o HardcodedGroupMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedGroupMapperOutput

func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput 

func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput

func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext 

func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput

type HardcodedGroupMapperOutput 

type HardcodedGroupMapperOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperOutput) ElementType 

func (HardcodedGroupMapperOutput) ElementType() reflect.Type

func (HardcodedGroupMapperOutput) Group added in v4.11.0 

func (o HardcodedGroupMapperOutput) Group() pulumi.StringOutput

Group to grant to user.

func (HardcodedGroupMapperOutput) LdapUserFederationId added in v4.11.0 

func (o HardcodedGroupMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (HardcodedGroupMapperOutput) Name added in v4.11.0 

func (o HardcodedGroupMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (HardcodedGroupMapperOutput) RealmId added in v4.11.0 

func (o HardcodedGroupMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput 

func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput

func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext 

func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput

type HardcodedGroupMapperState 

type HardcodedGroupMapperState struct {
	// Group to grant to user.
	Group pulumi.StringPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringPtrInput
}

func (HardcodedGroupMapperState) ElementType 

func (HardcodedGroupMapperState) ElementType() reflect.Type

type HardcodedRoleMapper 

type HardcodedRoleMapper struct {
	pulumi.CustomResourceState

	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.

The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.

## Example Usage ### Realm Role)

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		realmAdminRole, err := keycloak.NewRole(ctx, "realmAdminRole", &keycloak.RoleArgs{
			RealmId:     realm.ID(),
			Description: pulumi.String("My Realm Role"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Role:                 realmAdminRole.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Client Role)

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		realmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{
			RealmId:  realm.ID(),
			ClientId: pulumi.String("realm-management"),
		}, nil)
		_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Role: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) {
				realmManagement := _args[0].(openid.GetClientResult)
				createClient := _args[1].(GetRoleResult)
				return fmt.Sprintf("%v.%v", realmManagement.ClientId, createClient.Name), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetHardcodedRoleMapper 

func GetHardcodedRoleMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *HardcodedRoleMapperState, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)

GetHardcodedRoleMapper gets an existing HardcodedRoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewHardcodedRoleMapper 

func NewHardcodedRoleMapper(ctx *pulumi.Context,
	name string, args *HardcodedRoleMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)

NewHardcodedRoleMapper registers a new resource with the given unique name, arguments, and options.

func (*HardcodedRoleMapper) ElementType 

func (*HardcodedRoleMapper) ElementType() reflect.Type

func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutput 

func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput

func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext 

func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput

type HardcodedRoleMapperArgs 

type HardcodedRoleMapperArgs struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a HardcodedRoleMapper resource.

func (HardcodedRoleMapperArgs) ElementType 

func (HardcodedRoleMapperArgs) ElementType() reflect.Type

type HardcodedRoleMapperArray 

type HardcodedRoleMapperArray []HardcodedRoleMapperInput

func (HardcodedRoleMapperArray) ElementType 

func (HardcodedRoleMapperArray) ElementType() reflect.Type

func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput 

func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput

func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext 

func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput

type HardcodedRoleMapperArrayInput 

type HardcodedRoleMapperArrayInput interface {
	pulumi.Input

	ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput
	ToHardcodedRoleMapperArrayOutputWithContext(context.Context) HardcodedRoleMapperArrayOutput
}

HardcodedRoleMapperArrayInput is an input type that accepts HardcodedRoleMapperArray and HardcodedRoleMapperArrayOutput values. You can construct a concrete instance of `HardcodedRoleMapperArrayInput` via: 

HardcodedRoleMapperArray{ HardcodedRoleMapperArgs{...} }

type HardcodedRoleMapperArrayOutput 

type HardcodedRoleMapperArrayOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperArrayOutput) ElementType 

func (HardcodedRoleMapperArrayOutput) ElementType() reflect.Type

func (HardcodedRoleMapperArrayOutput) Index 

func (o HardcodedRoleMapperArrayOutput) Index(i pulumi.IntInput) HardcodedRoleMapperOutput

func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput 

func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput

func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext 

func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput

type HardcodedRoleMapperInput 

type HardcodedRoleMapperInput interface {
	pulumi.Input

	ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput
	ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput
}

type HardcodedRoleMapperMap 

type HardcodedRoleMapperMap map[string]HardcodedRoleMapperInput

func (HardcodedRoleMapperMap) ElementType 

func (HardcodedRoleMapperMap) ElementType() reflect.Type

func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput 

func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput

func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext 

func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput

type HardcodedRoleMapperMapInput 

type HardcodedRoleMapperMapInput interface {
	pulumi.Input

	ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput
	ToHardcodedRoleMapperMapOutputWithContext(context.Context) HardcodedRoleMapperMapOutput
}

HardcodedRoleMapperMapInput is an input type that accepts HardcodedRoleMapperMap and HardcodedRoleMapperMapOutput values. You can construct a concrete instance of `HardcodedRoleMapperMapInput` via: 

HardcodedRoleMapperMap{ "key": HardcodedRoleMapperArgs{...} }

type HardcodedRoleMapperMapOutput 

type HardcodedRoleMapperMapOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperMapOutput) ElementType 

func (HardcodedRoleMapperMapOutput) ElementType() reflect.Type

func (HardcodedRoleMapperMapOutput) MapIndex 

func (o HardcodedRoleMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedRoleMapperOutput

func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput 

func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput

func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext 

func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput

type HardcodedRoleMapperOutput 

type HardcodedRoleMapperOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperOutput) ElementType 

func (HardcodedRoleMapperOutput) ElementType() reflect.Type

func (HardcodedRoleMapperOutput) LdapUserFederationId added in v4.11.0 

func (o HardcodedRoleMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (HardcodedRoleMapperOutput) Name added in v4.11.0 

func (o HardcodedRoleMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (HardcodedRoleMapperOutput) RealmId added in v4.11.0 

func (o HardcodedRoleMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (HardcodedRoleMapperOutput) Role added in v4.11.0 

func (o HardcodedRoleMapperOutput) Role() pulumi.StringOutput

The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.

func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput 

func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput

func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext 

func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput

type HardcodedRoleMapperState 

type HardcodedRoleMapperState struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// The name of the role which should be assigned to the users. Client roles should use the format `{{client_id}}.{{client_role_name}}`.
	Role pulumi.StringPtrInput
}

func (HardcodedRoleMapperState) ElementType 

func (HardcodedRoleMapperState) ElementType() reflect.Type

type MsadLdsUserAccountControlMapper 

type MsadLdsUserAccountControlMapper struct {
	pulumi.CustomResourceState

	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing MSAD-LDS user account control mappers for Keycloak users federated via LDAP.

The MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific to LDAP user federation providers that are pulling from AD-LDS, and it can propagate AD-LDS user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("objectGUID"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("person"),
				pulumi.String("organizationalPerson"),
				pulumi.String("user"),
			},
			ConnectionUrl:  pulumi.String("ldap://my-ad-server"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, "msadLdsUserAccountControlMapper", &ldap.MsadLdsUserAccountControlMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetMsadLdsUserAccountControlMapper 

func GetMsadLdsUserAccountControlMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MsadLdsUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)

GetMsadLdsUserAccountControlMapper gets an existing MsadLdsUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMsadLdsUserAccountControlMapper 

func NewMsadLdsUserAccountControlMapper(ctx *pulumi.Context,
	name string, args *MsadLdsUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)

NewMsadLdsUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.

func (*MsadLdsUserAccountControlMapper) ElementType 

func (*MsadLdsUserAccountControlMapper) ElementType() reflect.Type

func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput 

func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput

func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext 

func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput

type MsadLdsUserAccountControlMapperArgs 

type MsadLdsUserAccountControlMapperArgs struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a MsadLdsUserAccountControlMapper resource.

func (MsadLdsUserAccountControlMapperArgs) ElementType 

func (MsadLdsUserAccountControlMapperArgs) ElementType() reflect.Type

type MsadLdsUserAccountControlMapperArray 

type MsadLdsUserAccountControlMapperArray []MsadLdsUserAccountControlMapperInput

func (MsadLdsUserAccountControlMapperArray) ElementType 

func (MsadLdsUserAccountControlMapperArray) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput 

func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput

func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext 

func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput

type MsadLdsUserAccountControlMapperArrayInput 

type MsadLdsUserAccountControlMapperArrayInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
	ToMsadLdsUserAccountControlMapperArrayOutputWithContext(context.Context) MsadLdsUserAccountControlMapperArrayOutput
}

MsadLdsUserAccountControlMapperArrayInput is an input type that accepts MsadLdsUserAccountControlMapperArray and MsadLdsUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperArrayInput` via: 

MsadLdsUserAccountControlMapperArray{ MsadLdsUserAccountControlMapperArgs{...} }

type MsadLdsUserAccountControlMapperArrayOutput 

type MsadLdsUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperArrayOutput) ElementType 

func (MsadLdsUserAccountControlMapperArrayOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperArrayOutput) Index 

func (o MsadLdsUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput 

func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput

func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext 

func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput

type MsadLdsUserAccountControlMapperInput 

type MsadLdsUserAccountControlMapperInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
	ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
}

type MsadLdsUserAccountControlMapperMap 

type MsadLdsUserAccountControlMapperMap map[string]MsadLdsUserAccountControlMapperInput

func (MsadLdsUserAccountControlMapperMap) ElementType 

func (MsadLdsUserAccountControlMapperMap) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput 

func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput

func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext 

func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput

type MsadLdsUserAccountControlMapperMapInput 

type MsadLdsUserAccountControlMapperMapInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
	ToMsadLdsUserAccountControlMapperMapOutputWithContext(context.Context) MsadLdsUserAccountControlMapperMapOutput
}

MsadLdsUserAccountControlMapperMapInput is an input type that accepts MsadLdsUserAccountControlMapperMap and MsadLdsUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperMapInput` via: 

MsadLdsUserAccountControlMapperMap{ "key": MsadLdsUserAccountControlMapperArgs{...} }

type MsadLdsUserAccountControlMapperMapOutput 

type MsadLdsUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperMapOutput) ElementType 

func (MsadLdsUserAccountControlMapperMapOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperMapOutput) MapIndex 

func (o MsadLdsUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput 

func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput

func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext 

func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput

type MsadLdsUserAccountControlMapperOutput 

type MsadLdsUserAccountControlMapperOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperOutput) ElementType 

func (MsadLdsUserAccountControlMapperOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperOutput) LdapUserFederationId added in v4.11.0 

func (o MsadLdsUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (MsadLdsUserAccountControlMapperOutput) Name added in v4.11.0 

func (o MsadLdsUserAccountControlMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (MsadLdsUserAccountControlMapperOutput) RealmId added in v4.11.0 

func (o MsadLdsUserAccountControlMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput 

func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext 

func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput

type MsadLdsUserAccountControlMapperState 

type MsadLdsUserAccountControlMapperState struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (MsadLdsUserAccountControlMapperState) ElementType 

func (MsadLdsUserAccountControlMapperState) ElementType() reflect.Type

type MsadUserAccountControlMapper 

type MsadUserAccountControlMapper struct {
	pulumi.CustomResourceState

	// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrOutput `pulumi:"ldapPasswordPolicyHintsEnabled"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP.

The MSAD (Microsoft Active Directory) user account control mapper is specific to LDAP user federation providers that are pulling from AD, and it can propagate AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("objectGUID"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("person"),
				pulumi.String("organizationalPerson"),
				pulumi.String("user"),
			},
			ConnectionUrl:  pulumi.String("ldap://my-ad-server"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewMsadUserAccountControlMapper(ctx, "msadUserAccountControlMapper", &ldap.MsadUserAccountControlMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetMsadUserAccountControlMapper 

func GetMsadUserAccountControlMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MsadUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)

GetMsadUserAccountControlMapper gets an existing MsadUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMsadUserAccountControlMapper 

func NewMsadUserAccountControlMapper(ctx *pulumi.Context,
	name string, args *MsadUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)

NewMsadUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.

func (*MsadUserAccountControlMapper) ElementType 

func (*MsadUserAccountControlMapper) ElementType() reflect.Type

func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput 

func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput

func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext 

func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput

type MsadUserAccountControlMapperArgs 

type MsadUserAccountControlMapperArgs struct {
	// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a MsadUserAccountControlMapper resource.

func (MsadUserAccountControlMapperArgs) ElementType 

func (MsadUserAccountControlMapperArgs) ElementType() reflect.Type

type MsadUserAccountControlMapperArray 

type MsadUserAccountControlMapperArray []MsadUserAccountControlMapperInput

func (MsadUserAccountControlMapperArray) ElementType 

func (MsadUserAccountControlMapperArray) ElementType() reflect.Type

func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput 

func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput

func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext 

func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput

type MsadUserAccountControlMapperArrayInput 

type MsadUserAccountControlMapperArrayInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
	ToMsadUserAccountControlMapperArrayOutputWithContext(context.Context) MsadUserAccountControlMapperArrayOutput
}

MsadUserAccountControlMapperArrayInput is an input type that accepts MsadUserAccountControlMapperArray and MsadUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperArrayInput` via: 

MsadUserAccountControlMapperArray{ MsadUserAccountControlMapperArgs{...} }

type MsadUserAccountControlMapperArrayOutput 

type MsadUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperArrayOutput) ElementType 

func (MsadUserAccountControlMapperArrayOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperArrayOutput) Index 

func (o MsadUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput 

func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput

func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext 

func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput

type MsadUserAccountControlMapperInput 

type MsadUserAccountControlMapperInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
	ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
}

type MsadUserAccountControlMapperMap 

type MsadUserAccountControlMapperMap map[string]MsadUserAccountControlMapperInput

func (MsadUserAccountControlMapperMap) ElementType 

func (MsadUserAccountControlMapperMap) ElementType() reflect.Type

func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput 

func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput

func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext 

func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput

type MsadUserAccountControlMapperMapInput 

type MsadUserAccountControlMapperMapInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
	ToMsadUserAccountControlMapperMapOutputWithContext(context.Context) MsadUserAccountControlMapperMapOutput
}

MsadUserAccountControlMapperMapInput is an input type that accepts MsadUserAccountControlMapperMap and MsadUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperMapInput` via: 

MsadUserAccountControlMapperMap{ "key": MsadUserAccountControlMapperArgs{...} }

type MsadUserAccountControlMapperMapOutput 

type MsadUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperMapOutput) ElementType 

func (MsadUserAccountControlMapperMapOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperMapOutput) MapIndex 

func (o MsadUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput 

func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput

func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext 

func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput

type MsadUserAccountControlMapperOutput 

type MsadUserAccountControlMapperOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperOutput) ElementType 

func (MsadUserAccountControlMapperOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled added in v4.11.0 

func (o MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled() pulumi.BoolPtrOutput

When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.

func (MsadUserAccountControlMapperOutput) LdapUserFederationId added in v4.11.0 

func (o MsadUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (MsadUserAccountControlMapperOutput) Name added in v4.11.0 

func (o MsadUserAccountControlMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (MsadUserAccountControlMapperOutput) RealmId added in v4.11.0 

func (o MsadUserAccountControlMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput 

func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext 

func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput

type MsadUserAccountControlMapperState 

type MsadUserAccountControlMapperState struct {
	// When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.
	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (MsadUserAccountControlMapperState) ElementType 

func (MsadUserAccountControlMapperState) ElementType() reflect.Type

type RoleMapper 

type RoleMapper struct {
	pulumi.CustomResourceState

	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringOutput `pulumi:"ldapRolesDn"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"`
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"`
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"`
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"`
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrOutput `pulumi:"mode"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringOutput `pulumi:"roleNameLdapAttribute"`
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayOutput `pulumi:"roleObjectClasses"`
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrOutput `pulumi:"rolesLdapFilter"`
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrOutput `pulumi:"useRealmRolesMapping"`
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"`
}

Allows for creating and managing role mappers for Keycloak users federated via LDAP.

The LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewRoleMapper(ctx, "ldapRoleMapper", &ldap.RoleMapperArgs{
			RealmId:               realm.ID(),
			LdapUserFederationId:  ldapUserFederation.ID(),
			LdapRolesDn:           pulumi.String("dc=example,dc=org"),
			RoleNameLdapAttribute: pulumi.String("cn"),
			RoleObjectClasses: pulumi.StringArray{
				pulumi.String("groupOfNames"),
			},
			MembershipAttributeType:     pulumi.String("DN"),
			MembershipLdapAttribute:     pulumi.String("member"),
			MembershipUserLdapAttribute: pulumi.String("cn"),
			UserRolesRetrieveStrategy:   pulumi.String("GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE"),
			MemberofLdapAttribute:       pulumi.String("memberOf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetRoleMapper 

func GetRoleMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleMapperState, opts ...pulumi.ResourceOption) (*RoleMapper, error)

GetRoleMapper gets an existing RoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRoleMapper 

func NewRoleMapper(ctx *pulumi.Context,
	name string, args *RoleMapperArgs, opts ...pulumi.ResourceOption) (*RoleMapper, error)

NewRoleMapper registers a new resource with the given unique name, arguments, and options.

func (*RoleMapper) ElementType 

func (*RoleMapper) ElementType() reflect.Type

func (*RoleMapper) ToRoleMapperOutput 

func (i *RoleMapper) ToRoleMapperOutput() RoleMapperOutput

func (*RoleMapper) ToRoleMapperOutputWithContext 

func (i *RoleMapper) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput

type RoleMapperArgs 

type RoleMapperArgs struct {
	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrInput
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringInput
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrInput
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrInput
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

The set of arguments for constructing a RoleMapper resource.

func (RoleMapperArgs) ElementType 

func (RoleMapperArgs) ElementType() reflect.Type

type RoleMapperArray 

type RoleMapperArray []RoleMapperInput

func (RoleMapperArray) ElementType 

func (RoleMapperArray) ElementType() reflect.Type

func (RoleMapperArray) ToRoleMapperArrayOutput 

func (i RoleMapperArray) ToRoleMapperArrayOutput() RoleMapperArrayOutput

func (RoleMapperArray) ToRoleMapperArrayOutputWithContext 

func (i RoleMapperArray) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput

type RoleMapperArrayInput 

type RoleMapperArrayInput interface {
	pulumi.Input

	ToRoleMapperArrayOutput() RoleMapperArrayOutput
	ToRoleMapperArrayOutputWithContext(context.Context) RoleMapperArrayOutput
}

RoleMapperArrayInput is an input type that accepts RoleMapperArray and RoleMapperArrayOutput values. You can construct a concrete instance of `RoleMapperArrayInput` via: 

RoleMapperArray{ RoleMapperArgs{...} }

type RoleMapperArrayOutput 

type RoleMapperArrayOutput struct{ *pulumi.OutputState }

func (RoleMapperArrayOutput) ElementType 

func (RoleMapperArrayOutput) ElementType() reflect.Type

func (RoleMapperArrayOutput) Index 

func (o RoleMapperArrayOutput) Index(i pulumi.IntInput) RoleMapperOutput

func (RoleMapperArrayOutput) ToRoleMapperArrayOutput 

func (o RoleMapperArrayOutput) ToRoleMapperArrayOutput() RoleMapperArrayOutput

func (RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext 

func (o RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput

type RoleMapperInput 

type RoleMapperInput interface {
	pulumi.Input

	ToRoleMapperOutput() RoleMapperOutput
	ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput
}

type RoleMapperMap 

type RoleMapperMap map[string]RoleMapperInput

func (RoleMapperMap) ElementType 

func (RoleMapperMap) ElementType() reflect.Type

func (RoleMapperMap) ToRoleMapperMapOutput 

func (i RoleMapperMap) ToRoleMapperMapOutput() RoleMapperMapOutput

func (RoleMapperMap) ToRoleMapperMapOutputWithContext 

func (i RoleMapperMap) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput

type RoleMapperMapInput 

type RoleMapperMapInput interface {
	pulumi.Input

	ToRoleMapperMapOutput() RoleMapperMapOutput
	ToRoleMapperMapOutputWithContext(context.Context) RoleMapperMapOutput
}

RoleMapperMapInput is an input type that accepts RoleMapperMap and RoleMapperMapOutput values. You can construct a concrete instance of `RoleMapperMapInput` via: 

RoleMapperMap{ "key": RoleMapperArgs{...} }

type RoleMapperMapOutput 

type RoleMapperMapOutput struct{ *pulumi.OutputState }

func (RoleMapperMapOutput) ElementType 

func (RoleMapperMapOutput) ElementType() reflect.Type

func (RoleMapperMapOutput) MapIndex 

func (o RoleMapperMapOutput) MapIndex(k pulumi.StringInput) RoleMapperOutput

func (RoleMapperMapOutput) ToRoleMapperMapOutput 

func (o RoleMapperMapOutput) ToRoleMapperMapOutput() RoleMapperMapOutput

func (RoleMapperMapOutput) ToRoleMapperMapOutputWithContext 

func (o RoleMapperMapOutput) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput

type RoleMapperOutput 

type RoleMapperOutput struct{ *pulumi.OutputState }

func (RoleMapperOutput) ClientId added in v4.11.0 

func (o RoleMapperOutput) ClientId() pulumi.StringPtrOutput

When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.

func (RoleMapperOutput) ElementType 

func (RoleMapperOutput) ElementType() reflect.Type

func (RoleMapperOutput) LdapRolesDn added in v4.11.0 

func (o RoleMapperOutput) LdapRolesDn() pulumi.StringOutput

The LDAP DN where roles can be found.

func (RoleMapperOutput) LdapUserFederationId added in v4.11.0 

func (o RoleMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (RoleMapperOutput) MemberofLdapAttribute added in v4.11.0 

func (o RoleMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput

Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when

func (RoleMapperOutput) MembershipAttributeType added in v4.11.0 

func (o RoleMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput

Can be one of `DN` or `UID`. Defaults to `DN`.

func (RoleMapperOutput) MembershipLdapAttribute added in v4.11.0 

func (o RoleMapperOutput) MembershipLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used for membership mappings.

func (RoleMapperOutput) MembershipUserLdapAttribute added in v4.11.0 

func (o RoleMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute on a user that is used for membership mappings.

