layout | page_title | sidebar_current | description |
---|---|---|---|
ldap |
LDAP: ldap_query |
docs-ldap-datasource-query |
LDAP query data source. |
Data source for querying LDAP for one or more objects.
The following example return the email address of all developers in a particular group named "org1".
data "ldap_query" "org1" {
base_dn = "dc=acme,dc=com"
filter = "(&(objectClass=inetOrgPerson)(memberOf=cn=developers,ou=org1,ou=pcf,dc=example,dc=org))(mail=callison@example.org))"
attributes = [ "mail", "givenName", "sn" ]
}
index_attribute = "mail"
}
This is equivalent to the following query using the ldapsearch
cli.
ldapsearch -x -H ldap://myldapserver:389 \
-D "<bind DN>" -w "<bind password>" \
-b "dc=example,dc=org" \
"(&(objectClass=inetOrgPerson)(memberOf=cn=developers,ou=org1,ou=pcf,dc=example,dc=org)(mail=callison@example.org))"
base_dn
- (Required, String) The base DN for the queryfilter
- (Required, String) The LDAP search query filter.
The following arguments declare how the results should be exported so they can be referenced via interpolation.
attributes
- (Required, List) The list of the LDAP attributes to be retrieved.index_attribute
- (Required, String) The LDAP attribute to use to populate theresults
attribute with. The value of this attribute can be used as the key to lookup a LDAP query result record and its attributes.
The following attributes are exported:
results
- A list of the values of theindex_attribute
for all entries returned by the query. For example if theindex_attribute
was the LDAPmail
attribute then all the email addresses returned as a result of the LDAP query will be exported via this resource attribute.results_attr
- A map of the LDAP results keyed by the attribute name identified by<index_attribute_value>/<attribute name>
. If additional LDAP attributes were requested then their values may be retrieved by looking up this map using the value of theindex_attribute
(i.e.<index_attribute_value>
) and the LDAP attribute name.