ldap

package
v5.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CustomMapper added in v5.3.0 

type CustomMapper struct {
	pulumi.CustomResourceState

	// A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.
	Config pulumi.MapOutput `pulumi:"config"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The id of the LDAP mapper implemented in MapperFactory.
	ProviderId pulumi.StringOutput `pulumi:"providerId"`
	// The fully-qualified Java class name of the custom LDAP mapper.
	ProviderType pulumi.StringOutput `pulumi:"providerType"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.

The LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to specify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional properties via config map.

The custom mapper should already be deployed into keycloak in order to be correctly configured.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewCustomMapper(ctx, "customMapper", &ldap.CustomMapperArgs{
			RealmId:              pulumi.Any(keycloak_ldap_user_federation.Openldap.Realm_id),
			LdapUserFederationId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Id),
			ProviderId:           pulumi.String("custom-provider-registered-in-keycloak"),
			ProviderType:         pulumi.String("com.example.custom.ldap.mappers.CustomMapper"),
			Config: pulumi.Map{
				"attribute.name":  pulumi.Any("name"),
				"attribute.value": pulumi.Any("value"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.

The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.

Example:

bash

```sh $ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 ```

func GetCustomMapper added in v5.3.0 

func GetCustomMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CustomMapperState, opts ...pulumi.ResourceOption) (*CustomMapper, error)

GetCustomMapper gets an existing CustomMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCustomMapper added in v5.3.0 

func NewCustomMapper(ctx *pulumi.Context,
	name string, args *CustomMapperArgs, opts ...pulumi.ResourceOption) (*CustomMapper, error)

NewCustomMapper registers a new resource with the given unique name, arguments, and options.

func (*CustomMapper) ElementType added in v5.3.0 

func (*CustomMapper) ElementType() reflect.Type

func (*CustomMapper) ToCustomMapperOutput added in v5.3.0 

func (i *CustomMapper) ToCustomMapperOutput() CustomMapperOutput

func (*CustomMapper) ToCustomMapperOutputWithContext added in v5.3.0 

func (i *CustomMapper) ToCustomMapperOutputWithContext(ctx context.Context) CustomMapperOutput

type CustomMapperArgs added in v5.3.0 

type CustomMapperArgs struct {
	// A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.
	Config pulumi.MapInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The id of the LDAP mapper implemented in MapperFactory.
	ProviderId pulumi.StringInput
	// The fully-qualified Java class name of the custom LDAP mapper.
	ProviderType pulumi.StringInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a CustomMapper resource.

func (CustomMapperArgs) ElementType added in v5.3.0 

func (CustomMapperArgs) ElementType() reflect.Type

type CustomMapperArray added in v5.3.0 

type CustomMapperArray []CustomMapperInput

func (CustomMapperArray) ElementType added in v5.3.0 

func (CustomMapperArray) ElementType() reflect.Type

func (CustomMapperArray) ToCustomMapperArrayOutput added in v5.3.0 

func (i CustomMapperArray) ToCustomMapperArrayOutput() CustomMapperArrayOutput

func (CustomMapperArray) ToCustomMapperArrayOutputWithContext added in v5.3.0 

func (i CustomMapperArray) ToCustomMapperArrayOutputWithContext(ctx context.Context) CustomMapperArrayOutput

type CustomMapperArrayInput added in v5.3.0 

type CustomMapperArrayInput interface {
	pulumi.Input

	ToCustomMapperArrayOutput() CustomMapperArrayOutput
	ToCustomMapperArrayOutputWithContext(context.Context) CustomMapperArrayOutput
}

CustomMapperArrayInput is an input type that accepts CustomMapperArray and CustomMapperArrayOutput values. You can construct a concrete instance of `CustomMapperArrayInput` via: 

CustomMapperArray{ CustomMapperArgs{...} }

type CustomMapperArrayOutput added in v5.3.0 

type CustomMapperArrayOutput struct{ *pulumi.OutputState }

func (CustomMapperArrayOutput) ElementType added in v5.3.0 

func (CustomMapperArrayOutput) ElementType() reflect.Type

func (CustomMapperArrayOutput) Index added in v5.3.0 

func (o CustomMapperArrayOutput) Index(i pulumi.IntInput) CustomMapperOutput

func (CustomMapperArrayOutput) ToCustomMapperArrayOutput added in v5.3.0 

func (o CustomMapperArrayOutput) ToCustomMapperArrayOutput() CustomMapperArrayOutput

func (CustomMapperArrayOutput) ToCustomMapperArrayOutputWithContext added in v5.3.0 

func (o CustomMapperArrayOutput) ToCustomMapperArrayOutputWithContext(ctx context.Context) CustomMapperArrayOutput

type CustomMapperInput added in v5.3.0 

type CustomMapperInput interface {
	pulumi.Input

	ToCustomMapperOutput() CustomMapperOutput
	ToCustomMapperOutputWithContext(ctx context.Context) CustomMapperOutput
}

type CustomMapperMap added in v5.3.0 

type CustomMapperMap map[string]CustomMapperInput

func (CustomMapperMap) ElementType added in v5.3.0 

func (CustomMapperMap) ElementType() reflect.Type

func (CustomMapperMap) ToCustomMapperMapOutput added in v5.3.0 

func (i CustomMapperMap) ToCustomMapperMapOutput() CustomMapperMapOutput

func (CustomMapperMap) ToCustomMapperMapOutputWithContext added in v5.3.0 

func (i CustomMapperMap) ToCustomMapperMapOutputWithContext(ctx context.Context) CustomMapperMapOutput

type CustomMapperMapInput added in v5.3.0 

type CustomMapperMapInput interface {
	pulumi.Input

	ToCustomMapperMapOutput() CustomMapperMapOutput
	ToCustomMapperMapOutputWithContext(context.Context) CustomMapperMapOutput
}

CustomMapperMapInput is an input type that accepts CustomMapperMap and CustomMapperMapOutput values. You can construct a concrete instance of `CustomMapperMapInput` via: 

CustomMapperMap{ "key": CustomMapperArgs{...} }

type CustomMapperMapOutput added in v5.3.0 

type CustomMapperMapOutput struct{ *pulumi.OutputState }

func (CustomMapperMapOutput) ElementType added in v5.3.0 

func (CustomMapperMapOutput) ElementType() reflect.Type

func (CustomMapperMapOutput) MapIndex added in v5.3.0 

func (o CustomMapperMapOutput) MapIndex(k pulumi.StringInput) CustomMapperOutput

func (CustomMapperMapOutput) ToCustomMapperMapOutput added in v5.3.0 

func (o CustomMapperMapOutput) ToCustomMapperMapOutput() CustomMapperMapOutput

func (CustomMapperMapOutput) ToCustomMapperMapOutputWithContext added in v5.3.0 

func (o CustomMapperMapOutput) ToCustomMapperMapOutputWithContext(ctx context.Context) CustomMapperMapOutput

type CustomMapperOutput added in v5.3.0 

type CustomMapperOutput struct{ *pulumi.OutputState }

func (CustomMapperOutput) Config added in v5.3.0 

func (o CustomMapperOutput) Config() pulumi.MapOutput

A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.

func (CustomMapperOutput) ElementType added in v5.3.0 

func (CustomMapperOutput) ElementType() reflect.Type

func (CustomMapperOutput) LdapUserFederationId added in v5.3.0 

func (o CustomMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (CustomMapperOutput) Name added in v5.3.0 

func (o CustomMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (CustomMapperOutput) ProviderId added in v5.3.0 

func (o CustomMapperOutput) ProviderId() pulumi.StringOutput

The id of the LDAP mapper implemented in MapperFactory.

func (CustomMapperOutput) ProviderType added in v5.3.0 

func (o CustomMapperOutput) ProviderType() pulumi.StringOutput

The fully-qualified Java class name of the custom LDAP mapper.

func (CustomMapperOutput) RealmId added in v5.3.0 

func (o CustomMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (CustomMapperOutput) ToCustomMapperOutput added in v5.3.0 

func (o CustomMapperOutput) ToCustomMapperOutput() CustomMapperOutput

func (CustomMapperOutput) ToCustomMapperOutputWithContext added in v5.3.0 

func (o CustomMapperOutput) ToCustomMapperOutputWithContext(ctx context.Context) CustomMapperOutput

type CustomMapperState added in v5.3.0 

type CustomMapperState struct {
	// A map with key / value pairs for configuring the LDAP mapper. The supported keys depend on the protocol mapper.
	Config pulumi.MapInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The id of the LDAP mapper implemented in MapperFactory.
	ProviderId pulumi.StringPtrInput
	// The fully-qualified Java class name of the custom LDAP mapper.
	ProviderType pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (CustomMapperState) ElementType added in v5.3.0 

func (CustomMapperState) ElementType() reflect.Type

type FullNameMapper 

type FullNameMapper struct {
	pulumi.CustomResourceState

	LdapFullNameAttribute pulumi.StringOutput `pulumi:"ldapFullNameAttribute"`
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of the mapper when displayed in the console.
	Name     pulumi.StringOutput  `pulumi:"name"`
	ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"`
	// The realm in which the ldap user federation provider exists.
	RealmId   pulumi.StringOutput  `pulumi:"realmId"`
	WriteOnly pulumi.BoolPtrOutput `pulumi:"writeOnly"`
}

## # ldap.FullNameMapper

Allows for creating and managing full name mappers for Keycloak users federated via LDAP.

The LDAP full name mapper can map a user's full name from an LDAP attribute to the first and last name attributes of a Keycloak user.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Enabled: pulumi.Bool(true),
			Realm:   pulumi.String("test"),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			BindCredential:   pulumi.String("admin"),
			BindDn:           pulumi.String("cn=admin,dc=example,dc=org"),
			ConnectionUrl:    pulumi.String("ldap://openldap"),
			RdnLdapAttribute: pulumi.String("cn"),
			RealmId:          realm.ID(),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			UsernameLdapAttribute: pulumi.String("cn"),
			UsersDn:               pulumi.String("dc=example,dc=org"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewFullNameMapper(ctx, "ldapFullNameMapper", &ldap.FullNameMapperArgs{
			LdapFullNameAttribute: pulumi.String("cn"),
			LdapUserFederationId:  ldapUserFederation.ID(),
			RealmId:               realm.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this LDAP mapper will exist in. - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. - `name` - (Required) Display name of this mapper when displayed in the console. - `ldapFullNameAttribute` - (Required) The name of the LDAP attribute containing the user's full name. - `readOnly` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`. - `writeOnly` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.

### Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs:

func GetFullNameMapper 

func GetFullNameMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *FullNameMapperState, opts ...pulumi.ResourceOption) (*FullNameMapper, error)

GetFullNameMapper gets an existing FullNameMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewFullNameMapper 

func NewFullNameMapper(ctx *pulumi.Context,
	name string, args *FullNameMapperArgs, opts ...pulumi.ResourceOption) (*FullNameMapper, error)

NewFullNameMapper registers a new resource with the given unique name, arguments, and options.

func (*FullNameMapper) ElementType 

func (*FullNameMapper) ElementType() reflect.Type

func (*FullNameMapper) ToFullNameMapperOutput 

func (i *FullNameMapper) ToFullNameMapperOutput() FullNameMapperOutput

func (*FullNameMapper) ToFullNameMapperOutputWithContext 

func (i *FullNameMapper) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput

type FullNameMapperArgs 

type FullNameMapperArgs struct {
	LdapFullNameAttribute pulumi.StringInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of the mapper when displayed in the console.
	Name     pulumi.StringPtrInput
	ReadOnly pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId   pulumi.StringInput
	WriteOnly pulumi.BoolPtrInput
}

The set of arguments for constructing a FullNameMapper resource.

func (FullNameMapperArgs) ElementType 

func (FullNameMapperArgs) ElementType() reflect.Type

type FullNameMapperArray 

type FullNameMapperArray []FullNameMapperInput

func (FullNameMapperArray) ElementType 

func (FullNameMapperArray) ElementType() reflect.Type

func (FullNameMapperArray) ToFullNameMapperArrayOutput 

func (i FullNameMapperArray) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput

func (FullNameMapperArray) ToFullNameMapperArrayOutputWithContext 

func (i FullNameMapperArray) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput

type FullNameMapperArrayInput 

type FullNameMapperArrayInput interface {
	pulumi.Input

	ToFullNameMapperArrayOutput() FullNameMapperArrayOutput
	ToFullNameMapperArrayOutputWithContext(context.Context) FullNameMapperArrayOutput
}

FullNameMapperArrayInput is an input type that accepts FullNameMapperArray and FullNameMapperArrayOutput values. You can construct a concrete instance of `FullNameMapperArrayInput` via: 

FullNameMapperArray{ FullNameMapperArgs{...} }

type FullNameMapperArrayOutput 

type FullNameMapperArrayOutput struct{ *pulumi.OutputState }

func (FullNameMapperArrayOutput) ElementType 

func (FullNameMapperArrayOutput) ElementType() reflect.Type

func (FullNameMapperArrayOutput) Index 

func (o FullNameMapperArrayOutput) Index(i pulumi.IntInput) FullNameMapperOutput

func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutput 

func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutput() FullNameMapperArrayOutput

func (FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext 

func (o FullNameMapperArrayOutput) ToFullNameMapperArrayOutputWithContext(ctx context.Context) FullNameMapperArrayOutput

type FullNameMapperInput 

type FullNameMapperInput interface {
	pulumi.Input

	ToFullNameMapperOutput() FullNameMapperOutput
	ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput
}

type FullNameMapperMap 

type FullNameMapperMap map[string]FullNameMapperInput

func (FullNameMapperMap) ElementType 

func (FullNameMapperMap) ElementType() reflect.Type

func (FullNameMapperMap) ToFullNameMapperMapOutput 

func (i FullNameMapperMap) ToFullNameMapperMapOutput() FullNameMapperMapOutput

func (FullNameMapperMap) ToFullNameMapperMapOutputWithContext 

func (i FullNameMapperMap) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput

type FullNameMapperMapInput 

type FullNameMapperMapInput interface {
	pulumi.Input

	ToFullNameMapperMapOutput() FullNameMapperMapOutput
	ToFullNameMapperMapOutputWithContext(context.Context) FullNameMapperMapOutput
}

FullNameMapperMapInput is an input type that accepts FullNameMapperMap and FullNameMapperMapOutput values. You can construct a concrete instance of `FullNameMapperMapInput` via: 

FullNameMapperMap{ "key": FullNameMapperArgs{...} }

type FullNameMapperMapOutput 

type FullNameMapperMapOutput struct{ *pulumi.OutputState }

func (FullNameMapperMapOutput) ElementType 

func (FullNameMapperMapOutput) ElementType() reflect.Type

func (FullNameMapperMapOutput) MapIndex 

func (o FullNameMapperMapOutput) MapIndex(k pulumi.StringInput) FullNameMapperOutput

func (FullNameMapperMapOutput) ToFullNameMapperMapOutput 

func (o FullNameMapperMapOutput) ToFullNameMapperMapOutput() FullNameMapperMapOutput

func (FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext 

func (o FullNameMapperMapOutput) ToFullNameMapperMapOutputWithContext(ctx context.Context) FullNameMapperMapOutput

type FullNameMapperOutput 

type FullNameMapperOutput struct{ *pulumi.OutputState }

func (FullNameMapperOutput) ElementType 

func (FullNameMapperOutput) ElementType() reflect.Type

func (FullNameMapperOutput) LdapFullNameAttribute 

func (o FullNameMapperOutput) LdapFullNameAttribute() pulumi.StringOutput

func (FullNameMapperOutput) LdapUserFederationId 