func (RoleMapperOutput) Mode added in v4.11.0 

func (o RoleMapperOutput) Mode() pulumi.StringPtrOutput

Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.

func (RoleMapperOutput) Name added in v4.11.0 

func (o RoleMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (RoleMapperOutput) RealmId added in v4.11.0 

func (o RoleMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (RoleMapperOutput) RoleNameLdapAttribute added in v4.11.0 

func (o RoleMapperOutput) RoleNameLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.

func (RoleMapperOutput) RoleObjectClasses added in v4.11.0 

func (o RoleMapperOutput) RoleObjectClasses() pulumi.StringArrayOutput

List of strings representing the object classes for the role. Must contain at least one.

func (RoleMapperOutput) RolesLdapFilter added in v4.11.0 

func (o RoleMapperOutput) RolesLdapFilter() pulumi.StringPtrOutput

When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.

func (RoleMapperOutput) ToRoleMapperOutput 

func (o RoleMapperOutput) ToRoleMapperOutput() RoleMapperOutput

func (RoleMapperOutput) ToRoleMapperOutputWithContext 

func (o RoleMapperOutput) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput

func (RoleMapperOutput) UseRealmRolesMapping added in v4.11.0 

func (o RoleMapperOutput) UseRealmRolesMapping() pulumi.BoolPtrOutput

When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.

func (RoleMapperOutput) UserRolesRetrieveStrategy added in v4.11.0 

func (o RoleMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput

Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.

type RoleMapperState 

type RoleMapperState struct {
	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrInput
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringPtrInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringPtrInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringPtrInput
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrInput
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrInput
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

func (RoleMapperState) ElementType 

func (RoleMapperState) ElementType() reflect.Type

type UserAttributeMapper 

type UserAttributeMapper struct {
	pulumi.CustomResourceState

	// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.
	AlwaysReadValueFromLdap pulumi.BoolPtrOutput `pulumi:"alwaysReadValueFromLdap"`
	// When `true`, this attribute must exist in LDAP. Defaults to `false`.
	IsMandatoryInLdap pulumi.BoolPtrOutput `pulumi:"isMandatoryInLdap"`
	// Name of the mapped attribute on the LDAP object.
	LdapAttribute pulumi.StringOutput `pulumi:"ldapAttribute"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.
	ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// Name of the user property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringOutput `pulumi:"userModelAttribute"`
}

Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP.

The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewUserAttributeMapper(ctx, "ldapUserAttributeMapper", &ldap.UserAttributeMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			UserModelAttribute:   pulumi.String("foo"),
			LdapAttribute:        pulumi.String("bar"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

```sh 

$ pulumi import keycloak:ldap/userAttributeMapper:UserAttributeMapper ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

```

func GetUserAttributeMapper 

func GetUserAttributeMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAttributeMapperState, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)

GetUserAttributeMapper gets an existing UserAttributeMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAttributeMapper 

func NewUserAttributeMapper(ctx *pulumi.Context,
	name string, args *UserAttributeMapperArgs, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)

NewUserAttributeMapper registers a new resource with the given unique name, arguments, and options.

func (*UserAttributeMapper) ElementType 

func (*UserAttributeMapper) ElementType() reflect.Type

func (*UserAttributeMapper) ToUserAttributeMapperOutput 

func (i *UserAttributeMapper) ToUserAttributeMapperOutput() UserAttributeMapperOutput

func (*UserAttributeMapper) ToUserAttributeMapperOutputWithContext 

func (i *UserAttributeMapper) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput

type UserAttributeMapperArgs 

type UserAttributeMapperArgs struct {
	// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.
	AlwaysReadValueFromLdap pulumi.BoolPtrInput
	// When `true`, this attribute must exist in LDAP. Defaults to `false`.
	IsMandatoryInLdap pulumi.BoolPtrInput
	// Name of the mapped attribute on the LDAP object.
	LdapAttribute pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.
	ReadOnly pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// Name of the user property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringInput
}

The set of arguments for constructing a UserAttributeMapper resource.

func (UserAttributeMapperArgs) ElementType 

func (UserAttributeMapperArgs) ElementType() reflect.Type

type UserAttributeMapperArray 

type UserAttributeMapperArray []UserAttributeMapperInput

func (UserAttributeMapperArray) ElementType 

func (UserAttributeMapperArray) ElementType() reflect.Type

func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutput 

func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput

func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext 

func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput

type UserAttributeMapperArrayInput 

type UserAttributeMapperArrayInput interface {
	pulumi.Input

	ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput
	ToUserAttributeMapperArrayOutputWithContext(context.Context) UserAttributeMapperArrayOutput
}

UserAttributeMapperArrayInput is an input type that accepts UserAttributeMapperArray and UserAttributeMapperArrayOutput values. You can construct a concrete instance of `UserAttributeMapperArrayInput` via: 

UserAttributeMapperArray{ UserAttributeMapperArgs{...} }

type UserAttributeMapperArrayOutput 

type UserAttributeMapperArrayOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperArrayOutput) ElementType 

func (UserAttributeMapperArrayOutput) ElementType() reflect.Type

func (UserAttributeMapperArrayOutput) Index 

func (o UserAttributeMapperArrayOutput) Index(i pulumi.IntInput) UserAttributeMapperOutput

func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput 

func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput

func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext 

func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput

type UserAttributeMapperInput 

type UserAttributeMapperInput interface {
	pulumi.Input

	ToUserAttributeMapperOutput() UserAttributeMapperOutput
	ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput
}

type UserAttributeMapperMap 

type UserAttributeMapperMap map[string]UserAttributeMapperInput

func (UserAttributeMapperMap) ElementType 

func (UserAttributeMapperMap) ElementType() reflect.Type

func (UserAttributeMapperMap) ToUserAttributeMapperMapOutput 

func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput

func (UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext 

func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput

type UserAttributeMapperMapInput 

type UserAttributeMapperMapInput interface {
	pulumi.Input

	ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput
	ToUserAttributeMapperMapOutputWithContext(context.Context) UserAttributeMapperMapOutput
}

UserAttributeMapperMapInput is an input type that accepts UserAttributeMapperMap and UserAttributeMapperMapOutput values. You can construct a concrete instance of `UserAttributeMapperMapInput` via: 

UserAttributeMapperMap{ "key": UserAttributeMapperArgs{...} }

type UserAttributeMapperMapOutput 

type UserAttributeMapperMapOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperMapOutput) ElementType 

func (UserAttributeMapperMapOutput) ElementType() reflect.Type

func (UserAttributeMapperMapOutput) MapIndex 

func (o UserAttributeMapperMapOutput) MapIndex(k pulumi.StringInput) UserAttributeMapperOutput

func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput 

func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput

func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext 

func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput

type UserAttributeMapperOutput 

type UserAttributeMapperOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperOutput) AlwaysReadValueFromLdap added in v4.11.0 

func (o UserAttributeMapperOutput) AlwaysReadValueFromLdap() pulumi.BoolPtrOutput

When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.

func (UserAttributeMapperOutput) ElementType 

func (UserAttributeMapperOutput) ElementType() reflect.Type

func (UserAttributeMapperOutput) IsMandatoryInLdap added in v4.11.0 

func (o UserAttributeMapperOutput) IsMandatoryInLdap() pulumi.BoolPtrOutput

When `true`, this attribute must exist in LDAP. Defaults to `false`.

func (UserAttributeMapperOutput) LdapAttribute added in v4.11.0 

func (o UserAttributeMapperOutput) LdapAttribute() pulumi.StringOutput

Name of the mapped attribute on the LDAP object.

