Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Konnect Provider
  3. API Docs
  4. getGatewayPluginLdapAuthAdvanced
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
kong/terraform-provider-konnect

konnect.getGatewayPluginLdapAuthAdvanced

Explore with Pulumi AI

konnect logo
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
kong/terraform-provider-konnect

    Using getGatewayPluginLdapAuthAdvanced

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getGatewayPluginLdapAuthAdvanced(args: GetGatewayPluginLdapAuthAdvancedArgs, opts?: InvokeOptions): Promise<GetGatewayPluginLdapAuthAdvancedResult>
function getGatewayPluginLdapAuthAdvancedOutput(args: GetGatewayPluginLdapAuthAdvancedOutputArgs, opts?: InvokeOptions): Output<GetGatewayPluginLdapAuthAdvancedResult>
    def get_gateway_plugin_ldap_auth_advanced(control_plane_id: Optional[str] = None,
                                          opts: Optional[InvokeOptions] = None) -> GetGatewayPluginLdapAuthAdvancedResult
def get_gateway_plugin_ldap_auth_advanced_output(control_plane_id: Optional[pulumi.Input[str]] = None,
                                          opts: Optional[InvokeOptions] = None) -> Output[GetGatewayPluginLdapAuthAdvancedResult]
    func LookupGatewayPluginLdapAuthAdvanced(ctx *Context, args *LookupGatewayPluginLdapAuthAdvancedArgs, opts ...InvokeOption) (*LookupGatewayPluginLdapAuthAdvancedResult, error)
func LookupGatewayPluginLdapAuthAdvancedOutput(ctx *Context, args *LookupGatewayPluginLdapAuthAdvancedOutputArgs, opts ...InvokeOption) LookupGatewayPluginLdapAuthAdvancedResultOutput

    > Note: This function is named LookupGatewayPluginLdapAuthAdvanced in the Go SDK.

    public static class GetGatewayPluginLdapAuthAdvanced 
{
    public static Task<GetGatewayPluginLdapAuthAdvancedResult> InvokeAsync(GetGatewayPluginLdapAuthAdvancedArgs args, InvokeOptions? opts = null)
    public static Output<GetGatewayPluginLdapAuthAdvancedResult> Invoke(GetGatewayPluginLdapAuthAdvancedInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetGatewayPluginLdapAuthAdvancedResult> getGatewayPluginLdapAuthAdvanced(GetGatewayPluginLdapAuthAdvancedArgs args, InvokeOptions options)
public static Output<GetGatewayPluginLdapAuthAdvancedResult> getGatewayPluginLdapAuthAdvanced(GetGatewayPluginLdapAuthAdvancedArgs args, InvokeOptions options)

    fn::invoke:
  function: konnect:index/getGatewayPluginLdapAuthAdvanced:getGatewayPluginLdapAuthAdvanced
  arguments:
    # arguments dictionary

    The following arguments are supported:

    getGatewayPluginLdapAuthAdvanced Result

    The following output properties are available:

    Supporting Types

    GetGatewayPluginLdapAuthAdvancedConfig

    Anonymous string
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    Attribute string
    Attribute to be used to search the user; e.g., "cn".
    BaseDn string
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    BindDn string
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    CacheTtl double
    Cache expiry time in seconds.
    ConsumerBies List<string>
    Whether to authenticate consumers based on username, custom_id, or both.
    ConsumerOptional bool
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    GroupBaseDn string
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    GroupMemberAttribute string
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    GroupNameAttribute string
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    GroupsRequireds List<string>
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    HeaderType string
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    HideCredentials bool
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    Keepalive double
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    LdapHost string
    Host on which the LDAP server is running.
    LdapPassword string
    The password to the LDAP server.
    LdapPort double
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    Ldaps bool
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    LogSearchResults bool
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    Realm string
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    StartTls bool
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    Timeout double
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    VerifyLdapHost bool
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.
    Anonymous string
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    Attribute string
    Attribute to be used to search the user; e.g., "cn".
    BaseDn string
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    BindDn string
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    CacheTtl float64
    Cache expiry time in seconds.
    ConsumerBies []string
    Whether to authenticate consumers based on username, custom_id, or both.
    ConsumerOptional bool
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    GroupBaseDn string
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    GroupMemberAttribute string
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    GroupNameAttribute string
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    GroupsRequireds []string
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    HeaderType string
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    HideCredentials bool
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    Keepalive float64
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    LdapHost string
    Host on which the LDAP server is running.
    LdapPassword string
    The password to the LDAP server.
    LdapPort float64
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    Ldaps bool
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    LogSearchResults bool
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    Realm string
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    StartTls bool
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    Timeout float64
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    VerifyLdapHost bool
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.
    anonymous String
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    attribute String
    Attribute to be used to search the user; e.g., "cn".
    baseDn String
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    bindDn String
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    cacheTtl Double
    Cache expiry time in seconds.
    consumerBies List<String>
    Whether to authenticate consumers based on username, custom_id, or both.
    consumerOptional Boolean
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    groupBaseDn String
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    groupMemberAttribute String
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    groupNameAttribute String
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    groupsRequireds List<String>
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    headerType String
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    hideCredentials Boolean
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    keepalive Double
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    ldapHost String
    Host on which the LDAP server is running.
    ldapPassword String
    The password to the LDAP server.
    ldapPort Double
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    ldaps Boolean
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    logSearchResults Boolean
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    realm String
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    startTls Boolean
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    timeout Double
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    verifyLdapHost Boolean
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.
    anonymous string
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    attribute string
    Attribute to be used to search the user; e.g., "cn".
    baseDn string
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    bindDn string
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    cacheTtl number
    Cache expiry time in seconds.
    consumerBies string[]
    Whether to authenticate consumers based on username, custom_id, or both.
    consumerOptional boolean
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    groupBaseDn string
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    groupMemberAttribute string
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    groupNameAttribute string
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    groupsRequireds string[]
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    headerType string
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    hideCredentials boolean
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    keepalive number
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    ldapHost string
    Host on which the LDAP server is running.
    ldapPassword string
    The password to the LDAP server.
    ldapPort number
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    ldaps boolean
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    logSearchResults boolean
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    realm string
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    startTls boolean
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    timeout number
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    verifyLdapHost boolean
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.
    anonymous str
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    attribute str
    Attribute to be used to search the user; e.g., "cn".
    base_dn str
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    bind_dn str
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    cache_ttl float
    Cache expiry time in seconds.
    consumer_bies Sequence[str]
    Whether to authenticate consumers based on username, custom_id, or both.
    consumer_optional bool
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    group_base_dn str
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    group_member_attribute str
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    group_name_attribute str
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    groups_requireds Sequence[str]
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    header_type str
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    hide_credentials bool
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    keepalive float
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    ldap_host str
    Host on which the LDAP server is running.
    ldap_password str
    The password to the LDAP server.
    ldap_port float
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    ldaps bool
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    log_search_results bool
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    realm str
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    start_tls bool
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    timeout float
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    verify_ldap_host bool
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.
    anonymous String
    An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
    attribute String
    Attribute to be used to search the user; e.g., "cn".
    baseDn String
    Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
    bindDn String
    The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
    cacheTtl Number
    Cache expiry time in seconds.
    consumerBies List<String>
    Whether to authenticate consumers based on username, custom_id, or both.
    consumerOptional Boolean
    Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
    groupBaseDn String
    Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
    groupMemberAttribute String
    Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
    groupNameAttribute String
    Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
    groupsRequireds List<String>
    The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
    headerType String
    An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
    hideCredentials Boolean
    An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
    keepalive Number
    An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
    ldapHost String
    Host on which the LDAP server is running.
    ldapPassword String
    The password to the LDAP server.
    ldapPort Number
    TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
    ldaps Boolean
    Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
    logSearchResults Boolean
    Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
    realm String
    When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
    startTls Boolean
    Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
    timeout Number
    An optional timeout in milliseconds when waiting for connection with LDAP server.
    verifyLdapHost Boolean
    Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

    GetGatewayPluginLdapAuthAdvancedOrdering

    GetGatewayPluginLdapAuthAdvancedOrderingAfter

    Accesses List<string>
    Accesses []string
    accesses List<String>
    accesses string[]
    accesses Sequence[str]
    accesses List<String>

    GetGatewayPluginLdapAuthAdvancedOrderingBefore

    Accesses List<string>
    Accesses []string
    accesses List<String>
    accesses string[]
    accesses Sequence[str]
    accesses List<String>

    GetGatewayPluginLdapAuthAdvancedRoute

    Id string
    Id string
    id String
    id string
    id str
    id String

    GetGatewayPluginLdapAuthAdvancedService

    Id string
    Id string
    id String
    id string
    id str
    id String

    Package Details

    Repository
    konnect kong/terraform-provider-konnect
    License
    Notes
    This Pulumi package is based on the konnect Terraform Provider.
    konnect logo
    konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
    kong/terraform-provider-konnect