func (o FullNameMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (FullNameMapperOutput) Name 

func (o FullNameMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (FullNameMapperOutput) ReadOnly 

func (o FullNameMapperOutput) ReadOnly() pulumi.BoolPtrOutput

func (FullNameMapperOutput) RealmId 

func (o FullNameMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (FullNameMapperOutput) ToFullNameMapperOutput 

func (o FullNameMapperOutput) ToFullNameMapperOutput() FullNameMapperOutput

func (FullNameMapperOutput) ToFullNameMapperOutputWithContext 

func (o FullNameMapperOutput) ToFullNameMapperOutputWithContext(ctx context.Context) FullNameMapperOutput

func (FullNameMapperOutput) WriteOnly 

func (o FullNameMapperOutput) WriteOnly() pulumi.BoolPtrOutput

type FullNameMapperState 

type FullNameMapperState struct {
	LdapFullNameAttribute pulumi.StringPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name     pulumi.StringPtrInput
	ReadOnly pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId   pulumi.StringPtrInput
	WriteOnly pulumi.BoolPtrInput
}

func (FullNameMapperState) ElementType 

func (FullNameMapperState) ElementType() reflect.Type

type GroupMapper 

type GroupMapper struct {
	pulumi.CustomResourceState

	DropNonExistingGroupsDuringSync pulumi.BoolPtrOutput     `pulumi:"dropNonExistingGroupsDuringSync"`
	GroupNameLdapAttribute          pulumi.StringOutput      `pulumi:"groupNameLdapAttribute"`
	GroupObjectClasses              pulumi.StringArrayOutput `pulumi:"groupObjectClasses"`
	GroupsLdapFilter                pulumi.StringPtrOutput   `pulumi:"groupsLdapFilter"`
	GroupsPath                      pulumi.StringOutput      `pulumi:"groupsPath"`
	IgnoreMissingGroups             pulumi.BoolPtrOutput     `pulumi:"ignoreMissingGroups"`
	LdapGroupsDn                    pulumi.StringOutput      `pulumi:"ldapGroupsDn"`
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId        pulumi.StringOutput      `pulumi:"ldapUserFederationId"`
	MappedGroupAttributes       pulumi.StringArrayOutput `pulumi:"mappedGroupAttributes"`
	MemberofLdapAttribute       pulumi.StringPtrOutput   `pulumi:"memberofLdapAttribute"`
	MembershipAttributeType     pulumi.StringPtrOutput   `pulumi:"membershipAttributeType"`
	MembershipLdapAttribute     pulumi.StringOutput      `pulumi:"membershipLdapAttribute"`
	MembershipUserLdapAttribute pulumi.StringOutput      `pulumi:"membershipUserLdapAttribute"`
	Mode                        pulumi.StringPtrOutput   `pulumi:"mode"`
	// Display name of the mapper when displayed in the console.
	Name                     pulumi.StringOutput  `pulumi:"name"`
	PreserveGroupInheritance pulumi.BoolPtrOutput `pulumi:"preserveGroupInheritance"`
	// The realm in which the ldap user federation provider exists.
	RealmId                   pulumi.StringOutput    `pulumi:"realmId"`
	UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"`
}

## # ldap.GroupMapper

Allows for creating and managing group mappers for Keycloak users federated via LDAP.

The LDAP group mapper can be used to map an LDAP user's groups from some DN to Keycloak groups. This group mapper will also create the groups within Keycloak if they do not already exist.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Enabled: pulumi.Bool(true),
			Realm:   pulumi.String("test"),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			BindCredential:   pulumi.String("admin"),
			BindDn:           pulumi.String("cn=admin,dc=example,dc=org"),
			ConnectionUrl:    pulumi.String("ldap://openldap"),
			RdnLdapAttribute: pulumi.String("cn"),
			RealmId:          realm.ID(),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			UsernameLdapAttribute: pulumi.String("cn"),
			UsersDn:               pulumi.String("dc=example,dc=org"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewGroupMapper(ctx, "ldapGroupMapper", &ldap.GroupMapperArgs{
			GroupNameLdapAttribute: pulumi.String("cn"),
			GroupObjectClasses: pulumi.StringArray{
				pulumi.String("groupOfNames"),
			},
			LdapGroupsDn:                pulumi.String("dc=example,dc=org"),
			LdapUserFederationId:        ldapUserFederation.ID(),
			MemberofLdapAttribute:       pulumi.String("memberOf"),
			MembershipAttributeType:     pulumi.String("DN"),
			MembershipLdapAttribute:     pulumi.String("member"),
			MembershipUserLdapAttribute: pulumi.String("cn"),
			RealmId:                     realm.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this LDAP mapper will exist in. - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. - `name` - (Required) Display name of this mapper when displayed in the console. - `ldapGroupsDn` - (Required) The LDAP DN where groups can be found. - `groupNameLdapAttribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`. - `groupObjectClasses` - (Required) Array of strings representing the object classes for the group. Must contain at least one. - `preserveGroupInheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak. - `ignoreMissingGroups` - (Optional) When `true`, missing groups in the hierarchy will be ignored. - `membershipLdapAttribute` - (Required) The name of the LDAP attribute that is used for membership mappings. - `membershipAttributeType` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`. - `membershipUserLdapAttribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings. - `groupsLdapFilter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`. - `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`. - `userRolesRetrieveStrategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`. - `memberofLdapAttribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`. - `mappedGroupAttributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group. - `dropNonExistingGroupsDuringSync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.

### Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs:

func GetGroupMapper 

func GetGroupMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GroupMapperState, opts ...pulumi.ResourceOption) (*GroupMapper, error)

GetGroupMapper gets an existing GroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGroupMapper 

func NewGroupMapper(ctx *pulumi.Context,
	name string, args *GroupMapperArgs, opts ...pulumi.ResourceOption) (*GroupMapper, error)

NewGroupMapper registers a new resource with the given unique name, arguments, and options.

func (*GroupMapper) ElementType 

func (*GroupMapper) ElementType() reflect.Type

func (*GroupMapper) ToGroupMapperOutput 

func (i *GroupMapper) ToGroupMapperOutput() GroupMapperOutput

func (*GroupMapper) ToGroupMapperOutputWithContext 

func (i *GroupMapper) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput

type GroupMapperArgs 

type GroupMapperArgs struct {
	DropNonExistingGroupsDuringSync pulumi.BoolPtrInput
	GroupNameLdapAttribute          pulumi.StringInput
	GroupObjectClasses              pulumi.StringArrayInput
	GroupsLdapFilter                pulumi.StringPtrInput
	GroupsPath                      pulumi.StringPtrInput
	IgnoreMissingGroups             pulumi.BoolPtrInput
	LdapGroupsDn                    pulumi.StringInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId        pulumi.StringInput
	MappedGroupAttributes       pulumi.StringArrayInput
	MemberofLdapAttribute       pulumi.StringPtrInput
	MembershipAttributeType     pulumi.StringPtrInput
	MembershipLdapAttribute     pulumi.StringInput
	MembershipUserLdapAttribute pulumi.StringInput
	Mode                        pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name                     pulumi.StringPtrInput
	PreserveGroupInheritance pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId                   pulumi.StringInput
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

The set of arguments for constructing a GroupMapper resource.

func (GroupMapperArgs) ElementType 

func (GroupMapperArgs) ElementType() reflect.Type

type GroupMapperArray 

type GroupMapperArray []GroupMapperInput

func (GroupMapperArray) ElementType 

func (GroupMapperArray) ElementType() reflect.Type

func (GroupMapperArray) ToGroupMapperArrayOutput 

func (i GroupMapperArray) ToGroupMapperArrayOutput() GroupMapperArrayOutput

func (GroupMapperArray) ToGroupMapperArrayOutputWithContext 

func (i GroupMapperArray) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput

type GroupMapperArrayInput 

type GroupMapperArrayInput interface {
	pulumi.Input

	ToGroupMapperArrayOutput() GroupMapperArrayOutput
	ToGroupMapperArrayOutputWithContext(context.Context) GroupMapperArrayOutput
}

GroupMapperArrayInput is an input type that accepts GroupMapperArray and GroupMapperArrayOutput values. You can construct a concrete instance of `GroupMapperArrayInput` via: 

GroupMapperArray{ GroupMapperArgs{...} }

type GroupMapperArrayOutput 

type GroupMapperArrayOutput struct{ *pulumi.OutputState }

func (GroupMapperArrayOutput) ElementType 

func (GroupMapperArrayOutput) ElementType() reflect.Type

func (GroupMapperArrayOutput) Index 

func (o GroupMapperArrayOutput) Index(i pulumi.IntInput) GroupMapperOutput

func (GroupMapperArrayOutput) ToGroupMapperArrayOutput 

func (o GroupMapperArrayOutput) ToGroupMapperArrayOutput() GroupMapperArrayOutput

func (GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext 

func (o GroupMapperArrayOutput) ToGroupMapperArrayOutputWithContext(ctx context.Context) GroupMapperArrayOutput

type GroupMapperInput 

type GroupMapperInput interface {
	pulumi.Input

	ToGroupMapperOutput() GroupMapperOutput
	ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput
}

type GroupMapperMap 

type GroupMapperMap map[string]GroupMapperInput

func (GroupMapperMap) ElementType 

func (GroupMapperMap) ElementType() reflect.Type

func (GroupMapperMap) ToGroupMapperMapOutput 

func (i GroupMapperMap) ToGroupMapperMapOutput() GroupMapperMapOutput

func (GroupMapperMap) ToGroupMapperMapOutputWithContext 

func (i GroupMapperMap) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput

type GroupMapperMapInput 

type GroupMapperMapInput interface {
	pulumi.Input

	ToGroupMapperMapOutput() GroupMapperMapOutput
	ToGroupMapperMapOutputWithContext(context.Context) GroupMapperMapOutput
}

GroupMapperMapInput is an input type that accepts GroupMapperMap and GroupMapperMapOutput values. You can construct a concrete instance of `GroupMapperMapInput` via: 

GroupMapperMap{ "key": GroupMapperArgs{...} }

type GroupMapperMapOutput 

type GroupMapperMapOutput struct{ *pulumi.OutputState }

func (GroupMapperMapOutput) ElementType 

func (GroupMapperMapOutput) ElementType() reflect.Type

func (GroupMapperMapOutput) MapIndex 

func (o GroupMapperMapOutput) MapIndex(k pulumi.StringInput) GroupMapperOutput

func (GroupMapperMapOutput) ToGroupMapperMapOutput 

func (o GroupMapperMapOutput) ToGroupMapperMapOutput() GroupMapperMapOutput

func (GroupMapperMapOutput) ToGroupMapperMapOutputWithContext 

func (o GroupMapperMapOutput) ToGroupMapperMapOutputWithContext(ctx context.Context) GroupMapperMapOutput

type GroupMapperOutput 

type GroupMapperOutput struct{ *pulumi.OutputState }

func (GroupMapperOutput) DropNonExistingGroupsDuringSync 

func (o GroupMapperOutput) DropNonExistingGroupsDuringSync() pulumi.BoolPtrOutput

func (GroupMapperOutput) ElementType 

func (GroupMapperOutput) ElementType() reflect.Type

func (GroupMapperOutput) GroupNameLdapAttribute 

func (o GroupMapperOutput) GroupNameLdapAttribute() pulumi.StringOutput

func (GroupMapperOutput) GroupObjectClasses 

func (o GroupMapperOutput) GroupObjectClasses() pulumi.StringArrayOutput

func (GroupMapperOutput) GroupsLdapFilter 

func (o GroupMapperOutput) GroupsLdapFilter() pulumi.StringPtrOutput

func (GroupMapperOutput) GroupsPath 

func (o GroupMapperOutput) GroupsPath() pulumi.StringOutput

func (GroupMapperOutput) IgnoreMissingGroups 

func (o GroupMapperOutput) IgnoreMissingGroups() pulumi.BoolPtrOutput

func (GroupMapperOutput) LdapGroupsDn 

func (o GroupMapperOutput) LdapGroupsDn() pulumi.StringOutput

func (GroupMapperOutput) LdapUserFederationId 

func (o GroupMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (GroupMapperOutput) MappedGroupAttributes 

func (o GroupMapperOutput) MappedGroupAttributes() pulumi.StringArrayOutput

func (GroupMapperOutput) MemberofLdapAttribute 

func (o GroupMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput

func (GroupMapperOutput) MembershipAttributeType 

func (o GroupMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput

func (GroupMapperOutput) MembershipLdapAttribute 

func (o GroupMapperOutput) MembershipLdapAttribute() pulumi.StringOutput

func (GroupMapperOutput) MembershipUserLdapAttribute 

func (o GroupMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput

func (GroupMapperOutput) Mode 

func (o GroupMapperOutput) Mode() pulumi.StringPtrOutput

func (GroupMapperOutput) Name 

func (o GroupMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (GroupMapperOutput) PreserveGroupInheritance 

func (o GroupMapperOutput) PreserveGroupInheritance() pulumi.BoolPtrOutput

func (GroupMapperOutput) RealmId 

func (o GroupMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (GroupMapperOutput) ToGroupMapperOutput 

func (o GroupMapperOutput) ToGroupMapperOutput() GroupMapperOutput

func (GroupMapperOutput) ToGroupMapperOutputWithContext 

func (o GroupMapperOutput) ToGroupMapperOutputWithContext(ctx context.Context) GroupMapperOutput

func (GroupMapperOutput) UserRolesRetrieveStrategy 

func (o GroupMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput

type GroupMapperState 

type GroupMapperState struct {
	DropNonExistingGroupsDuringSync pulumi.BoolPtrInput
	GroupNameLdapAttribute          pulumi.StringPtrInput
	GroupObjectClasses              pulumi.StringArrayInput
	GroupsLdapFilter                pulumi.StringPtrInput
	GroupsPath                      pulumi.StringPtrInput
	IgnoreMissingGroups             pulumi.BoolPtrInput
	LdapGroupsDn                    pulumi.StringPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId        pulumi.StringPtrInput
	MappedGroupAttributes       pulumi.StringArrayInput
	MemberofLdapAttribute       pulumi.StringPtrInput
	MembershipAttributeType     pulumi.StringPtrInput
	MembershipLdapAttribute     pulumi.StringPtrInput
	MembershipUserLdapAttribute pulumi.StringPtrInput
	Mode                        pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name                     pulumi.StringPtrInput
	PreserveGroupInheritance pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId                   pulumi.StringPtrInput
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

func (GroupMapperState) ElementType 

func (GroupMapperState) ElementType() reflect.Type

type HardcodedAttributeMapper 

type HardcodedAttributeMapper struct {
	pulumi.CustomResourceState

	// The name of the LDAP attribute to set.
	AttributeName pulumi.StringOutput `pulumi:"attributeName"`
	// The value to set to the LDAP attribute. You can hardcode any value like 'foo'.
	AttributeValue pulumi.StringOutput `pulumi:"attributeValue"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.

The LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.

**NOTE**: This mapper only works when the `syncRegistrations` attribute on the `ldap.UserFederation` resource is set to `true`.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:     pulumi.String("ldap://openldap"),
			UsersDn:           pulumi.String("dc=example,dc=org"),
			BindDn:            pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential:    pulumi.String("admin"),
			SyncRegistrations: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewHardcodedAttributeMapper(ctx, "assignBarToFoo", &ldap.HardcodedAttributeMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			AttributeName:        pulumi.String("foo"),
			AttributeValue:       pulumi.String("bar"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.

The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.

Example:

bash