func (UserAttributeMapperOutput) LdapUserFederationId added in v4.11.0 

func (o UserAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (UserAttributeMapperOutput) Name added in v4.11.0 

func (o UserAttributeMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (UserAttributeMapperOutput) ReadOnly added in v4.11.0 

func (o UserAttributeMapperOutput) ReadOnly() pulumi.BoolPtrOutput

When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.

func (UserAttributeMapperOutput) RealmId added in v4.11.0 

func (o UserAttributeMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (UserAttributeMapperOutput) ToUserAttributeMapperOutput 

func (o UserAttributeMapperOutput) ToUserAttributeMapperOutput() UserAttributeMapperOutput

func (UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext 

func (o UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput

func (UserAttributeMapperOutput) UserModelAttribute added in v4.11.0 

func (o UserAttributeMapperOutput) UserModelAttribute() pulumi.StringOutput

Name of the user property or attribute you want to map the LDAP attribute into.

type UserAttributeMapperState 

type UserAttributeMapperState struct {
	// When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.
	AlwaysReadValueFromLdap pulumi.BoolPtrInput
	// When `true`, this attribute must exist in LDAP. Defaults to `false`.
	IsMandatoryInLdap pulumi.BoolPtrInput
	// Name of the mapped attribute on the LDAP object.
	LdapAttribute pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.
	ReadOnly pulumi.BoolPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// Name of the user property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringPtrInput
}

func (UserAttributeMapperState) ElementType 

func (UserAttributeMapperState) ElementType() reflect.Type

type UserFederation 

type UserFederation struct {
	pulumi.CustomResourceState

	// The number of users to sync within a single transaction. Defaults to `1000`.
	BatchSizeForSync pulumi.IntPtrOutput `pulumi:"batchSizeForSync"`
	// Password of LDAP admin. This attribute must be set if `bindDn` is set.
	BindCredential pulumi.StringPtrOutput `pulumi:"bindCredential"`
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set.
	BindDn pulumi.StringPtrOutput `pulumi:"bindDn"`
	// A block containing the cache settings.
	Cache UserFederationCachePtrOutput `pulumi:"cache"`
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
	ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"`
	// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ConnectionTimeout pulumi.StringPtrOutput `pulumi:"connectionTimeout"`
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringOutput `pulumi:"connectionUrl"`
	// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
	CustomUserSearchFilter pulumi.StringPtrOutput `pulumi:"customUserSearchFilter"`
	// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
	EditMode pulumi.StringPtrOutput `pulumi:"editMode"`
	// When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrOutput `pulumi:"fullSyncPeriod"`
	// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
	ImportEnabled pulumi.BoolPtrOutput `pulumi:"importEnabled"`
	// A block containing the kerberos settings.
	Kerberos UserFederationKerberosPtrOutput `pulumi:"kerberos"`
	// Display name of the provider when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
	Pagination pulumi.BoolPtrOutput `pulumi:"pagination"`
	// Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
	Priority pulumi.IntPtrOutput `pulumi:"priority"`
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringOutput `pulumi:"rdnLdapAttribute"`
	// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ReadTimeout pulumi.StringPtrOutput `pulumi:"readTimeout"`
	// The realm that this provider will provide user federation for.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// Can be one of `ONE_LEVEL` or `SUBTREE`:
	// - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`.
	// - `SUBTREE`: Search entire LDAP subtree.
	SearchScope pulumi.StringPtrOutput `pulumi:"searchScope"`
	// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrOutput `pulumi:"startTls"`
	// When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
	SyncRegistrations pulumi.BoolPtrOutput `pulumi:"syncRegistrations"`
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrOutput `pulumi:"usePasswordModifyExtendedOp"`
	// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
	UseTruststoreSpi pulumi.StringPtrOutput `pulumi:"useTruststoreSpi"`
	// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
	UserObjectClasses pulumi.StringArrayOutput `pulumi:"userObjectClasses"`
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringOutput `pulumi:"usernameLdapAttribute"`
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringOutput `pulumi:"usersDn"`
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringOutput `pulumi:"uuidLdapAttribute"`
	// When `true`, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrOutput `pulumi:"validatePasswordPolicy"`
	// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
	Vendor pulumi.StringPtrOutput `pulumi:"vendor"`
}

Allows for creating and managing LDAP user federation providers within Keycloak.

Keycloak can use an LDAP user federation provider to federate users to Keycloak from a directory system such as LDAP or Active Directory. Federated users will exist within the realm and will be able to log in to clients. Federated users can have their attributes defined using mappers.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			Enabled:               pulumi.Bool(true),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:     pulumi.String("ldap://openldap"),
			UsersDn:           pulumi.String("dc=example,dc=org"),
			BindDn:            pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential:    pulumi.String("admin"),
			ConnectionTimeout: pulumi.String("5s"),
			ReadTimeout:       pulumi.String("10s"),
			Kerberos: &ldap.UserFederationKerberosArgs{
				KerberosRealm:   pulumi.String("FOO.LOCAL"),
				ServerPrincipal: pulumi.String("HTTP/host.foo.com@FOO.LOCAL"),
				KeyTab:          pulumi.String("/etc/host.keytab"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUIDbash

```sh 

$ pulumi import keycloak:ldap/userFederation:UserFederation ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860

```

func GetUserFederation 

func GetUserFederation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserFederationState, opts ...pulumi.ResourceOption) (*UserFederation, error)

GetUserFederation gets an existing UserFederation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserFederation 

func NewUserFederation(ctx *pulumi.Context,
	name string, args *UserFederationArgs, opts ...pulumi.ResourceOption) (*UserFederation, error)

NewUserFederation registers a new resource with the given unique name, arguments, and options.

func (*UserFederation) ElementType 

func (*UserFederation) ElementType() reflect.Type

func (*UserFederation) ToUserFederationOutput 

func (i *UserFederation) ToUserFederationOutput() UserFederationOutput

func (*UserFederation) ToUserFederationOutputWithContext 

func (i *UserFederation) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput

type UserFederationArgs 

type UserFederationArgs struct {
	// The number of users to sync within a single transaction. Defaults to `1000`.
	BatchSizeForSync pulumi.IntPtrInput
	// Password of LDAP admin. This attribute must be set if `bindDn` is set.
	BindCredential pulumi.StringPtrInput
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set.
	BindDn pulumi.StringPtrInput
	// A block containing the cache settings.
	Cache UserFederationCachePtrInput
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
	ChangedSyncPeriod pulumi.IntPtrInput
	// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ConnectionTimeout pulumi.StringPtrInput
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringInput
	// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
	CustomUserSearchFilter pulumi.StringPtrInput
	// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
	EditMode pulumi.StringPtrInput
	// When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrInput
	// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
	ImportEnabled pulumi.BoolPtrInput
	// A block containing the kerberos settings.
	Kerberos UserFederationKerberosPtrInput
	// Display name of the provider when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
	Pagination pulumi.BoolPtrInput
	// Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
	Priority pulumi.IntPtrInput
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringInput
	// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ReadTimeout pulumi.StringPtrInput
	// The realm that this provider will provide user federation for.
	RealmId pulumi.StringInput
	// Can be one of `ONE_LEVEL` or `SUBTREE`:
	// - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`.
	// - `SUBTREE`: Search entire LDAP subtree.
	SearchScope pulumi.StringPtrInput
	// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrInput
	// When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
	SyncRegistrations pulumi.BoolPtrInput
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrInput
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrInput
	// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
	UseTruststoreSpi pulumi.StringPtrInput
	// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
	UserObjectClasses pulumi.StringArrayInput
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringInput
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringInput
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringInput
	// When `true`, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrInput
	// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
	Vendor pulumi.StringPtrInput
}

The set of arguments for constructing a UserFederation resource.

func (UserFederationArgs) ElementType 

func (UserFederationArgs) ElementType() reflect.Type

type UserFederationArray 

type UserFederationArray []UserFederationInput

func (UserFederationArray) ElementType 

func (UserFederationArray) ElementType() reflect.Type

func (UserFederationArray) ToUserFederationArrayOutput 

func (i UserFederationArray) ToUserFederationArrayOutput() UserFederationArrayOutput

func (UserFederationArray) ToUserFederationArrayOutputWithContext 

func (i UserFederationArray) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput

type UserFederationArrayInput 

type UserFederationArrayInput interface {
	pulumi.Input

	ToUserFederationArrayOutput() UserFederationArrayOutput
	ToUserFederationArrayOutputWithContext(context.Context) UserFederationArrayOutput
}

UserFederationArrayInput is an input type that accepts UserFederationArray and UserFederationArrayOutput values. You can construct a concrete instance of `UserFederationArrayInput` via: 

UserFederationArray{ UserFederationArgs{...} }

type UserFederationArrayOutput 

type UserFederationArrayOutput struct{ *pulumi.OutputState }

func (UserFederationArrayOutput) ElementType 

func (UserFederationArrayOutput) ElementType() reflect.Type

func (UserFederationArrayOutput) Index 

func (o UserFederationArrayOutput) Index(i pulumi.IntInput) UserFederationOutput

func (UserFederationArrayOutput) ToUserFederationArrayOutput 

func (o UserFederationArrayOutput) ToUserFederationArrayOutput() UserFederationArrayOutput

func (UserFederationArrayOutput) ToUserFederationArrayOutputWithContext 

func (o UserFederationArrayOutput) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput

type UserFederationCache 

type UserFederationCache struct {
	// Day of the week the entry will become invalid on
	EvictionDay *int `pulumi:"evictionDay"`
	// Hour of day the entry will become invalid on.
	EvictionHour *int `pulumi:"evictionHour"`
	// Minute of day the entry will become invalid on.
	EvictionMinute *int `pulumi:"evictionMinute"`
	// Max lifespan of cache entry (duration string).
	MaxLifespan *string `pulumi:"maxLifespan"`
	// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.
	Policy *string `pulumi:"policy"`
}

type UserFederationCacheArgs 

type UserFederationCacheArgs struct {
	// Day of the week the entry will become invalid on
	EvictionDay pulumi.IntPtrInput `pulumi:"evictionDay"`
	// Hour of day the entry will become invalid on.
	EvictionHour pulumi.IntPtrInput `pulumi:"evictionHour"`
	// Minute of day the entry will become invalid on.
	EvictionMinute pulumi.IntPtrInput `pulumi:"evictionMinute"`
	// Max lifespan of cache entry (duration string).
	MaxLifespan pulumi.StringPtrInput `pulumi:"maxLifespan"`
	// Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.
	Policy pulumi.StringPtrInput `pulumi:"policy"`
}

func (UserFederationCacheArgs) ElementType 

func (UserFederationCacheArgs) ElementType() reflect.Type

func (UserFederationCacheArgs) ToUserFederationCacheOutput 

func (i UserFederationCacheArgs) ToUserFederationCacheOutput() UserFederationCacheOutput

func (UserFederationCacheArgs) ToUserFederationCacheOutputWithContext 

func (i UserFederationCacheArgs) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput

func (UserFederationCacheArgs) ToUserFederationCachePtrOutput 

func (i UserFederationCacheArgs) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext 

func (i UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationCacheInput 

type UserFederationCacheInput interface {
	pulumi.Input

	ToUserFederationCacheOutput() UserFederationCacheOutput
	ToUserFederationCacheOutputWithContext(context.Context) UserFederationCacheOutput
}

UserFederationCacheInput is an input type that accepts UserFederationCacheArgs and UserFederationCacheOutput values. You can construct a concrete instance of `UserFederationCacheInput` via: 

UserFederationCacheArgs{...}

type UserFederationCacheOutput 

type UserFederationCacheOutput struct{ *pulumi.OutputState }

func (UserFederationCacheOutput) ElementType 

func (UserFederationCacheOutput) ElementType() reflect.Type

func (UserFederationCacheOutput) EvictionDay 

func (o UserFederationCacheOutput) EvictionDay() pulumi.IntPtrOutput

Day of the week the entry will become invalid on

func (UserFederationCacheOutput) EvictionHour 

func (o UserFederationCacheOutput) EvictionHour() pulumi.IntPtrOutput

Hour of day the entry will become invalid on.

func (UserFederationCacheOutput) EvictionMinute 

func (o UserFederationCacheOutput) EvictionMinute() pulumi.IntPtrOutput

Minute of day the entry will become invalid on.

func (UserFederationCacheOutput) MaxLifespan 

func (o UserFederationCacheOutput) MaxLifespan() pulumi.StringPtrOutput

Max lifespan of cache entry (duration string).

func (UserFederationCacheOutput) Policy 

func (o UserFederationCacheOutput) Policy() pulumi.StringPtrOutput

Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.

func (UserFederationCacheOutput) ToUserFederationCacheOutput 

func (o UserFederationCacheOutput) ToUserFederationCacheOutput() UserFederationCacheOutput

func (UserFederationCacheOutput) ToUserFederationCacheOutputWithContext 

func (o UserFederationCacheOutput) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput

func (UserFederationCacheOutput) ToUserFederationCachePtrOutput 

func (o UserFederationCacheOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext 

func (o UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationCachePtrInput 

type UserFederationCachePtrInput interface {
	pulumi.Input

	ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
	ToUserFederationCachePtrOutputWithContext(context.Context) UserFederationCachePtrOutput
}

UserFederationCachePtrInput is an input type that accepts UserFederationCacheArgs, UserFederationCachePtr and UserFederationCachePtrOutput values. You can construct a concrete instance of `UserFederationCachePtrInput` via: 

        UserFederationCacheArgs{...}

or:

        nil

func UserFederationCachePtr 

func UserFederationCachePtr(v *UserFederationCacheArgs) UserFederationCachePtrInput

type UserFederationCachePtrOutput 

type UserFederationCachePtrOutput struct{ *pulumi.OutputState }

func (UserFederationCachePtrOutput) Elem 

func (o UserFederationCachePtrOutput) Elem() UserFederationCacheOutput

func (UserFederationCachePtrOutput) ElementType 

func (UserFederationCachePtrOutput) ElementType() reflect.Type

func (UserFederationCachePtrOutput) EvictionDay 

func (o UserFederationCachePtrOutput) EvictionDay() pulumi.IntPtrOutput

Day of the week the entry will become invalid on

func (UserFederationCachePtrOutput) EvictionHour 

func (o UserFederationCachePtrOutput) EvictionHour() pulumi.IntPtrOutput

Hour of day the entry will become invalid on.

func (UserFederationCachePtrOutput) EvictionMinute 

func (o UserFederationCachePtrOutput) EvictionMinute() pulumi.IntPtrOutput

Minute of day the entry will become invalid on.

func (UserFederationCachePtrOutput) MaxLifespan 

func (o UserFederationCachePtrOutput) MaxLifespan() pulumi.StringPtrOutput

Max lifespan of cache entry (duration string).

func (UserFederationCachePtrOutput) Policy 

func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput

Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.