```sh $ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 ```

func GetHardcodedAttributeMapper 

func GetHardcodedAttributeMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *HardcodedAttributeMapperState, opts ...pulumi.ResourceOption) (*HardcodedAttributeMapper, error)

GetHardcodedAttributeMapper gets an existing HardcodedAttributeMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewHardcodedAttributeMapper 

func NewHardcodedAttributeMapper(ctx *pulumi.Context,
	name string, args *HardcodedAttributeMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedAttributeMapper, error)

NewHardcodedAttributeMapper registers a new resource with the given unique name, arguments, and options.

func (*HardcodedAttributeMapper) ElementType 

func (*HardcodedAttributeMapper) ElementType() reflect.Type

func (*HardcodedAttributeMapper) ToHardcodedAttributeMapperOutput 

func (i *HardcodedAttributeMapper) ToHardcodedAttributeMapperOutput() HardcodedAttributeMapperOutput

func (*HardcodedAttributeMapper) ToHardcodedAttributeMapperOutputWithContext 

func (i *HardcodedAttributeMapper) ToHardcodedAttributeMapperOutputWithContext(ctx context.Context) HardcodedAttributeMapperOutput

type HardcodedAttributeMapperArgs 

type HardcodedAttributeMapperArgs struct {
	// The name of the LDAP attribute to set.
	AttributeName pulumi.StringInput
	// The value to set to the LDAP attribute. You can hardcode any value like 'foo'.
	AttributeValue pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a HardcodedAttributeMapper resource.

func (HardcodedAttributeMapperArgs) ElementType 

func (HardcodedAttributeMapperArgs) ElementType() reflect.Type

type HardcodedAttributeMapperArray 

type HardcodedAttributeMapperArray []HardcodedAttributeMapperInput

func (HardcodedAttributeMapperArray) ElementType 

func (HardcodedAttributeMapperArray) ElementType() reflect.Type

func (HardcodedAttributeMapperArray) ToHardcodedAttributeMapperArrayOutput 

func (i HardcodedAttributeMapperArray) ToHardcodedAttributeMapperArrayOutput() HardcodedAttributeMapperArrayOutput

func (HardcodedAttributeMapperArray) ToHardcodedAttributeMapperArrayOutputWithContext 

func (i HardcodedAttributeMapperArray) ToHardcodedAttributeMapperArrayOutputWithContext(ctx context.Context) HardcodedAttributeMapperArrayOutput

type HardcodedAttributeMapperArrayInput 

type HardcodedAttributeMapperArrayInput interface {
	pulumi.Input

	ToHardcodedAttributeMapperArrayOutput() HardcodedAttributeMapperArrayOutput
	ToHardcodedAttributeMapperArrayOutputWithContext(context.Context) HardcodedAttributeMapperArrayOutput
}

HardcodedAttributeMapperArrayInput is an input type that accepts HardcodedAttributeMapperArray and HardcodedAttributeMapperArrayOutput values. You can construct a concrete instance of `HardcodedAttributeMapperArrayInput` via: 

HardcodedAttributeMapperArray{ HardcodedAttributeMapperArgs{...} }

type HardcodedAttributeMapperArrayOutput 

type HardcodedAttributeMapperArrayOutput struct{ *pulumi.OutputState }

func (HardcodedAttributeMapperArrayOutput) ElementType 

func (HardcodedAttributeMapperArrayOutput) ElementType() reflect.Type

func (HardcodedAttributeMapperArrayOutput) Index 

func (o HardcodedAttributeMapperArrayOutput) Index(i pulumi.IntInput) HardcodedAttributeMapperOutput

func (HardcodedAttributeMapperArrayOutput) ToHardcodedAttributeMapperArrayOutput 

func (o HardcodedAttributeMapperArrayOutput) ToHardcodedAttributeMapperArrayOutput() HardcodedAttributeMapperArrayOutput

func (HardcodedAttributeMapperArrayOutput) ToHardcodedAttributeMapperArrayOutputWithContext 

func (o HardcodedAttributeMapperArrayOutput) ToHardcodedAttributeMapperArrayOutputWithContext(ctx context.Context) HardcodedAttributeMapperArrayOutput

type HardcodedAttributeMapperInput 

type HardcodedAttributeMapperInput interface {
	pulumi.Input

	ToHardcodedAttributeMapperOutput() HardcodedAttributeMapperOutput
	ToHardcodedAttributeMapperOutputWithContext(ctx context.Context) HardcodedAttributeMapperOutput
}

type HardcodedAttributeMapperMap 

type HardcodedAttributeMapperMap map[string]HardcodedAttributeMapperInput

func (HardcodedAttributeMapperMap) ElementType 

func (HardcodedAttributeMapperMap) ElementType() reflect.Type

func (HardcodedAttributeMapperMap) ToHardcodedAttributeMapperMapOutput 

func (i HardcodedAttributeMapperMap) ToHardcodedAttributeMapperMapOutput() HardcodedAttributeMapperMapOutput

func (HardcodedAttributeMapperMap) ToHardcodedAttributeMapperMapOutputWithContext 

func (i HardcodedAttributeMapperMap) ToHardcodedAttributeMapperMapOutputWithContext(ctx context.Context) HardcodedAttributeMapperMapOutput

type HardcodedAttributeMapperMapInput 

type HardcodedAttributeMapperMapInput interface {
	pulumi.Input

	ToHardcodedAttributeMapperMapOutput() HardcodedAttributeMapperMapOutput
	ToHardcodedAttributeMapperMapOutputWithContext(context.Context) HardcodedAttributeMapperMapOutput
}

HardcodedAttributeMapperMapInput is an input type that accepts HardcodedAttributeMapperMap and HardcodedAttributeMapperMapOutput values. You can construct a concrete instance of `HardcodedAttributeMapperMapInput` via: 

HardcodedAttributeMapperMap{ "key": HardcodedAttributeMapperArgs{...} }

type HardcodedAttributeMapperMapOutput 

type HardcodedAttributeMapperMapOutput struct{ *pulumi.OutputState }

func (HardcodedAttributeMapperMapOutput) ElementType 

func (HardcodedAttributeMapperMapOutput) ElementType() reflect.Type

func (HardcodedAttributeMapperMapOutput) MapIndex 

func (o HardcodedAttributeMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedAttributeMapperOutput

func (HardcodedAttributeMapperMapOutput) ToHardcodedAttributeMapperMapOutput 

func (o HardcodedAttributeMapperMapOutput) ToHardcodedAttributeMapperMapOutput() HardcodedAttributeMapperMapOutput

func (HardcodedAttributeMapperMapOutput) ToHardcodedAttributeMapperMapOutputWithContext 

func (o HardcodedAttributeMapperMapOutput) ToHardcodedAttributeMapperMapOutputWithContext(ctx context.Context) HardcodedAttributeMapperMapOutput

type HardcodedAttributeMapperOutput 

type HardcodedAttributeMapperOutput struct{ *pulumi.OutputState }

func (HardcodedAttributeMapperOutput) AttributeName 

func (o HardcodedAttributeMapperOutput) AttributeName() pulumi.StringOutput

The name of the LDAP attribute to set.

func (HardcodedAttributeMapperOutput) AttributeValue 

func (o HardcodedAttributeMapperOutput) AttributeValue() pulumi.StringOutput

The value to set to the LDAP attribute. You can hardcode any value like 'foo'.

func (HardcodedAttributeMapperOutput) ElementType 

func (HardcodedAttributeMapperOutput) ElementType() reflect.Type

func (HardcodedAttributeMapperOutput) LdapUserFederationId 

func (o HardcodedAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (HardcodedAttributeMapperOutput) Name 

func (o HardcodedAttributeMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (HardcodedAttributeMapperOutput) RealmId 

func (o HardcodedAttributeMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (HardcodedAttributeMapperOutput) ToHardcodedAttributeMapperOutput 

func (o HardcodedAttributeMapperOutput) ToHardcodedAttributeMapperOutput() HardcodedAttributeMapperOutput

func (HardcodedAttributeMapperOutput) ToHardcodedAttributeMapperOutputWithContext 

func (o HardcodedAttributeMapperOutput) ToHardcodedAttributeMapperOutputWithContext(ctx context.Context) HardcodedAttributeMapperOutput

type HardcodedAttributeMapperState 

type HardcodedAttributeMapperState struct {
	// The name of the LDAP attribute to set.
	AttributeName pulumi.StringPtrInput
	// The value to set to the LDAP attribute. You can hardcode any value like 'foo'.
	AttributeValue pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (HardcodedAttributeMapperState) ElementType 

func (HardcodedAttributeMapperState) ElementType() reflect.Type

type HardcodedGroupMapper 

type HardcodedGroupMapper struct {
	pulumi.CustomResourceState

	// The name of the group which should be assigned to the users.
	Group pulumi.StringOutput `pulumi:"group"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.

The LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		realmGroup, err := keycloak.NewGroup(ctx, "realmGroup", &keycloak.GroupArgs{
			RealmId: realm.ID(),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewHardcodedGroupMapper(ctx, "assignGroupToUsers", &ldap.HardcodedGroupMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Group:                realmGroup.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.

The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.

Example:

bash

```sh $ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 ```

func GetHardcodedGroupMapper 

func GetHardcodedGroupMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *HardcodedGroupMapperState, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)

GetHardcodedGroupMapper gets an existing HardcodedGroupMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewHardcodedGroupMapper 

func NewHardcodedGroupMapper(ctx *pulumi.Context,
	name string, args *HardcodedGroupMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedGroupMapper, error)

NewHardcodedGroupMapper registers a new resource with the given unique name, arguments, and options.

func (*HardcodedGroupMapper) ElementType 

func (*HardcodedGroupMapper) ElementType() reflect.Type

func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutput 

func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput

func (*HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext 

func (i *HardcodedGroupMapper) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput

type HardcodedGroupMapperArgs 

type HardcodedGroupMapperArgs struct {
	// The name of the group which should be assigned to the users.
	Group pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a HardcodedGroupMapper resource.

func (HardcodedGroupMapperArgs) ElementType 

func (HardcodedGroupMapperArgs) ElementType() reflect.Type

type HardcodedGroupMapperArray 

type HardcodedGroupMapperArray []HardcodedGroupMapperInput

func (HardcodedGroupMapperArray) ElementType 

func (HardcodedGroupMapperArray) ElementType() reflect.Type

func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput 

func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput

func (HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext 

func (i HardcodedGroupMapperArray) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput

type HardcodedGroupMapperArrayInput 

type HardcodedGroupMapperArrayInput interface {
	pulumi.Input

	ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput
	ToHardcodedGroupMapperArrayOutputWithContext(context.Context) HardcodedGroupMapperArrayOutput
}

HardcodedGroupMapperArrayInput is an input type that accepts HardcodedGroupMapperArray and HardcodedGroupMapperArrayOutput values. You can construct a concrete instance of `HardcodedGroupMapperArrayInput` via: 

HardcodedGroupMapperArray{ HardcodedGroupMapperArgs{...} }

type HardcodedGroupMapperArrayOutput 

type HardcodedGroupMapperArrayOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperArrayOutput) ElementType 

func (HardcodedGroupMapperArrayOutput) ElementType() reflect.Type

func (HardcodedGroupMapperArrayOutput) Index 

func (o HardcodedGroupMapperArrayOutput) Index(i pulumi.IntInput) HardcodedGroupMapperOutput

func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput 

func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutput() HardcodedGroupMapperArrayOutput

func (HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext 

func (o HardcodedGroupMapperArrayOutput) ToHardcodedGroupMapperArrayOutputWithContext(ctx context.Context) HardcodedGroupMapperArrayOutput

type HardcodedGroupMapperInput 

type HardcodedGroupMapperInput interface {
	pulumi.Input

	ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput
	ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput
}

type HardcodedGroupMapperMap 

type HardcodedGroupMapperMap map[string]HardcodedGroupMapperInput

func (HardcodedGroupMapperMap) ElementType 

func (HardcodedGroupMapperMap) ElementType() reflect.Type

func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput 

func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput

func (HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext 

func (i HardcodedGroupMapperMap) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput

type HardcodedGroupMapperMapInput 

type HardcodedGroupMapperMapInput interface {
	pulumi.Input

	ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput
	ToHardcodedGroupMapperMapOutputWithContext(context.Context) HardcodedGroupMapperMapOutput
}

HardcodedGroupMapperMapInput is an input type that accepts HardcodedGroupMapperMap and HardcodedGroupMapperMapOutput values. You can construct a concrete instance of `HardcodedGroupMapperMapInput` via: 

HardcodedGroupMapperMap{ "key": HardcodedGroupMapperArgs{...} }

type HardcodedGroupMapperMapOutput 

type HardcodedGroupMapperMapOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperMapOutput) ElementType 

func (HardcodedGroupMapperMapOutput) ElementType() reflect.Type

func (HardcodedGroupMapperMapOutput) MapIndex 

func (o HardcodedGroupMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedGroupMapperOutput

func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput 

func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutput() HardcodedGroupMapperMapOutput

func (HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext 

func (o HardcodedGroupMapperMapOutput) ToHardcodedGroupMapperMapOutputWithContext(ctx context.Context) HardcodedGroupMapperMapOutput

type HardcodedGroupMapperOutput 

type HardcodedGroupMapperOutput struct{ *pulumi.OutputState }

func (HardcodedGroupMapperOutput) ElementType 

func (HardcodedGroupMapperOutput) ElementType() reflect.Type

func (HardcodedGroupMapperOutput) Group 

func (o HardcodedGroupMapperOutput) Group() pulumi.StringOutput

The name of the group which should be assigned to the users.

func (HardcodedGroupMapperOutput) LdapUserFederationId 

func (o HardcodedGroupMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (HardcodedGroupMapperOutput) Name 

func (o HardcodedGroupMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (HardcodedGroupMapperOutput) RealmId 

func (o HardcodedGroupMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput 

func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutput() HardcodedGroupMapperOutput

func (HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext 

func (o HardcodedGroupMapperOutput) ToHardcodedGroupMapperOutputWithContext(ctx context.Context) HardcodedGroupMapperOutput

type HardcodedGroupMapperState 

type HardcodedGroupMapperState struct {
	// The name of the group which should be assigned to the users.
	Group pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (HardcodedGroupMapperState) ElementType 

func (HardcodedGroupMapperState) ElementType() reflect.Type

type HardcodedRoleMapper 

type HardcodedRoleMapper struct {
	pulumi.CustomResourceState

	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// Role to grant to user.
	Role pulumi.StringOutput `pulumi:"role"`
}

## # ldap.HardcodedRoleMapper

This mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("test"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Role:                 pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this LDAP mapper will exist in. - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. - `name` - (Required) Display name of this mapper when displayed in the console. - `role` - (Required) The role which should be assigned to the users.

### Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs:

func GetHardcodedRoleMapper 

func GetHardcodedRoleMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *HardcodedRoleMapperState, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)

GetHardcodedRoleMapper gets an existing HardcodedRoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewHardcodedRoleMapper 

func NewHardcodedRoleMapper(ctx *pulumi.Context,
	name string, args *HardcodedRoleMapperArgs, opts ...pulumi.ResourceOption) (*HardcodedRoleMapper, error)

NewHardcodedRoleMapper registers a new resource with the given unique name, arguments, and options.

func (*HardcodedRoleMapper) ElementType 

func (*HardcodedRoleMapper) ElementType() reflect.Type

func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutput 

func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput

func (*HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext 

func (i *HardcodedRoleMapper) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput

type HardcodedRoleMapperArgs 

type HardcodedRoleMapperArgs struct {
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringInput
	// Role to grant to user.
	Role pulumi.StringInput
}

The set of arguments for constructing a HardcodedRoleMapper resource.

func (HardcodedRoleMapperArgs) ElementType 

func (HardcodedRoleMapperArgs) ElementType() reflect.Type

type HardcodedRoleMapperArray 

type HardcodedRoleMapperArray []HardcodedRoleMapperInput

func (HardcodedRoleMapperArray) ElementType 

func (HardcodedRoleMapperArray) ElementType() reflect.Type

func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput 

func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput

func (HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext 

func (i HardcodedRoleMapperArray) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput

type HardcodedRoleMapperArrayInput 

type HardcodedRoleMapperArrayInput interface {
	pulumi.Input

	ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput
	ToHardcodedRoleMapperArrayOutputWithContext(context.Context) HardcodedRoleMapperArrayOutput
}

HardcodedRoleMapperArrayInput is an input type that accepts HardcodedRoleMapperArray and HardcodedRoleMapperArrayOutput values. You can construct a concrete instance of `HardcodedRoleMapperArrayInput` via: 

HardcodedRoleMapperArray{ HardcodedRoleMapperArgs{...} }

type HardcodedRoleMapperArrayOutput 

type HardcodedRoleMapperArrayOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperArrayOutput) ElementType 

func (HardcodedRoleMapperArrayOutput) ElementType() reflect.Type

func (HardcodedRoleMapperArrayOutput) Index 

func (o HardcodedRoleMapperArrayOutput) Index(i pulumi.IntInput) HardcodedRoleMapperOutput

func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput 

func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutput() HardcodedRoleMapperArrayOutput

func (HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext 

func (o HardcodedRoleMapperArrayOutput) ToHardcodedRoleMapperArrayOutputWithContext(ctx context.Context) HardcodedRoleMapperArrayOutput

type HardcodedRoleMapperInput 

type HardcodedRoleMapperInput interface {
	pulumi.Input

	ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput
	ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput
}

type HardcodedRoleMapperMap 

type HardcodedRoleMapperMap map[string]HardcodedRoleMapperInput

func (HardcodedRoleMapperMap) ElementType 

func (HardcodedRoleMapperMap) ElementType() reflect.Type

func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput 

func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput

func (HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext 

func (i HardcodedRoleMapperMap) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput

type HardcodedRoleMapperMapInput 

type HardcodedRoleMapperMapInput interface {
	pulumi.Input

	ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput
	ToHardcodedRoleMapperMapOutputWithContext(context.Context) HardcodedRoleMapperMapOutput
}

HardcodedRoleMapperMapInput is an input type that accepts HardcodedRoleMapperMap and HardcodedRoleMapperMapOutput values. You can construct a concrete instance of `HardcodedRoleMapperMapInput` via: 

HardcodedRoleMapperMap{ "key": HardcodedRoleMapperArgs{...} }

type HardcodedRoleMapperMapOutput 

type HardcodedRoleMapperMapOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperMapOutput) ElementType 

func (HardcodedRoleMapperMapOutput) ElementType() reflect.Type

func (HardcodedRoleMapperMapOutput) MapIndex 

func (o HardcodedRoleMapperMapOutput) MapIndex(k pulumi.StringInput) HardcodedRoleMapperOutput

func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput 

func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutput() HardcodedRoleMapperMapOutput

func (HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext 

func (o HardcodedRoleMapperMapOutput) ToHardcodedRoleMapperMapOutputWithContext(ctx context.Context) HardcodedRoleMapperMapOutput

type HardcodedRoleMapperOutput 

type HardcodedRoleMapperOutput struct{ *pulumi.OutputState }

func (HardcodedRoleMapperOutput) ElementType 

func (HardcodedRoleMapperOutput) ElementType() reflect.Type

func (HardcodedRoleMapperOutput) LdapUserFederationId 

func (o HardcodedRoleMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (HardcodedRoleMapperOutput) Name 

func (o HardcodedRoleMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (HardcodedRoleMapperOutput) RealmId 

func (o HardcodedRoleMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (HardcodedRoleMapperOutput) Role 

func (o HardcodedRoleMapperOutput) Role() pulumi.StringOutput

Role to grant to user.

func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput 

func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutput() HardcodedRoleMapperOutput

func (HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext 

func (o HardcodedRoleMapperOutput) ToHardcodedRoleMapperOutputWithContext(ctx context.Context) HardcodedRoleMapperOutput

type HardcodedRoleMapperState 

type HardcodedRoleMapperState struct {
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringPtrInput
	// Role to grant to user.
	Role pulumi.StringPtrInput
}

func (HardcodedRoleMapperState) ElementType 

func (HardcodedRoleMapperState) ElementType() reflect.Type

type MsadLdsUserAccountControlMapper 

type MsadLdsUserAccountControlMapper struct {
	pulumi.CustomResourceState

	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

Allows for creating and managing MSAD-LDS user account control mappers for Keycloak users federated via LDAP.

The MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific to LDAP user federation providers that are pulling from AD-LDS, and it can propagate AD-LDS user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("objectGUID"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("person"),
				pulumi.String("organizationalPerson"),
				pulumi.String("user"),
			},
			ConnectionUrl:  pulumi.String("ldap://my-ad-server"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, "msadLdsUserAccountControlMapper", &ldap.MsadLdsUserAccountControlMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.

The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.

Example:

bash

```sh $ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 ```

func GetMsadLdsUserAccountControlMapper 

func GetMsadLdsUserAccountControlMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MsadLdsUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)

GetMsadLdsUserAccountControlMapper gets an existing MsadLdsUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMsadLdsUserAccountControlMapper 

func NewMsadLdsUserAccountControlMapper(ctx *pulumi.Context,
	name string, args *MsadLdsUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadLdsUserAccountControlMapper, error)

NewMsadLdsUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.

func (*MsadLdsUserAccountControlMapper) ElementType 

func (*MsadLdsUserAccountControlMapper) ElementType() reflect.Type

func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput 

func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput

func (*MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext 

func (i *MsadLdsUserAccountControlMapper) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput

type MsadLdsUserAccountControlMapperArgs 

type MsadLdsUserAccountControlMapperArgs struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a MsadLdsUserAccountControlMapper resource.

func (MsadLdsUserAccountControlMapperArgs) ElementType 

func (MsadLdsUserAccountControlMapperArgs) ElementType() reflect.Type

type MsadLdsUserAccountControlMapperArray 

type MsadLdsUserAccountControlMapperArray []MsadLdsUserAccountControlMapperInput

func (MsadLdsUserAccountControlMapperArray) ElementType 

func (MsadLdsUserAccountControlMapperArray) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput 

func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput

func (MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext 

func (i MsadLdsUserAccountControlMapperArray) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput

type MsadLdsUserAccountControlMapperArrayInput 

type MsadLdsUserAccountControlMapperArrayInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput
	ToMsadLdsUserAccountControlMapperArrayOutputWithContext(context.Context) MsadLdsUserAccountControlMapperArrayOutput
}

MsadLdsUserAccountControlMapperArrayInput is an input type that accepts MsadLdsUserAccountControlMapperArray and MsadLdsUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperArrayInput` via: 

MsadLdsUserAccountControlMapperArray{ MsadLdsUserAccountControlMapperArgs{...} }

type MsadLdsUserAccountControlMapperArrayOutput 

type MsadLdsUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperArrayOutput) ElementType 

func (MsadLdsUserAccountControlMapperArrayOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperArrayOutput) Index 

func (o MsadLdsUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput 

func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutput() MsadLdsUserAccountControlMapperArrayOutput

func (MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext 

func (o MsadLdsUserAccountControlMapperArrayOutput) ToMsadLdsUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperArrayOutput

type MsadLdsUserAccountControlMapperInput 

type MsadLdsUserAccountControlMapperInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput
	ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput
}

type MsadLdsUserAccountControlMapperMap 

type MsadLdsUserAccountControlMapperMap map[string]MsadLdsUserAccountControlMapperInput

func (MsadLdsUserAccountControlMapperMap) ElementType 

func (MsadLdsUserAccountControlMapperMap) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput 

func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput

func (MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext 

func (i MsadLdsUserAccountControlMapperMap) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput

type MsadLdsUserAccountControlMapperMapInput 

type MsadLdsUserAccountControlMapperMapInput interface {
	pulumi.Input

	ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput
	ToMsadLdsUserAccountControlMapperMapOutputWithContext(context.Context) MsadLdsUserAccountControlMapperMapOutput
}

MsadLdsUserAccountControlMapperMapInput is an input type that accepts MsadLdsUserAccountControlMapperMap and MsadLdsUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadLdsUserAccountControlMapperMapInput` via: 

MsadLdsUserAccountControlMapperMap{ "key": MsadLdsUserAccountControlMapperArgs{...} }

type MsadLdsUserAccountControlMapperMapOutput 

type MsadLdsUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperMapOutput) ElementType 

func (MsadLdsUserAccountControlMapperMapOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperMapOutput) MapIndex 

func (o MsadLdsUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput 

func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutput() MsadLdsUserAccountControlMapperMapOutput

func (MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext 

func (o MsadLdsUserAccountControlMapperMapOutput) ToMsadLdsUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperMapOutput

type MsadLdsUserAccountControlMapperOutput 

type MsadLdsUserAccountControlMapperOutput struct{ *pulumi.OutputState }

func (MsadLdsUserAccountControlMapperOutput) ElementType 

func (MsadLdsUserAccountControlMapperOutput) ElementType() reflect.Type

func (MsadLdsUserAccountControlMapperOutput) LdapUserFederationId 

func (o MsadLdsUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (MsadLdsUserAccountControlMapperOutput) Name 

func (o MsadLdsUserAccountControlMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (MsadLdsUserAccountControlMapperOutput) RealmId 

func (o MsadLdsUserAccountControlMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput 

func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutput() MsadLdsUserAccountControlMapperOutput

func (MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext 

func (o MsadLdsUserAccountControlMapperOutput) ToMsadLdsUserAccountControlMapperOutputWithContext(ctx context.Context) MsadLdsUserAccountControlMapperOutput

type MsadLdsUserAccountControlMapperState 

type MsadLdsUserAccountControlMapperState struct {
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
}

func (MsadLdsUserAccountControlMapperState) ElementType 

func (MsadLdsUserAccountControlMapperState) ElementType() reflect.Type

type MsadUserAccountControlMapper 

type MsadUserAccountControlMapper struct {
	pulumi.CustomResourceState

	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrOutput `pulumi:"ldapPasswordPolicyHintsEnabled"`
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
}

## # ldap.MsadUserAccountControlMapper

Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP.

The MSAD (Microsoft Active Directory) user account control mapper is specific to LDAP user federation providers that are pulling from AD, and it can propagate AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Enabled: pulumi.Bool(true),
			Realm:   pulumi.String("test"),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			BindCredential:   pulumi.String("admin"),
			BindDn:           pulumi.String("cn=admin,dc=example,dc=org"),
			ConnectionUrl:    pulumi.String("ldap://my-ad-server"),
			RdnLdapAttribute: pulumi.String("cn"),
			RealmId:          realm.ID(),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("person"),
				pulumi.String("organizationalPerson"),
				pulumi.String("user"),
			},
			UsernameLdapAttribute: pulumi.String("cn"),
			UsersDn:               pulumi.String("dc=example,dc=org"),
			UuidLdapAttribute:     pulumi.String("objectGUID"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewMsadUserAccountControlMapper(ctx, "msadUserAccountControlMapper", &ldap.MsadUserAccountControlMapperArgs{
			LdapUserFederationId: ldapUserFederation.ID(),
			RealmId:              realm.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this LDAP mapper will exist in. - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. - `name` - (Required) Display name of this mapper when displayed in the console. - `ldapPasswordPolicyHintsEnabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.

### Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs:

func GetMsadUserAccountControlMapper 

func GetMsadUserAccountControlMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MsadUserAccountControlMapperState, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)

GetMsadUserAccountControlMapper gets an existing MsadUserAccountControlMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMsadUserAccountControlMapper 

func NewMsadUserAccountControlMapper(ctx *pulumi.Context,
	name string, args *MsadUserAccountControlMapperArgs, opts ...pulumi.ResourceOption) (*MsadUserAccountControlMapper, error)

NewMsadUserAccountControlMapper registers a new resource with the given unique name, arguments, and options.

func (*MsadUserAccountControlMapper) ElementType 

func (*MsadUserAccountControlMapper) ElementType() reflect.Type

func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput 

func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput

func (*MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext 

func (i *MsadUserAccountControlMapper) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput

type MsadUserAccountControlMapperArgs 

type MsadUserAccountControlMapperArgs struct {
	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringInput
}

The set of arguments for constructing a MsadUserAccountControlMapper resource.

func (MsadUserAccountControlMapperArgs) ElementType 

func (MsadUserAccountControlMapperArgs) ElementType() reflect.Type

type MsadUserAccountControlMapperArray 

type MsadUserAccountControlMapperArray []MsadUserAccountControlMapperInput

func (MsadUserAccountControlMapperArray) ElementType 

func (MsadUserAccountControlMapperArray) ElementType() reflect.Type

func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput 

func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput

func (MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext 

func (i MsadUserAccountControlMapperArray) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput

type MsadUserAccountControlMapperArrayInput 

type MsadUserAccountControlMapperArrayInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput
	ToMsadUserAccountControlMapperArrayOutputWithContext(context.Context) MsadUserAccountControlMapperArrayOutput
}

MsadUserAccountControlMapperArrayInput is an input type that accepts MsadUserAccountControlMapperArray and MsadUserAccountControlMapperArrayOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperArrayInput` via: 

MsadUserAccountControlMapperArray{ MsadUserAccountControlMapperArgs{...} }

type MsadUserAccountControlMapperArrayOutput 

type MsadUserAccountControlMapperArrayOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperArrayOutput) ElementType 

func (MsadUserAccountControlMapperArrayOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperArrayOutput) Index 

func (o MsadUserAccountControlMapperArrayOutput) Index(i pulumi.IntInput) MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput 

func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutput() MsadUserAccountControlMapperArrayOutput

func (MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext 

func (o MsadUserAccountControlMapperArrayOutput) ToMsadUserAccountControlMapperArrayOutputWithContext(ctx context.Context) MsadUserAccountControlMapperArrayOutput

type MsadUserAccountControlMapperInput 

type MsadUserAccountControlMapperInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput
	ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput
}

type MsadUserAccountControlMapperMap 

type MsadUserAccountControlMapperMap map[string]MsadUserAccountControlMapperInput

func (MsadUserAccountControlMapperMap) ElementType 

func (MsadUserAccountControlMapperMap) ElementType() reflect.Type

func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput 

func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput

func (MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext 

func (i MsadUserAccountControlMapperMap) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput

type MsadUserAccountControlMapperMapInput 

type MsadUserAccountControlMapperMapInput interface {
	pulumi.Input

	ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput
	ToMsadUserAccountControlMapperMapOutputWithContext(context.Context) MsadUserAccountControlMapperMapOutput
}

MsadUserAccountControlMapperMapInput is an input type that accepts MsadUserAccountControlMapperMap and MsadUserAccountControlMapperMapOutput values. You can construct a concrete instance of `MsadUserAccountControlMapperMapInput` via: 

MsadUserAccountControlMapperMap{ "key": MsadUserAccountControlMapperArgs{...} }

type MsadUserAccountControlMapperMapOutput 

type MsadUserAccountControlMapperMapOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperMapOutput) ElementType 

func (MsadUserAccountControlMapperMapOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperMapOutput) MapIndex 

func (o MsadUserAccountControlMapperMapOutput) MapIndex(k pulumi.StringInput) MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput 

func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutput() MsadUserAccountControlMapperMapOutput

func (MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext 

func (o MsadUserAccountControlMapperMapOutput) ToMsadUserAccountControlMapperMapOutputWithContext(ctx context.Context) MsadUserAccountControlMapperMapOutput

type MsadUserAccountControlMapperOutput 

type MsadUserAccountControlMapperOutput struct{ *pulumi.OutputState }

func (MsadUserAccountControlMapperOutput) ElementType 

func (MsadUserAccountControlMapperOutput) ElementType() reflect.Type

func (MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled 

func (o MsadUserAccountControlMapperOutput) LdapPasswordPolicyHintsEnabled() pulumi.BoolPtrOutput

func (MsadUserAccountControlMapperOutput) LdapUserFederationId 

func (o MsadUserAccountControlMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (MsadUserAccountControlMapperOutput) Name 

func (o MsadUserAccountControlMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (MsadUserAccountControlMapperOutput) RealmId 

func (o MsadUserAccountControlMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput 

func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutput() MsadUserAccountControlMapperOutput

func (MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext 

func (o MsadUserAccountControlMapperOutput) ToMsadUserAccountControlMapperOutputWithContext(ctx context.Context) MsadUserAccountControlMapperOutput

type MsadUserAccountControlMapperState 

type MsadUserAccountControlMapperState struct {
	LdapPasswordPolicyHintsEnabled pulumi.BoolPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringPtrInput
}

func (MsadUserAccountControlMapperState) ElementType 

func (MsadUserAccountControlMapperState) ElementType() reflect.Type

type RoleMapper 

type RoleMapper struct {
	pulumi.CustomResourceState

	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrOutput `pulumi:"clientId"`
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringOutput `pulumi:"ldapRolesDn"`
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrOutput `pulumi:"memberofLdapAttribute"`
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrOutput `pulumi:"membershipAttributeType"`
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringOutput `pulumi:"membershipLdapAttribute"`
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringOutput `pulumi:"membershipUserLdapAttribute"`
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrOutput `pulumi:"mode"`
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringOutput `pulumi:"roleNameLdapAttribute"`
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayOutput `pulumi:"roleObjectClasses"`
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrOutput `pulumi:"rolesLdapFilter"`
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrOutput `pulumi:"useRealmRolesMapping"`
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrOutput `pulumi:"userRolesRetrieveStrategy"`
}

Allows for creating and managing role mappers for Keycloak users federated via LDAP.

The LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewRoleMapper(ctx, "ldapRoleMapper", &ldap.RoleMapperArgs{
			RealmId:               realm.ID(),
			LdapUserFederationId:  ldapUserFederation.ID(),
			LdapRolesDn:           pulumi.String("dc=example,dc=org"),
			RoleNameLdapAttribute: pulumi.String("cn"),
			RoleObjectClasses: pulumi.StringArray{
				pulumi.String("groupOfNames"),
			},
			MembershipAttributeType:     pulumi.String("DN"),
			MembershipLdapAttribute:     pulumi.String("member"),
			MembershipUserLdapAttribute: pulumi.String("cn"),
			UserRolesRetrieveStrategy:   pulumi.String("GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE"),
			MemberofLdapAttribute:       pulumi.String("memberOf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.

The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.

Example:

bash

```sh $ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67 ```

func GetRoleMapper 

func GetRoleMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleMapperState, opts ...pulumi.ResourceOption) (*RoleMapper, error)

GetRoleMapper gets an existing RoleMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRoleMapper 

func NewRoleMapper(ctx *pulumi.Context,
	name string, args *RoleMapperArgs, opts ...pulumi.ResourceOption) (*RoleMapper, error)

NewRoleMapper registers a new resource with the given unique name, arguments, and options.

func (*RoleMapper) ElementType 

func (*RoleMapper) ElementType() reflect.Type

func (*RoleMapper) ToRoleMapperOutput 

func (i *RoleMapper) ToRoleMapperOutput() RoleMapperOutput

func (*RoleMapper) ToRoleMapperOutputWithContext 

func (i *RoleMapper) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput

type RoleMapperArgs 

type RoleMapperArgs struct {
	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrInput
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringInput
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringInput
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrInput
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrInput
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

The set of arguments for constructing a RoleMapper resource.

func (RoleMapperArgs) ElementType 

func (RoleMapperArgs) ElementType() reflect.Type

type RoleMapperArray 

type RoleMapperArray []RoleMapperInput

func (RoleMapperArray) ElementType 

func (RoleMapperArray) ElementType() reflect.Type

func (RoleMapperArray) ToRoleMapperArrayOutput 

func (i RoleMapperArray) ToRoleMapperArrayOutput() RoleMapperArrayOutput

func (RoleMapperArray) ToRoleMapperArrayOutputWithContext 

func (i RoleMapperArray) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput

type RoleMapperArrayInput 

type RoleMapperArrayInput interface {
	pulumi.Input

	ToRoleMapperArrayOutput() RoleMapperArrayOutput
	ToRoleMapperArrayOutputWithContext(context.Context) RoleMapperArrayOutput
}

RoleMapperArrayInput is an input type that accepts RoleMapperArray and RoleMapperArrayOutput values. You can construct a concrete instance of `RoleMapperArrayInput` via: 

RoleMapperArray{ RoleMapperArgs{...} }

type RoleMapperArrayOutput 

type RoleMapperArrayOutput struct{ *pulumi.OutputState }

func (RoleMapperArrayOutput) ElementType 

func (RoleMapperArrayOutput) ElementType() reflect.Type

func (RoleMapperArrayOutput) Index 

func (o RoleMapperArrayOutput) Index(i pulumi.IntInput) RoleMapperOutput

func (RoleMapperArrayOutput) ToRoleMapperArrayOutput 

func (o RoleMapperArrayOutput) ToRoleMapperArrayOutput() RoleMapperArrayOutput

func (RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext 

func (o RoleMapperArrayOutput) ToRoleMapperArrayOutputWithContext(ctx context.Context) RoleMapperArrayOutput

type RoleMapperInput 

type RoleMapperInput interface {
	pulumi.Input

	ToRoleMapperOutput() RoleMapperOutput
	ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput
}

type RoleMapperMap 

type RoleMapperMap map[string]RoleMapperInput

func (RoleMapperMap) ElementType 

func (RoleMapperMap) ElementType() reflect.Type

func (RoleMapperMap) ToRoleMapperMapOutput 

func (i RoleMapperMap) ToRoleMapperMapOutput() RoleMapperMapOutput

func (RoleMapperMap) ToRoleMapperMapOutputWithContext 

func (i RoleMapperMap) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput

type RoleMapperMapInput 

type RoleMapperMapInput interface {
	pulumi.Input

	ToRoleMapperMapOutput() RoleMapperMapOutput
	ToRoleMapperMapOutputWithContext(context.Context) RoleMapperMapOutput
}

RoleMapperMapInput is an input type that accepts RoleMapperMap and RoleMapperMapOutput values. You can construct a concrete instance of `RoleMapperMapInput` via: 

RoleMapperMap{ "key": RoleMapperArgs{...} }

type RoleMapperMapOutput 

type RoleMapperMapOutput struct{ *pulumi.OutputState }

func (RoleMapperMapOutput) ElementType 

func (RoleMapperMapOutput) ElementType() reflect.Type

func (RoleMapperMapOutput) MapIndex 

func (o RoleMapperMapOutput) MapIndex(k pulumi.StringInput) RoleMapperOutput

func (RoleMapperMapOutput) ToRoleMapperMapOutput 

func (o RoleMapperMapOutput) ToRoleMapperMapOutput() RoleMapperMapOutput

func (RoleMapperMapOutput) ToRoleMapperMapOutputWithContext 

func (o RoleMapperMapOutput) ToRoleMapperMapOutputWithContext(ctx context.Context) RoleMapperMapOutput

type RoleMapperOutput 

type RoleMapperOutput struct{ *pulumi.OutputState }

func (RoleMapperOutput) ClientId 

func (o RoleMapperOutput) ClientId() pulumi.StringPtrOutput

When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.

func (RoleMapperOutput) ElementType 

func (RoleMapperOutput) ElementType() reflect.Type

func (RoleMapperOutput) LdapRolesDn 

func (o RoleMapperOutput) LdapRolesDn() pulumi.StringOutput

The LDAP DN where roles can be found.

func (RoleMapperOutput) LdapUserFederationId 

func (o RoleMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ID of the LDAP user federation provider to attach this mapper to.

func (RoleMapperOutput) MemberofLdapAttribute 

func (o RoleMapperOutput) MemberofLdapAttribute() pulumi.StringPtrOutput

Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when

func (RoleMapperOutput) MembershipAttributeType 

func (o RoleMapperOutput) MembershipAttributeType() pulumi.StringPtrOutput

Can be one of `DN` or `UID`. Defaults to `DN`.

func (RoleMapperOutput) MembershipLdapAttribute 

func (o RoleMapperOutput) MembershipLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used for membership mappings.

func (RoleMapperOutput) MembershipUserLdapAttribute 

func (o RoleMapperOutput) MembershipUserLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute on a user that is used for membership mappings.

func (RoleMapperOutput) Mode 

func (o RoleMapperOutput) Mode() pulumi.StringPtrOutput

Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.

func (RoleMapperOutput) Name 

func (o RoleMapperOutput) Name() pulumi.StringOutput

Display name of this mapper when displayed in the console.

func (RoleMapperOutput) RealmId 

func (o RoleMapperOutput) RealmId() pulumi.StringOutput

The realm that this LDAP mapper will exist in.

func (RoleMapperOutput) RoleNameLdapAttribute 

func (o RoleMapperOutput) RoleNameLdapAttribute() pulumi.StringOutput

The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.

func (RoleMapperOutput) RoleObjectClasses 

func (o RoleMapperOutput) RoleObjectClasses() pulumi.StringArrayOutput

List of strings representing the object classes for the role. Must contain at least one.

func (RoleMapperOutput) RolesLdapFilter 

func (o RoleMapperOutput) RolesLdapFilter() pulumi.StringPtrOutput

When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.

func (RoleMapperOutput) ToRoleMapperOutput 

func (o RoleMapperOutput) ToRoleMapperOutput() RoleMapperOutput

func (RoleMapperOutput) ToRoleMapperOutputWithContext 

func (o RoleMapperOutput) ToRoleMapperOutputWithContext(ctx context.Context) RoleMapperOutput

func (RoleMapperOutput) UseRealmRolesMapping 

func (o RoleMapperOutput) UseRealmRolesMapping() pulumi.BoolPtrOutput

When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.

func (RoleMapperOutput) UserRolesRetrieveStrategy 

func (o RoleMapperOutput) UserRolesRetrieveStrategy() pulumi.StringPtrOutput

Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.

type RoleMapperState 

type RoleMapperState struct {
	// When specified, LDAP role mappings will be mapped to client role mappings tied to this client ID. Can only be set if `useRealmRolesMapping` is `false`.
	ClientId pulumi.StringPtrInput
	// The LDAP DN where roles can be found.
	LdapRolesDn pulumi.StringPtrInput
	// The ID of the LDAP user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Specifies the name of the LDAP attribute on the LDAP user that contains the roles the user has. Defaults to `memberOf`. This is only used when
	MemberofLdapAttribute pulumi.StringPtrInput
	// Can be one of `DN` or `UID`. Defaults to `DN`.
	MembershipAttributeType pulumi.StringPtrInput
	// The name of the LDAP attribute that is used for membership mappings.
	MembershipLdapAttribute pulumi.StringPtrInput
	// The name of the LDAP attribute on a user that is used for membership mappings.
	MembershipUserLdapAttribute pulumi.StringPtrInput
	// Can be one of `READ_ONLY`, `LDAP_ONLY` or `IMPORT`. Defaults to `READ_ONLY`.
	Mode pulumi.StringPtrInput
	// Display name of this mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// The realm that this LDAP mapper will exist in.
	RealmId pulumi.StringPtrInput
	// The name of the LDAP attribute that is used in role objects for the name and RDN of the role. Typically `cn`.
	RoleNameLdapAttribute pulumi.StringPtrInput
	// List of strings representing the object classes for the role. Must contain at least one.
	RoleObjectClasses pulumi.StringArrayInput
	// When specified, adds an additional custom filter to be used when querying for roles. Must start with `(` and end with `)`.
	RolesLdapFilter pulumi.StringPtrInput
	// When `true`, LDAP role mappings will be mapped to realm roles within Keycloak. Defaults to `true`.
	UseRealmRolesMapping pulumi.BoolPtrInput
	// Can be one of `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`.
	UserRolesRetrieveStrategy pulumi.StringPtrInput
}

func (RoleMapperState) ElementType 

func (RoleMapperState) ElementType() reflect.Type

type UserAttributeMapper 

type UserAttributeMapper struct {
	pulumi.CustomResourceState

	// When true, the value fetched from LDAP will override the value stored in Keycloak.
	AlwaysReadValueFromLdap pulumi.BoolPtrOutput `pulumi:"alwaysReadValueFromLdap"`
	// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
	AttributeDefaultValue pulumi.StringPtrOutput `pulumi:"attributeDefaultValue"`
	// Should be true for binary LDAP attributes
	IsBinaryAttribute pulumi.BoolPtrOutput `pulumi:"isBinaryAttribute"`
	// When true, this attribute must exist in LDAP.
	IsMandatoryInLdap pulumi.BoolPtrOutput `pulumi:"isMandatoryInLdap"`
	// Name of the mapped attribute on LDAP object.
	LdapAttribute pulumi.StringOutput `pulumi:"ldapAttribute"`
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringOutput `pulumi:"ldapUserFederationId"`
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
	ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"`
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// Name of the UserModel property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringOutput `pulumi:"userModelAttribute"`
}

## # ldap.UserAttributeMapper

Allows for creating and managing user attribute mappers for Keycloak users federated via LDAP.

The LDAP user attribute mapper can be used to map a single LDAP attribute to an attribute on the Keycloak user model.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Enabled: pulumi.Bool(true),
			Realm:   pulumi.String("test"),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			BindCredential:   pulumi.String("admin"),
			BindDn:           pulumi.String("cn=admin,dc=example,dc=org"),
			ConnectionUrl:    pulumi.String("ldap://openldap"),
			RdnLdapAttribute: pulumi.String("cn"),
			RealmId:          realm.ID(),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			UsernameLdapAttribute: pulumi.String("cn"),
			UsersDn:               pulumi.String("dc=example,dc=org"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewUserAttributeMapper(ctx, "ldapUserAttributeMapper", &ldap.UserAttributeMapperArgs{
			LdapAttribute:        pulumi.String("bar"),
			LdapUserFederationId: ldapUserFederation.ID(),
			RealmId:              realm.ID(),
			UserModelAttribute:   pulumi.String("foo"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this LDAP mapper will exist in. - `ldapUserFederationId` - (Required) The ID of the LDAP user federation provider to attach this mapper to. - `name` - (Required) Display name of this mapper when displayed in the console. - `userModelAttribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into. - `ldapAttribute` - (Required) Name of the mapped attribute on the LDAP object. - `readOnly` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`. - `alwaysReadValueFromLdap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`. - `isMandatoryInLdap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`.

### Import

LDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs:

func GetUserAttributeMapper 

func GetUserAttributeMapper(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAttributeMapperState, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)

GetUserAttributeMapper gets an existing UserAttributeMapper resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAttributeMapper 

func NewUserAttributeMapper(ctx *pulumi.Context,
	name string, args *UserAttributeMapperArgs, opts ...pulumi.ResourceOption) (*UserAttributeMapper, error)

NewUserAttributeMapper registers a new resource with the given unique name, arguments, and options.

func (*UserAttributeMapper) ElementType 

func (*UserAttributeMapper) ElementType() reflect.Type

func (*UserAttributeMapper) ToUserAttributeMapperOutput 

func (i *UserAttributeMapper) ToUserAttributeMapperOutput() UserAttributeMapperOutput

func (*UserAttributeMapper) ToUserAttributeMapperOutputWithContext 

func (i *UserAttributeMapper) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput

type UserAttributeMapperArgs 

type UserAttributeMapperArgs struct {
	// When true, the value fetched from LDAP will override the value stored in Keycloak.
	AlwaysReadValueFromLdap pulumi.BoolPtrInput
	// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
	AttributeDefaultValue pulumi.StringPtrInput
	// Should be true for binary LDAP attributes
	IsBinaryAttribute pulumi.BoolPtrInput
	// When true, this attribute must exist in LDAP.
	IsMandatoryInLdap pulumi.BoolPtrInput
	// Name of the mapped attribute on LDAP object.
	LdapAttribute pulumi.StringInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
	ReadOnly pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringInput
	// Name of the UserModel property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringInput
}

The set of arguments for constructing a UserAttributeMapper resource.

func (UserAttributeMapperArgs) ElementType 

func (UserAttributeMapperArgs) ElementType() reflect.Type

type UserAttributeMapperArray 

type UserAttributeMapperArray []UserAttributeMapperInput

func (UserAttributeMapperArray) ElementType 

func (UserAttributeMapperArray) ElementType() reflect.Type

func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutput 

func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput

func (UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext 

func (i UserAttributeMapperArray) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput

type UserAttributeMapperArrayInput 

type UserAttributeMapperArrayInput interface {
	pulumi.Input

	ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput
	ToUserAttributeMapperArrayOutputWithContext(context.Context) UserAttributeMapperArrayOutput
}

UserAttributeMapperArrayInput is an input type that accepts UserAttributeMapperArray and UserAttributeMapperArrayOutput values. You can construct a concrete instance of `UserAttributeMapperArrayInput` via: 

UserAttributeMapperArray{ UserAttributeMapperArgs{...} }

type UserAttributeMapperArrayOutput 

type UserAttributeMapperArrayOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperArrayOutput) ElementType 

func (UserAttributeMapperArrayOutput) ElementType() reflect.Type

func (UserAttributeMapperArrayOutput) Index 

func (o UserAttributeMapperArrayOutput) Index(i pulumi.IntInput) UserAttributeMapperOutput

func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput 

func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutput() UserAttributeMapperArrayOutput

func (UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext 

func (o UserAttributeMapperArrayOutput) ToUserAttributeMapperArrayOutputWithContext(ctx context.Context) UserAttributeMapperArrayOutput

type UserAttributeMapperInput 

type UserAttributeMapperInput interface {
	pulumi.Input

	ToUserAttributeMapperOutput() UserAttributeMapperOutput
	ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput
}

type UserAttributeMapperMap 

type UserAttributeMapperMap map[string]UserAttributeMapperInput

func (UserAttributeMapperMap) ElementType 

func (UserAttributeMapperMap) ElementType() reflect.Type

func (UserAttributeMapperMap) ToUserAttributeMapperMapOutput 

func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput

func (UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext 

func (i UserAttributeMapperMap) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput

type UserAttributeMapperMapInput 

type UserAttributeMapperMapInput interface {
	pulumi.Input

	ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput
	ToUserAttributeMapperMapOutputWithContext(context.Context) UserAttributeMapperMapOutput
}

UserAttributeMapperMapInput is an input type that accepts UserAttributeMapperMap and UserAttributeMapperMapOutput values. You can construct a concrete instance of `UserAttributeMapperMapInput` via: 

UserAttributeMapperMap{ "key": UserAttributeMapperArgs{...} }

type UserAttributeMapperMapOutput 

type UserAttributeMapperMapOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperMapOutput) ElementType 

func (UserAttributeMapperMapOutput) ElementType() reflect.Type

func (UserAttributeMapperMapOutput) MapIndex 

func (o UserAttributeMapperMapOutput) MapIndex(k pulumi.StringInput) UserAttributeMapperOutput

func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput 

func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutput() UserAttributeMapperMapOutput

func (UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext 

func (o UserAttributeMapperMapOutput) ToUserAttributeMapperMapOutputWithContext(ctx context.Context) UserAttributeMapperMapOutput

type UserAttributeMapperOutput 

type UserAttributeMapperOutput struct{ *pulumi.OutputState }

func (UserAttributeMapperOutput) AlwaysReadValueFromLdap 

func (o UserAttributeMapperOutput) AlwaysReadValueFromLdap() pulumi.BoolPtrOutput

When true, the value fetched from LDAP will override the value stored in Keycloak.

func (UserAttributeMapperOutput) AttributeDefaultValue 

func (o UserAttributeMapperOutput) AttributeDefaultValue() pulumi.StringPtrOutput

Default value to set in LDAP if is_mandatory_in_ldap and the value is empty

func (UserAttributeMapperOutput) ElementType 

func (UserAttributeMapperOutput) ElementType() reflect.Type

func (UserAttributeMapperOutput) IsBinaryAttribute 

func (o UserAttributeMapperOutput) IsBinaryAttribute() pulumi.BoolPtrOutput

Should be true for binary LDAP attributes

func (UserAttributeMapperOutput) IsMandatoryInLdap 

func (o UserAttributeMapperOutput) IsMandatoryInLdap() pulumi.BoolPtrOutput

When true, this attribute must exist in LDAP.

func (UserAttributeMapperOutput) LdapAttribute 

func (o UserAttributeMapperOutput) LdapAttribute() pulumi.StringOutput

Name of the mapped attribute on LDAP object.