func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutput 

func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext 

func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationInput 

type UserFederationInput interface {
	pulumi.Input

	ToUserFederationOutput() UserFederationOutput
	ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput
}

type UserFederationKerberos 

type UserFederationKerberos struct {
	// The name of the kerberos realm, e.g. FOO.LOCAL.
	KerberosRealm string `pulumi:"kerberosRealm"`
	// Path to the kerberos keytab file on the server with credentials of the service principal.
	KeyTab string `pulumi:"keyTab"`
	// The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
	ServerPrincipal string `pulumi:"serverPrincipal"`
	// Use kerberos login module instead of ldap service api. Defaults to `false`.
	UseKerberosForPasswordAuthentication *bool `pulumi:"useKerberosForPasswordAuthentication"`
}

type UserFederationKerberosArgs 

type UserFederationKerberosArgs struct {
	// The name of the kerberos realm, e.g. FOO.LOCAL.
	KerberosRealm pulumi.StringInput `pulumi:"kerberosRealm"`
	// Path to the kerberos keytab file on the server with credentials of the service principal.
	KeyTab pulumi.StringInput `pulumi:"keyTab"`
	// The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
	ServerPrincipal pulumi.StringInput `pulumi:"serverPrincipal"`
	// Use kerberos login module instead of ldap service api. Defaults to `false`.
	UseKerberosForPasswordAuthentication pulumi.BoolPtrInput `pulumi:"useKerberosForPasswordAuthentication"`
}

func (UserFederationKerberosArgs) ElementType 

func (UserFederationKerberosArgs) ElementType() reflect.Type

func (UserFederationKerberosArgs) ToUserFederationKerberosOutput 

func (i UserFederationKerberosArgs) ToUserFederationKerberosOutput() UserFederationKerberosOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext 

func (i UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput 

func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext 

func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

type UserFederationKerberosInput 

type UserFederationKerberosInput interface {
	pulumi.Input

	ToUserFederationKerberosOutput() UserFederationKerberosOutput
	ToUserFederationKerberosOutputWithContext(context.Context) UserFederationKerberosOutput
}

UserFederationKerberosInput is an input type that accepts UserFederationKerberosArgs and UserFederationKerberosOutput values. You can construct a concrete instance of `UserFederationKerberosInput` via: 

UserFederationKerberosArgs{...}

type UserFederationKerberosOutput 

type UserFederationKerberosOutput struct{ *pulumi.OutputState }

func (UserFederationKerberosOutput) ElementType 

func (UserFederationKerberosOutput) ElementType() reflect.Type

func (UserFederationKerberosOutput) KerberosRealm 

func (o UserFederationKerberosOutput) KerberosRealm() pulumi.StringOutput

The name of the kerberos realm, e.g. FOO.LOCAL.

func (UserFederationKerberosOutput) KeyTab 

func (o UserFederationKerberosOutput) KeyTab() pulumi.StringOutput

Path to the kerberos keytab file on the server with credentials of the service principal.

func (UserFederationKerberosOutput) ServerPrincipal 

func (o UserFederationKerberosOutput) ServerPrincipal() pulumi.StringOutput

The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.

func (UserFederationKerberosOutput) ToUserFederationKerberosOutput 

func (o UserFederationKerberosOutput) ToUserFederationKerberosOutput() UserFederationKerberosOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext 

func (o UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput 

func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext 

func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

func (UserFederationKerberosOutput) UseKerberosForPasswordAuthentication 

func (o UserFederationKerberosOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput

Use kerberos login module instead of ldap service api. Defaults to `false`.

type UserFederationKerberosPtrInput 

type UserFederationKerberosPtrInput interface {
	pulumi.Input

	ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
	ToUserFederationKerberosPtrOutputWithContext(context.Context) UserFederationKerberosPtrOutput
}

UserFederationKerberosPtrInput is an input type that accepts UserFederationKerberosArgs, UserFederationKerberosPtr and UserFederationKerberosPtrOutput values. You can construct a concrete instance of `UserFederationKerberosPtrInput` via: 

        UserFederationKerberosArgs{...}

or:

        nil

func UserFederationKerberosPtr 

func UserFederationKerberosPtr(v *UserFederationKerberosArgs) UserFederationKerberosPtrInput

type UserFederationKerberosPtrOutput 

type UserFederationKerberosPtrOutput struct{ *pulumi.OutputState }

func (UserFederationKerberosPtrOutput) Elem 

func (o UserFederationKerberosPtrOutput) Elem() UserFederationKerberosOutput

func (UserFederationKerberosPtrOutput) ElementType 

func (UserFederationKerberosPtrOutput) ElementType() reflect.Type

func (UserFederationKerberosPtrOutput) KerberosRealm 

func (o UserFederationKerberosPtrOutput) KerberosRealm() pulumi.StringPtrOutput

The name of the kerberos realm, e.g. FOO.LOCAL.

func (UserFederationKerberosPtrOutput) KeyTab 

func (o UserFederationKerberosPtrOutput) KeyTab() pulumi.StringPtrOutput

Path to the kerberos keytab file on the server with credentials of the service principal.

func (UserFederationKerberosPtrOutput) ServerPrincipal 

func (o UserFederationKerberosPtrOutput) ServerPrincipal() pulumi.StringPtrOutput

The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.

func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput 

func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext 

func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

func (UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication 

func (o UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput

Use kerberos login module instead of ldap service api. Defaults to `false`.

type UserFederationMap 

type UserFederationMap map[string]UserFederationInput

func (UserFederationMap) ElementType 

func (UserFederationMap) ElementType() reflect.Type

func (UserFederationMap) ToUserFederationMapOutput 

func (i UserFederationMap) ToUserFederationMapOutput() UserFederationMapOutput

func (UserFederationMap) ToUserFederationMapOutputWithContext 

func (i UserFederationMap) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput

type UserFederationMapInput 

type UserFederationMapInput interface {
	pulumi.Input

	ToUserFederationMapOutput() UserFederationMapOutput
	ToUserFederationMapOutputWithContext(context.Context) UserFederationMapOutput
}

UserFederationMapInput is an input type that accepts UserFederationMap and UserFederationMapOutput values. You can construct a concrete instance of `UserFederationMapInput` via: 

UserFederationMap{ "key": UserFederationArgs{...} }

type UserFederationMapOutput 

type UserFederationMapOutput struct{ *pulumi.OutputState }

func (UserFederationMapOutput) ElementType 

func (UserFederationMapOutput) ElementType() reflect.Type

func (UserFederationMapOutput) MapIndex 

func (o UserFederationMapOutput) MapIndex(k pulumi.StringInput) UserFederationOutput

func (UserFederationMapOutput) ToUserFederationMapOutput 

func (o UserFederationMapOutput) ToUserFederationMapOutput() UserFederationMapOutput

func (UserFederationMapOutput) ToUserFederationMapOutputWithContext 

func (o UserFederationMapOutput) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput

type UserFederationOutput 

type UserFederationOutput struct{ *pulumi.OutputState }

func (UserFederationOutput) BatchSizeForSync added in v4.11.0 

func (o UserFederationOutput) BatchSizeForSync() pulumi.IntPtrOutput

The number of users to sync within a single transaction. Defaults to `1000`.

func (UserFederationOutput) BindCredential added in v4.11.0 

func (o UserFederationOutput) BindCredential() pulumi.StringPtrOutput

Password of LDAP admin. This attribute must be set if `bindDn` is set.

func (UserFederationOutput) BindDn added in v4.11.0 

func (o UserFederationOutput) BindDn() pulumi.StringPtrOutput

DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set.