func (UserAttributeMapperOutput) LdapUserFederationId 

func (o UserAttributeMapperOutput) LdapUserFederationId() pulumi.StringOutput

The ldap user federation provider to attach this mapper to.

func (UserAttributeMapperOutput) Name 

func (o UserAttributeMapperOutput) Name() pulumi.StringOutput

Display name of the mapper when displayed in the console.

func (UserAttributeMapperOutput) ReadOnly 

func (o UserAttributeMapperOutput) ReadOnly() pulumi.BoolPtrOutput

When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.

func (UserAttributeMapperOutput) RealmId 

func (o UserAttributeMapperOutput) RealmId() pulumi.StringOutput

The realm in which the ldap user federation provider exists.

func (UserAttributeMapperOutput) ToUserAttributeMapperOutput 

func (o UserAttributeMapperOutput) ToUserAttributeMapperOutput() UserAttributeMapperOutput

func (UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext 

func (o UserAttributeMapperOutput) ToUserAttributeMapperOutputWithContext(ctx context.Context) UserAttributeMapperOutput

func (UserAttributeMapperOutput) UserModelAttribute 

func (o UserAttributeMapperOutput) UserModelAttribute() pulumi.StringOutput

Name of the UserModel property or attribute you want to map the LDAP attribute into.

type UserAttributeMapperState 

type UserAttributeMapperState struct {
	// When true, the value fetched from LDAP will override the value stored in Keycloak.
	AlwaysReadValueFromLdap pulumi.BoolPtrInput
	// Default value to set in LDAP if is_mandatory_in_ldap and the value is empty
	AttributeDefaultValue pulumi.StringPtrInput
	// Should be true for binary LDAP attributes
	IsBinaryAttribute pulumi.BoolPtrInput
	// When true, this attribute must exist in LDAP.
	IsMandatoryInLdap pulumi.BoolPtrInput
	// Name of the mapped attribute on LDAP object.
	LdapAttribute pulumi.StringPtrInput
	// The ldap user federation provider to attach this mapper to.
	LdapUserFederationId pulumi.StringPtrInput
	// Display name of the mapper when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak.
	ReadOnly pulumi.BoolPtrInput
	// The realm in which the ldap user federation provider exists.
	RealmId pulumi.StringPtrInput
	// Name of the UserModel property or attribute you want to map the LDAP attribute into.
	UserModelAttribute pulumi.StringPtrInput
}

func (UserAttributeMapperState) ElementType 

func (UserAttributeMapperState) ElementType() reflect.Type

type UserFederation 

type UserFederation struct {
	pulumi.CustomResourceState

	// The number of users to sync within a single transaction.
	BatchSizeForSync pulumi.IntPtrOutput `pulumi:"batchSizeForSync"`
	// Password of LDAP admin.
	BindCredential pulumi.StringPtrOutput `pulumi:"bindCredential"`
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server.
	BindDn pulumi.StringPtrOutput `pulumi:"bindDn"`
	// Settings regarding cache policy for this realm.
	Cache UserFederationCachePtrOutput `pulumi:"cache"`
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users
	// sync.
	ChangedSyncPeriod pulumi.IntPtrOutput `pulumi:"changedSyncPeriod"`
	// LDAP connection timeout (duration string)
	ConnectionTimeout pulumi.StringPtrOutput `pulumi:"connectionTimeout"`
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringOutput `pulumi:"connectionUrl"`
	// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.
	CustomUserSearchFilter pulumi.StringPtrOutput `pulumi:"customUserSearchFilter"`
	// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP
	// user federation provider.
	DeleteDefaultMappers pulumi.BoolPtrOutput `pulumi:"deleteDefaultMappers"`
	// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.
	EditMode pulumi.StringPtrOutput `pulumi:"editMode"`
	// When false, this provider will not be used when performing queries for users.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrOutput `pulumi:"fullSyncPeriod"`
	// When true, LDAP users will be imported into the Keycloak database.
	ImportEnabled pulumi.BoolPtrOutput `pulumi:"importEnabled"`
	// Settings regarding kerberos authentication for this realm.
	Kerberos UserFederationKerberosPtrOutput `pulumi:"kerberos"`
	// Display name of the provider when displayed in the console.
	Name pulumi.StringOutput `pulumi:"name"`
	// When true, Keycloak assumes the LDAP server supports pagination.
	Pagination pulumi.BoolPtrOutput `pulumi:"pagination"`
	// Priority of this provider when looking up users. Lower values are first.
	Priority pulumi.IntPtrOutput `pulumi:"priority"`
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringOutput `pulumi:"rdnLdapAttribute"`
	// LDAP read timeout (duration string)
	ReadTimeout pulumi.StringPtrOutput `pulumi:"readTimeout"`
	// The realm this provider will provide user federation for.
	RealmId pulumi.StringOutput `pulumi:"realmId"`
	// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.
	SearchScope pulumi.StringPtrOutput `pulumi:"searchScope"`
	// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrOutput `pulumi:"startTls"`
	// When true, newly created users will be synced back to LDAP.
	SyncRegistrations pulumi.BoolPtrOutput `pulumi:"syncRegistrations"`
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrOutput   `pulumi:"usePasswordModifyExtendedOp"`
	UseTruststoreSpi            pulumi.StringPtrOutput `pulumi:"useTruststoreSpi"`
	// All values of LDAP objectClass attribute for users in LDAP.
	UserObjectClasses pulumi.StringArrayOutput `pulumi:"userObjectClasses"`
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringOutput `pulumi:"usernameLdapAttribute"`
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringOutput `pulumi:"usersDn"`
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringOutput `pulumi:"uuidLdapAttribute"`
	// When true, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrOutput `pulumi:"validatePasswordPolicy"`
	// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.
	Vendor pulumi.StringPtrOutput `pulumi:"vendor"`
}

## # ldap.UserFederation

Allows for creating and managing LDAP user federation providers within Keycloak.

Keycloak can use an LDAP user federation provider to federate users to Keycloak from a directory system such as LDAP or Active Directory. Federated users will exist within the realm and will be able to log in to clients. Federated users can have their attributes defined using mappers.

### Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Enabled: pulumi.Bool(true),
			Realm:   pulumi.String("test"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			BindCredential:    pulumi.String("admin"),
			BindDn:            pulumi.String("cn=admin,dc=example,dc=org"),
			ConnectionTimeout: pulumi.String("5s"),
			ConnectionUrl:     pulumi.String("ldap://openldap"),
			Enabled:           pulumi.Bool(true),
			RdnLdapAttribute:  pulumi.String("cn"),
			ReadTimeout:       pulumi.String("10s"),
			RealmId:           realm.ID(),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			UsernameLdapAttribute: pulumi.String("cn"),
			UsersDn:               pulumi.String("dc=example,dc=org"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Argument Reference

The following arguments are supported:

- `realmId` - (Required) The realm that this provider will provide user federation for. - `name` - (Required) Display name of the provider when displayed in the console. - `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`. - `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`. - `importEnabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`. - `editMode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`. - `syncRegistrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`. - `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`. - `usernameLdapAttribute` - (Required) Name of the LDAP attribute to use as the Keycloak username. - `rdnLdapAttribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name. - `uuidLdapAttribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP. - `userObjectClasses` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one. - `connectionUrl` - (Required) Connection URL to the LDAP server. - `usersDn` - (Required) Full DN of LDAP tree where your users are. - `bindDn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bindCredential` is set. - `bindCredential` - (Optional) Password of LDAP admin. This attribute must be set if `bindDn` is set. - `customUserSearchFilter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`. - `searchScope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`:

  • `ONE_LEVEL`: Only search for users in the DN specified by `userDn`.
  • `SUBTREE`: Search entire LDAP subtree.

- `validatePasswordPolicy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it. - `useTruststoreSpi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:

  • `ALWAYS` - Always use the truststore SPI for LDAP connections.
  • `NEVER` - Never use the truststore SPI for LDAP connections.
  • `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.

- `connectionTimeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - `readTimeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String). - `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`. - `batchSizeForSync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`. - `fullSyncPeriod` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync. - `changedSyncPeriod` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. - `cachePolicy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.

### Import

LDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`. The ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:

func GetUserFederation 

func GetUserFederation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserFederationState, opts ...pulumi.ResourceOption) (*UserFederation, error)

GetUserFederation gets an existing UserFederation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserFederation 

func NewUserFederation(ctx *pulumi.Context,
	name string, args *UserFederationArgs, opts ...pulumi.ResourceOption) (*UserFederation, error)

NewUserFederation registers a new resource with the given unique name, arguments, and options.

func (*UserFederation) ElementType 

func (*UserFederation) ElementType() reflect.Type

func (*UserFederation) ToUserFederationOutput 

func (i *UserFederation) ToUserFederationOutput() UserFederationOutput

func (*UserFederation) ToUserFederationOutputWithContext 

func (i *UserFederation) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput

type UserFederationArgs 

type UserFederationArgs struct {
	// The number of users to sync within a single transaction.
	BatchSizeForSync pulumi.IntPtrInput
	// Password of LDAP admin.
	BindCredential pulumi.StringPtrInput
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server.
	BindDn pulumi.StringPtrInput
	// Settings regarding cache policy for this realm.
	Cache UserFederationCachePtrInput
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users
	// sync.
	ChangedSyncPeriod pulumi.IntPtrInput
	// LDAP connection timeout (duration string)
	ConnectionTimeout pulumi.StringPtrInput
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringInput
	// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.
	CustomUserSearchFilter pulumi.StringPtrInput
	// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP
	// user federation provider.
	DeleteDefaultMappers pulumi.BoolPtrInput
	// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.
	EditMode pulumi.StringPtrInput
	// When false, this provider will not be used when performing queries for users.
	Enabled pulumi.BoolPtrInput
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrInput
	// When true, LDAP users will be imported into the Keycloak database.
	ImportEnabled pulumi.BoolPtrInput
	// Settings regarding kerberos authentication for this realm.
	Kerberos UserFederationKerberosPtrInput
	// Display name of the provider when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, Keycloak assumes the LDAP server supports pagination.
	Pagination pulumi.BoolPtrInput
	// Priority of this provider when looking up users. Lower values are first.
	Priority pulumi.IntPtrInput
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringInput
	// LDAP read timeout (duration string)
	ReadTimeout pulumi.StringPtrInput
	// The realm this provider will provide user federation for.
	RealmId pulumi.StringInput
	// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.
	SearchScope pulumi.StringPtrInput
	// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrInput
	// When true, newly created users will be synced back to LDAP.
	SyncRegistrations pulumi.BoolPtrInput
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrInput
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrInput
	UseTruststoreSpi            pulumi.StringPtrInput
	// All values of LDAP objectClass attribute for users in LDAP.
	UserObjectClasses pulumi.StringArrayInput
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringInput
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringInput
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringInput
	// When true, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrInput
	// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.
	Vendor pulumi.StringPtrInput
}

The set of arguments for constructing a UserFederation resource.

func (UserFederationArgs) ElementType 

func (UserFederationArgs) ElementType() reflect.Type

type UserFederationArray 

type UserFederationArray []UserFederationInput

func (UserFederationArray) ElementType 

func (UserFederationArray) ElementType() reflect.Type

func (UserFederationArray) ToUserFederationArrayOutput 

func (i UserFederationArray) ToUserFederationArrayOutput() UserFederationArrayOutput

func (UserFederationArray) ToUserFederationArrayOutputWithContext 

func (i UserFederationArray) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput

type UserFederationArrayInput 

type UserFederationArrayInput interface {
	pulumi.Input

	ToUserFederationArrayOutput() UserFederationArrayOutput
	ToUserFederationArrayOutputWithContext(context.Context) UserFederationArrayOutput
}

UserFederationArrayInput is an input type that accepts UserFederationArray and UserFederationArrayOutput values. You can construct a concrete instance of `UserFederationArrayInput` via: 

UserFederationArray{ UserFederationArgs{...} }

type UserFederationArrayOutput 

type UserFederationArrayOutput struct{ *pulumi.OutputState }

func (UserFederationArrayOutput) ElementType 

func (UserFederationArrayOutput) ElementType() reflect.Type

func (UserFederationArrayOutput) Index 

func (o UserFederationArrayOutput) Index(i pulumi.IntInput) UserFederationOutput

func (UserFederationArrayOutput) ToUserFederationArrayOutput 

func (o UserFederationArrayOutput) ToUserFederationArrayOutput() UserFederationArrayOutput

func (UserFederationArrayOutput) ToUserFederationArrayOutputWithContext 

func (o UserFederationArrayOutput) ToUserFederationArrayOutputWithContext(ctx context.Context) UserFederationArrayOutput

type UserFederationCache 

type UserFederationCache struct {
	// Day of the week the entry will become invalid on.
	EvictionDay *int `pulumi:"evictionDay"`
	// Hour of day the entry will become invalid on.
	EvictionHour *int `pulumi:"evictionHour"`
	// Minute of day the entry will become invalid on.
	EvictionMinute *int `pulumi:"evictionMinute"`
	// Max lifespan of cache entry (duration string).
	MaxLifespan *string `pulumi:"maxLifespan"`
	Policy      *string `pulumi:"policy"`
}

type UserFederationCacheArgs 

type UserFederationCacheArgs struct {
	// Day of the week the entry will become invalid on.
	EvictionDay pulumi.IntPtrInput `pulumi:"evictionDay"`
	// Hour of day the entry will become invalid on.
	EvictionHour pulumi.IntPtrInput `pulumi:"evictionHour"`
	// Minute of day the entry will become invalid on.
	EvictionMinute pulumi.IntPtrInput `pulumi:"evictionMinute"`
	// Max lifespan of cache entry (duration string).
	MaxLifespan pulumi.StringPtrInput `pulumi:"maxLifespan"`
	Policy      pulumi.StringPtrInput `pulumi:"policy"`
}

func (UserFederationCacheArgs) ElementType 

func (UserFederationCacheArgs) ElementType() reflect.Type

func (UserFederationCacheArgs) ToUserFederationCacheOutput 

func (i UserFederationCacheArgs) ToUserFederationCacheOutput() UserFederationCacheOutput

func (UserFederationCacheArgs) ToUserFederationCacheOutputWithContext 

func (i UserFederationCacheArgs) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput

func (UserFederationCacheArgs) ToUserFederationCachePtrOutput 

func (i UserFederationCacheArgs) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext 

func (i UserFederationCacheArgs) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationCacheInput 

type UserFederationCacheInput interface {
	pulumi.Input

	ToUserFederationCacheOutput() UserFederationCacheOutput
	ToUserFederationCacheOutputWithContext(context.Context) UserFederationCacheOutput
}

UserFederationCacheInput is an input type that accepts UserFederationCacheArgs and UserFederationCacheOutput values. You can construct a concrete instance of `UserFederationCacheInput` via: 

UserFederationCacheArgs{...}

type UserFederationCacheOutput 

type UserFederationCacheOutput struct{ *pulumi.OutputState }

func (UserFederationCacheOutput) ElementType 

func (UserFederationCacheOutput) ElementType() reflect.Type

func (UserFederationCacheOutput) EvictionDay 

func (o UserFederationCacheOutput) EvictionDay() pulumi.IntPtrOutput

Day of the week the entry will become invalid on.

func (UserFederationCacheOutput) EvictionHour 

func (o UserFederationCacheOutput) EvictionHour() pulumi.IntPtrOutput

Hour of day the entry will become invalid on.

func (UserFederationCacheOutput) EvictionMinute 

func (o UserFederationCacheOutput) EvictionMinute() pulumi.IntPtrOutput

Minute of day the entry will become invalid on.

func (UserFederationCacheOutput) MaxLifespan 

func (o UserFederationCacheOutput) MaxLifespan() pulumi.StringPtrOutput

Max lifespan of cache entry (duration string).

func (UserFederationCacheOutput) Policy 

func (o UserFederationCacheOutput) Policy() pulumi.StringPtrOutput

func (UserFederationCacheOutput) ToUserFederationCacheOutput 

func (o UserFederationCacheOutput) ToUserFederationCacheOutput() UserFederationCacheOutput

func (UserFederationCacheOutput) ToUserFederationCacheOutputWithContext 

func (o UserFederationCacheOutput) ToUserFederationCacheOutputWithContext(ctx context.Context) UserFederationCacheOutput

func (UserFederationCacheOutput) ToUserFederationCachePtrOutput 

func (o UserFederationCacheOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext 

func (o UserFederationCacheOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationCachePtrInput 

type UserFederationCachePtrInput interface {
	pulumi.Input

	ToUserFederationCachePtrOutput() UserFederationCachePtrOutput
	ToUserFederationCachePtrOutputWithContext(context.Context) UserFederationCachePtrOutput
}

UserFederationCachePtrInput is an input type that accepts UserFederationCacheArgs, UserFederationCachePtr and UserFederationCachePtrOutput values. You can construct a concrete instance of `UserFederationCachePtrInput` via: 

        UserFederationCacheArgs{...}

or:

        nil

func UserFederationCachePtr 

func UserFederationCachePtr(v *UserFederationCacheArgs) UserFederationCachePtrInput

type UserFederationCachePtrOutput 

type UserFederationCachePtrOutput struct{ *pulumi.OutputState }

func (UserFederationCachePtrOutput) Elem 

func (o UserFederationCachePtrOutput) Elem() UserFederationCacheOutput

func (UserFederationCachePtrOutput) ElementType 

func (UserFederationCachePtrOutput) ElementType() reflect.Type

func (UserFederationCachePtrOutput) EvictionDay 

func (o UserFederationCachePtrOutput) EvictionDay() pulumi.IntPtrOutput

Day of the week the entry will become invalid on.

func (UserFederationCachePtrOutput) EvictionHour 

func (o UserFederationCachePtrOutput) EvictionHour() pulumi.IntPtrOutput

Hour of day the entry will become invalid on.

func (UserFederationCachePtrOutput) EvictionMinute 

func (o UserFederationCachePtrOutput) EvictionMinute() pulumi.IntPtrOutput

Minute of day the entry will become invalid on.

func (UserFederationCachePtrOutput) MaxLifespan 

func (o UserFederationCachePtrOutput) MaxLifespan() pulumi.StringPtrOutput

Max lifespan of cache entry (duration string).

func (UserFederationCachePtrOutput) Policy 

func (o UserFederationCachePtrOutput) Policy() pulumi.StringPtrOutput

func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutput 

func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutput() UserFederationCachePtrOutput

func (UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext 

func (o UserFederationCachePtrOutput) ToUserFederationCachePtrOutputWithContext(ctx context.Context) UserFederationCachePtrOutput

type UserFederationInput 

type UserFederationInput interface {
	pulumi.Input

	ToUserFederationOutput() UserFederationOutput
	ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput
}

type UserFederationKerberos 

type UserFederationKerberos struct {
	// The name of the kerberos realm, e.g. FOO.LOCAL
	KerberosRealm string `pulumi:"kerberosRealm"`
	// Path to the kerberos keytab file on the server with credentials of the service principal.
	KeyTab string `pulumi:"keyTab"`
	// The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
	ServerPrincipal string `pulumi:"serverPrincipal"`
	// Use kerberos login module instead of ldap service api. Defaults to `false`.
	UseKerberosForPasswordAuthentication *bool `pulumi:"useKerberosForPasswordAuthentication"`
}

type UserFederationKerberosArgs 

type UserFederationKerberosArgs struct {
	// The name of the kerberos realm, e.g. FOO.LOCAL
	KerberosRealm pulumi.StringInput `pulumi:"kerberosRealm"`
	// Path to the kerberos keytab file on the server with credentials of the service principal.
	KeyTab pulumi.StringInput `pulumi:"keyTab"`
	// The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.
	ServerPrincipal pulumi.StringInput `pulumi:"serverPrincipal"`
	// Use kerberos login module instead of ldap service api. Defaults to `false`.
	UseKerberosForPasswordAuthentication pulumi.BoolPtrInput `pulumi:"useKerberosForPasswordAuthentication"`
}

func (UserFederationKerberosArgs) ElementType 

func (UserFederationKerberosArgs) ElementType() reflect.Type

func (UserFederationKerberosArgs) ToUserFederationKerberosOutput 

func (i UserFederationKerberosArgs) ToUserFederationKerberosOutput() UserFederationKerberosOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext 

func (i UserFederationKerberosArgs) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput 

func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext 

func (i UserFederationKerberosArgs) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

type UserFederationKerberosInput 

type UserFederationKerberosInput interface {
	pulumi.Input

	ToUserFederationKerberosOutput() UserFederationKerberosOutput
	ToUserFederationKerberosOutputWithContext(context.Context) UserFederationKerberosOutput
}

UserFederationKerberosInput is an input type that accepts UserFederationKerberosArgs and UserFederationKerberosOutput values. You can construct a concrete instance of `UserFederationKerberosInput` via: 

UserFederationKerberosArgs{...}

type UserFederationKerberosOutput 

type UserFederationKerberosOutput struct{ *pulumi.OutputState }

func (UserFederationKerberosOutput) ElementType 

func (UserFederationKerberosOutput) ElementType() reflect.Type

func (UserFederationKerberosOutput) KerberosRealm 

func (o UserFederationKerberosOutput) KerberosRealm() pulumi.StringOutput

The name of the kerberos realm, e.g. FOO.LOCAL

func (UserFederationKerberosOutput) KeyTab 

func (o UserFederationKerberosOutput) KeyTab() pulumi.StringOutput

Path to the kerberos keytab file on the server with credentials of the service principal.

func (UserFederationKerberosOutput) ServerPrincipal 

func (o UserFederationKerberosOutput) ServerPrincipal() pulumi.StringOutput

The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.

func (UserFederationKerberosOutput) ToUserFederationKerberosOutput 

func (o UserFederationKerberosOutput) ToUserFederationKerberosOutput() UserFederationKerberosOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext 

func (o UserFederationKerberosOutput) ToUserFederationKerberosOutputWithContext(ctx context.Context) UserFederationKerberosOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput 

func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext 

func (o UserFederationKerberosOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

func (UserFederationKerberosOutput) UseKerberosForPasswordAuthentication 

func (o UserFederationKerberosOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput

Use kerberos login module instead of ldap service api. Defaults to `false`.

type UserFederationKerberosPtrInput 

type UserFederationKerberosPtrInput interface {
	pulumi.Input

	ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput
	ToUserFederationKerberosPtrOutputWithContext(context.Context) UserFederationKerberosPtrOutput
}

UserFederationKerberosPtrInput is an input type that accepts UserFederationKerberosArgs, UserFederationKerberosPtr and UserFederationKerberosPtrOutput values. You can construct a concrete instance of `UserFederationKerberosPtrInput` via: 

        UserFederationKerberosArgs{...}

or:

        nil

func UserFederationKerberosPtr 

func UserFederationKerberosPtr(v *UserFederationKerberosArgs) UserFederationKerberosPtrInput

type UserFederationKerberosPtrOutput 

type UserFederationKerberosPtrOutput struct{ *pulumi.OutputState }

func (UserFederationKerberosPtrOutput) Elem 

func (o UserFederationKerberosPtrOutput) Elem() UserFederationKerberosOutput

func (UserFederationKerberosPtrOutput) ElementType 

func (UserFederationKerberosPtrOutput) ElementType() reflect.Type

func (UserFederationKerberosPtrOutput) KerberosRealm 

func (o UserFederationKerberosPtrOutput) KerberosRealm() pulumi.StringPtrOutput

The name of the kerberos realm, e.g. FOO.LOCAL

func (UserFederationKerberosPtrOutput) KeyTab 

func (o UserFederationKerberosPtrOutput) KeyTab() pulumi.StringPtrOutput

Path to the kerberos keytab file on the server with credentials of the service principal.

func (UserFederationKerberosPtrOutput) ServerPrincipal 

func (o UserFederationKerberosPtrOutput) ServerPrincipal() pulumi.StringPtrOutput

The kerberos server principal, e.g. 'HTTP/host.foo.com@FOO.LOCAL'.

func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput 

func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutput() UserFederationKerberosPtrOutput

func (UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext 

func (o UserFederationKerberosPtrOutput) ToUserFederationKerberosPtrOutputWithContext(ctx context.Context) UserFederationKerberosPtrOutput

func (UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication 

func (o UserFederationKerberosPtrOutput) UseKerberosForPasswordAuthentication() pulumi.BoolPtrOutput

Use kerberos login module instead of ldap service api. Defaults to `false`.

type UserFederationMap 

type UserFederationMap map[string]UserFederationInput

func (UserFederationMap) ElementType 

func (UserFederationMap) ElementType() reflect.Type

func (UserFederationMap) ToUserFederationMapOutput 

func (i UserFederationMap) ToUserFederationMapOutput() UserFederationMapOutput

func (UserFederationMap) ToUserFederationMapOutputWithContext 

func (i UserFederationMap) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput

type UserFederationMapInput 

type UserFederationMapInput interface {
	pulumi.Input

	ToUserFederationMapOutput() UserFederationMapOutput
	ToUserFederationMapOutputWithContext(context.Context) UserFederationMapOutput
}

UserFederationMapInput is an input type that accepts UserFederationMap and UserFederationMapOutput values. You can construct a concrete instance of `UserFederationMapInput` via: 

UserFederationMap{ "key": UserFederationArgs{...} }

type UserFederationMapOutput 

type UserFederationMapOutput struct{ *pulumi.OutputState }

func (UserFederationMapOutput) ElementType 

func (UserFederationMapOutput) ElementType() reflect.Type

func (UserFederationMapOutput) MapIndex 

func (o UserFederationMapOutput) MapIndex(k pulumi.StringInput) UserFederationOutput

func (UserFederationMapOutput) ToUserFederationMapOutput 

func (o UserFederationMapOutput) ToUserFederationMapOutput() UserFederationMapOutput

func (UserFederationMapOutput) ToUserFederationMapOutputWithContext 

func (o UserFederationMapOutput) ToUserFederationMapOutputWithContext(ctx context.Context) UserFederationMapOutput

type UserFederationOutput 

type UserFederationOutput struct{ *pulumi.OutputState }

func (UserFederationOutput) BatchSizeForSync 

func (o UserFederationOutput) BatchSizeForSync() pulumi.IntPtrOutput

The number of users to sync within a single transaction.

func (UserFederationOutput) BindCredential 

func (o UserFederationOutput) BindCredential() pulumi.StringPtrOutput

Password of LDAP admin.

func (UserFederationOutput) BindDn 

func (o UserFederationOutput) BindDn() pulumi.StringPtrOutput

DN of LDAP admin, which will be used by Keycloak to access LDAP server.

func (UserFederationOutput) Cache 

func (o UserFederationOutput) Cache() UserFederationCachePtrOutput

Settings regarding cache policy for this realm.

func (UserFederationOutput) ChangedSyncPeriod 

func (o UserFederationOutput) ChangedSyncPeriod() pulumi.IntPtrOutput

How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.

func (UserFederationOutput) ConnectionTimeout 

func (o UserFederationOutput) ConnectionTimeout() pulumi.StringPtrOutput

LDAP connection timeout (duration string)

func (UserFederationOutput) ConnectionUrl 

func (o UserFederationOutput) ConnectionUrl() pulumi.StringOutput

Connection URL to the LDAP server.

func (UserFederationOutput) CustomUserSearchFilter 

func (o UserFederationOutput) CustomUserSearchFilter() pulumi.StringPtrOutput

Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.

func (UserFederationOutput) DeleteDefaultMappers 

func (o UserFederationOutput) DeleteDefaultMappers() pulumi.BoolPtrOutput

When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider.

func (UserFederationOutput) EditMode 

func (o UserFederationOutput) EditMode() pulumi.StringPtrOutput

READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.

func (UserFederationOutput) ElementType 

func (UserFederationOutput) ElementType() reflect.Type

func (UserFederationOutput) Enabled 

func (o UserFederationOutput) Enabled() pulumi.BoolPtrOutput

When false, this provider will not be used when performing queries for users.

func (UserFederationOutput) FullSyncPeriod 

func (o UserFederationOutput) FullSyncPeriod() pulumi.IntPtrOutput

How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.

func (UserFederationOutput) ImportEnabled 

func (o UserFederationOutput) ImportEnabled() pulumi.BoolPtrOutput

When true, LDAP users will be imported into the Keycloak database.

func (UserFederationOutput) Kerberos 

func (o UserFederationOutput) Kerberos() UserFederationKerberosPtrOutput

Settings regarding kerberos authentication for this realm.

func (UserFederationOutput) Name 

func (o UserFederationOutput) Name() pulumi.StringOutput

Display name of the provider when displayed in the console.

func (UserFederationOutput) Pagination 

func (o UserFederationOutput) Pagination() pulumi.BoolPtrOutput

When true, Keycloak assumes the LDAP server supports pagination.

func (UserFederationOutput) Priority 

func (o UserFederationOutput) Priority() pulumi.IntPtrOutput

Priority of this provider when looking up users. Lower values are first.

func (UserFederationOutput) RdnLdapAttribute 

func (o UserFederationOutput) RdnLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as the relative distinguished name.

func (UserFederationOutput) ReadTimeout 

func (o UserFederationOutput) ReadTimeout() pulumi.StringPtrOutput

LDAP read timeout (duration string)

func (UserFederationOutput) RealmId 

func (o UserFederationOutput) RealmId() pulumi.StringOutput

The realm this provider will provide user federation for.

func (UserFederationOutput) SearchScope 

func (o UserFederationOutput) SearchScope() pulumi.StringPtrOutput

ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.

func (UserFederationOutput) StartTls 

func (o UserFederationOutput) StartTls() pulumi.BoolPtrOutput

When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.

func (UserFederationOutput) SyncRegistrations 

func (o UserFederationOutput) SyncRegistrations() pulumi.BoolPtrOutput

When true, newly created users will be synced back to LDAP.

func (UserFederationOutput) ToUserFederationOutput 

func (o UserFederationOutput) ToUserFederationOutput() UserFederationOutput

func (UserFederationOutput) ToUserFederationOutputWithContext 

func (o UserFederationOutput) ToUserFederationOutputWithContext(ctx context.Context) UserFederationOutput

func (UserFederationOutput) TrustEmail 

func (o UserFederationOutput) TrustEmail() pulumi.BoolPtrOutput

If enabled, email provided by this provider is not verified even if verification is enabled for the realm.

func (UserFederationOutput) UsePasswordModifyExtendedOp 

func (o UserFederationOutput) UsePasswordModifyExtendedOp() pulumi.BoolPtrOutput

When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).

func (UserFederationOutput) UseTruststoreSpi 

func (o UserFederationOutput) UseTruststoreSpi() pulumi.StringPtrOutput

func (UserFederationOutput) UserObjectClasses 

func (o UserFederationOutput) UserObjectClasses() pulumi.StringArrayOutput

All values of LDAP objectClass attribute for users in LDAP.

func (UserFederationOutput) UsernameLdapAttribute 

func (o UserFederationOutput) UsernameLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as the Keycloak username.

func (UserFederationOutput) UsersDn 

func (o UserFederationOutput) UsersDn() pulumi.StringOutput

Full DN of LDAP tree where your users are.

func (UserFederationOutput) UuidLdapAttribute 

func (o UserFederationOutput) UuidLdapAttribute() pulumi.StringOutput

Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.

func (UserFederationOutput) ValidatePasswordPolicy 

func (o UserFederationOutput) ValidatePasswordPolicy() pulumi.BoolPtrOutput

When true, Keycloak will validate passwords using the realm policy before updating it.

func (UserFederationOutput) Vendor 

func (o UserFederationOutput) Vendor() pulumi.StringPtrOutput

LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.

type UserFederationState 

type UserFederationState struct {
	// The number of users to sync within a single transaction.
	BatchSizeForSync pulumi.IntPtrInput
	// Password of LDAP admin.
	BindCredential pulumi.StringPtrInput
	// DN of LDAP admin, which will be used by Keycloak to access LDAP server.
	BindDn pulumi.StringPtrInput
	// Settings regarding cache policy for this realm.
	Cache UserFederationCachePtrInput
	// How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users
	// sync.
	ChangedSyncPeriod pulumi.IntPtrInput
	// LDAP connection timeout (duration string)
	ConnectionTimeout pulumi.StringPtrInput
	// Connection URL to the LDAP server.
	ConnectionUrl pulumi.StringPtrInput
	// Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'.
	CustomUserSearchFilter pulumi.StringPtrInput
	// When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP
	// user federation provider.
	DeleteDefaultMappers pulumi.BoolPtrInput
	// READ_ONLY and WRITABLE are self-explanatory. UNSYNCED allows user data to be imported but not synced back to LDAP.
	EditMode pulumi.StringPtrInput
	// When false, this provider will not be used when performing queries for users.
	Enabled pulumi.BoolPtrInput
	// How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.
	FullSyncPeriod pulumi.IntPtrInput
	// When true, LDAP users will be imported into the Keycloak database.
	ImportEnabled pulumi.BoolPtrInput
	// Settings regarding kerberos authentication for this realm.
	Kerberos UserFederationKerberosPtrInput
	// Display name of the provider when displayed in the console.
	Name pulumi.StringPtrInput
	// When true, Keycloak assumes the LDAP server supports pagination.
	Pagination pulumi.BoolPtrInput
	// Priority of this provider when looking up users. Lower values are first.
	Priority pulumi.IntPtrInput
	// Name of the LDAP attribute to use as the relative distinguished name.
	RdnLdapAttribute pulumi.StringPtrInput
	// LDAP read timeout (duration string)
	ReadTimeout pulumi.StringPtrInput
	// The realm this provider will provide user federation for.
	RealmId pulumi.StringPtrInput
	// ONE_LEVEL: only search for users in the DN specified by user_dn. SUBTREE: search entire LDAP subtree.
	SearchScope pulumi.StringPtrInput
	// When true, Keycloak will encrypt the connection to LDAP using STARTTLS, which will disable connection pooling.
	StartTls pulumi.BoolPtrInput
	// When true, newly created users will be synced back to LDAP.
	SyncRegistrations pulumi.BoolPtrInput
	// If enabled, email provided by this provider is not verified even if verification is enabled for the realm.
	TrustEmail pulumi.BoolPtrInput
	// When `true`, use the LDAPv3 Password Modify Extended Operation (RFC-3062).
	UsePasswordModifyExtendedOp pulumi.BoolPtrInput
	UseTruststoreSpi            pulumi.StringPtrInput
	// All values of LDAP objectClass attribute for users in LDAP.
	UserObjectClasses pulumi.StringArrayInput
	// Name of the LDAP attribute to use as the Keycloak username.
	UsernameLdapAttribute pulumi.StringPtrInput
	// Full DN of LDAP tree where your users are.
	UsersDn pulumi.StringPtrInput
	// Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.
	UuidLdapAttribute pulumi.StringPtrInput
	// When true, Keycloak will validate passwords using the realm policy before updating it.
	ValidatePasswordPolicy pulumi.BoolPtrInput
	// LDAP vendor. I am almost certain this field does nothing, but the UI indicates that it is required.
	Vendor pulumi.StringPtrInput
}

func (UserFederationState) ElementType 

func (UserFederationState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.