func (UserFederationOutput) Cache added in v4.11.0 

func (o UserFederationOutput) Cache() UserFederationCachePtrOutput

A block containing the cache settings.

func (UserFederationOutput) ChangedSyncPeriod added in v4.11.0 

func (o UserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput

How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.

func (UserFederationOutput) ConnectionTimeout added in v4.11.0 

func (o UserFederationOutput) ConnectionTimeout() pulumi.StringPtrOutput

LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).

func (UserFederationOutput) ConnectionUrl added in v4.11.0 

func (o UserFederationOutput) ConnectionUrl() pulumi.StringOutput

Connection URL to the LDAP server.

func (UserFederationOutput) CustomUserSearchFilter added in v4.11.0 

func (o UserFederationOutput) CustomUserSearchFilter() pulumi.StringPtrOutput

Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.

func (UserFederationOutput) EditMode added in v4.11.0 

func (o UserFederationOutput) EditMode() pulumi.StringPtrOutput

Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.

func (UserFederationOutput) ElementType 

func (UserFederationOutput) ElementType() reflect.Type

func (UserFederationOutput) Enabled added in v4.11.0 

func (o UserFederationOutput) Enabled() pulumi.BoolPtrOutput

When `false`, this provider will not be used when performing queries for users. Defaults to `true`.

func (UserFederationOutput) FullSyncPeriod added in v4.11.0 

func (o UserFederationOutput) FullSyncPeriod() pulumi.IntPtrOutput

How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.

func (UserFederationOutput) ImportEnabled added in v4.11.0 

func (o UserFederationOutput) ImportEnabled() pulumi.BoolPtrOutput

When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.

func (UserFederationOutput) Kerberos added in v4.11.0 

func (o UserFederationOutput) Kerberos() UserFederationKerberosPtrOutput

A block containing the kerberos settings.

func (UserFederationOutput) Name added in v4.11.0 

func (o UserFederationOutput) Name() pulumi.StringOutput

Display name of the provider when displayed in the console.

func (UserFederationOutput) Pagination added in v4.11.0 

func (o UserFederationOutput) Pagination() pulumi.BoolPtrOutput

When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.

func (UserFederationOutput) Priority added in v4.11.0 

func (o UserFederationOutput) Priority() pulumi.IntPtrOutput

Priority of this provider when looking up users. Lower values are first. Defaults to `0`.

func (UserFederationOutput) RdnLdapAttribute added in v4.11.0 

func (o UserFederationOutput) RdnLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as the relative distinguished name.

func (UserFederationOutput) ReadTimeout added in v4.11.0 

func (o UserFederationOutput) ReadTimeout() pulumi.StringPtrOutput

LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).

func (UserFederationOutput) RealmId added in v4.11.0 

func (o UserFederationOutput) RealmId() pulumi.StringOutput

The realm that this provider will provide user federation for.

func (UserFederationOutput) SearchScope added in v4.11.0 

func (o UserFederationOutput) SearchScope() pulumi.StringPtrOutput

Can be one of `ONE_LEVEL` or `SUBTREE`: - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`. - `SUBTREE`: Search entire LDAP subtree.

func (UserFederationOutput) StartTls added in v4.11.0 

func (o UserFederationOutput) StartTls() pulumi.BoolPtrOutput

When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.

func (UserFederationOutput) SyncRegistrations added in v4.11.0 

func (o UserFederationOutput) SyncRegistrations() pulumi.BoolPtrOutput

When `true`, newly created users will be synced back to LDAP. Defaults to `false`.

func (UserFederationOutput) ToUserFederationOutput 

func (o UserFederationOutput) ToUserFederationOutput() UserFederationOutput

func (UserFederationOutput) ToUserFederationOutputWithContext 

func (o UserFederationOutput) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput

func (UserFederationOutput) TrustEmail added in v4.11.0 

func (o UserFederationOutput) TrustEmail() pulumi.BoolPtrOutput

If enabled, email provided by this provider is not verified even if verification is enabled for the realm.

func (UserFederationOutput) UsePasswordModifyExtendedOp added in v4.11.0 

func (o UserFederationOutput) UsePasswordModifyExtendedOp() pulumi.BoolPtrOutput

When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).

func (UserFederationOutput) UseTruststoreSpi added in v4.11.0 

func (o UserFederationOutput) UseTruststoreSpi() pulumi.StringPtrOutput

Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:

func (UserFederationOutput) UserObjectClasses added in v4.11.0 

func (o UserFederationOutput) UserObjectClasses() pulumi.StringArrayOutput

Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.

func (UserFederationOutput) UsernameLdapAttribute added in v4.11.0 

func (o UserFederationOutput) UsernameLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as the Keycloak username.

func (UserFederationOutput) UsersDn added in v4.11.0 

func (o UserFederationOutput) UsersDn() pulumi.StringOutput

Full DN of LDAP tree where your users are.

func (UserFederationOutput) UuidLdapAttribute added in v4.11.0 

func (o UserFederationOutput) UuidLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.

func (UserFederationOutput) ValidatePasswordPolicy added in v4.11.0 

func (o UserFederationOutput) ValidatePasswordPolicy() pulumi.BoolPtrOutput

When `true`, Keycloak will validate passwords using the realm policy before updating it.

func (UserFederationOutput) Vendor added in v4.11.0 

func (o UserFederationOutput) Vendor() pulumi.StringPtrOutput

Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.

type UserFederationState 

type UserFederationState struct {
	// The number of users to sync within a single transaction. Defaults to `1000`.
	BatchSizeForSync pulumi.IntPtrInput
	// Password of LDAP admin. This attribute must be set if `bindDn` is set.
	BindCredential pulumi.StringPtrInput
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set.
	BindDn pulumi.StringPtrInput
	// A block containing the cache settings.
	Cache UserFederationCachePtrInput
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.
	ChangedSyncPeriod pulumi.IntPtrInput
	// LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ConnectionTimeout pulumi.StringPtrInput
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringPtrInput
	// Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.
	CustomUserSearchFilter pulumi.StringPtrInput
	// Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.
	EditMode pulumi.StringPtrInput
	// When `false`, this provider will not be used when performing queries for users. Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrInput
	// When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.
	ImportEnabled pulumi.BoolPtrInput
	// A block containing the kerberos settings.
	Kerberos UserFederationKerberosPtrInput
	// Display name of the provider when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.
	Pagination pulumi.BoolPtrInput
	// Priority of this provider when looking up users. Lower values are first. Defaults to `0`.
	Priority pulumi.IntPtrInput
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringPtrInput
	// LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).
	ReadTimeout pulumi.StringPtrInput
	// The realm that this provider will provide user federation for.
	RealmId pulumi.StringPtrInput
	// Can be one of `ONE_LEVEL` or `SUBTREE`:
	// - `ONE_LEVEL`: Only search for users in the DN specified by `userDn`.
	// - `SUBTREE`: Search entire LDAP subtree.
	SearchScope pulumi.StringPtrInput
	// When `true`, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrInput
	// When `true`, newly created users will be synced back to LDAP. Defaults to `false`.
	SyncRegistrations pulumi.BoolPtrInput
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrInput
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrInput
	// Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:
	UseTruststoreSpi pulumi.StringPtrInput
	// Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.
	UserObjectClasses pulumi.StringArrayInput
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringPtrInput
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringPtrInput
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringPtrInput
	// When `true`, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrInput
	// Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OTHER`.
	Vendor pulumi.StringPtrInput
}

func (UserFederationState) ElementType 

func (UserFederationState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.