konnect 2.4.1, Mar 13 25

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

konnect.GatewayPluginLdapAuthAdvanced

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginLdapAuthAdvanced;
import com.pulumi.konnect.GatewayPluginLdapAuthAdvancedArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedOrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedOrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedOrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedRouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginLdapAuthAdvancedServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myGatewaypluginldapauthadvanced = new GatewayPluginLdapAuthAdvanced("myGatewaypluginldapauthadvanced", GatewayPluginLdapAuthAdvancedArgs.builder()
            .config(GatewayPluginLdapAuthAdvancedConfigArgs.builder()
                .anonymous("...my_anonymous...")
                .attribute("...my_attribute...")
                .base_dn("...my_base_dn...")
                .bind_dn("...my_bind_dn...")
                .cache_ttl(2.41)
                .consumer_by("username")
                .consumer_optional(true)
                .group_base_dn("...my_group_base_dn...")
                .group_member_attribute("...my_group_member_attribute...")
                .group_name_attribute("...my_group_name_attribute...")
                .groups_required("...")
                .header_type("...my_header_type...")
                .hide_credentials(true)
                .keepalive(3.29)
                .ldap_host("...my_ldap_host...")
                .ldap_password("...my_ldap_password...")
                .ldap_port(3.46)
                .ldaps(false)
                .log_search_results(false)
                .realm("...my_realm...")
                .start_tls(true)
                .timeout(8.28)
                .verify_ldap_host(true)
                .build())
            .controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
            .enabled(true)
            .gatewayPluginLdapAuthAdvancedId("...my_id...")
            .instanceName("...my_instance_name...")
            .ordering(GatewayPluginLdapAuthAdvancedOrderingArgs.builder()
                .after(GatewayPluginLdapAuthAdvancedOrderingAfterArgs.builder()
                    .access("...")
                    .build())
                .before(GatewayPluginLdapAuthAdvancedOrderingBeforeArgs.builder()
                    .access("...")
                    .build())
                .build())
            .protocols("wss")
            .route(GatewayPluginLdapAuthAdvancedRouteArgs.builder()
                .id("...my_id...")
                .build())
            .service(GatewayPluginLdapAuthAdvancedServiceArgs.builder()
                .id("...my_id...")
                .build())
            .tags("...")
            .build());

    }
}

resources:
  myGatewaypluginldapauthadvanced:
    type: konnect:GatewayPluginLdapAuthAdvanced
    properties:
      config:
        anonymous: '...my_anonymous...'
        attribute: '...my_attribute...'
        base_dn: '...my_base_dn...'
        bind_dn: '...my_bind_dn...'
        cache_ttl: 2.41
        consumer_by:
          - username
        consumer_optional: true
        group_base_dn: '...my_group_base_dn...'
        group_member_attribute: '...my_group_member_attribute...'
        group_name_attribute: '...my_group_name_attribute...'
        groups_required:
          - '...'
        header_type: '...my_header_type...'
        hide_credentials: true
        keepalive: 3.29
        ldap_host: '...my_ldap_host...'
        ldap_password: '...my_ldap_password...'
        ldap_port: 3.46
        ldaps: false
        log_search_results: false
        realm: '...my_realm...'
        start_tls: true
        timeout: 8.28
        verify_ldap_host: true
      controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
      enabled: true
      gatewayPluginLdapAuthAdvancedId: '...my_id...'
      instanceName: '...my_instance_name...'
      ordering:
        after:
          access:
            - '...'
        before:
          access:
            - '...'
      protocols:
        - wss
      route:
        id: '...my_id...'
      service:
        id: '...my_id...'
      tags:
        - '...'

Create GatewayPluginLdapAuthAdvanced Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GatewayPluginLdapAuthAdvanced(name: string, args: GatewayPluginLdapAuthAdvancedArgs, opts?: CustomResourceOptions);

@overload
def GatewayPluginLdapAuthAdvanced(resource_name: str,
                                  args: GatewayPluginLdapAuthAdvancedArgs,
                                  opts: Optional[ResourceOptions] = None)

@overload
def GatewayPluginLdapAuthAdvanced(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  config: Optional[GatewayPluginLdapAuthAdvancedConfigArgs] = None,
                                  control_plane_id: Optional[str] = None,
                                  enabled: Optional[bool] = None,
                                  gateway_plugin_ldap_auth_advanced_id: Optional[str] = None,
                                  instance_name: Optional[str] = None,
                                  ordering: Optional[GatewayPluginLdapAuthAdvancedOrderingArgs] = None,
                                  protocols: Optional[Sequence[str]] = None,
                                  route: Optional[GatewayPluginLdapAuthAdvancedRouteArgs] = None,
                                  service: Optional[GatewayPluginLdapAuthAdvancedServiceArgs] = None,
                                  tags: Optional[Sequence[str]] = None)

func NewGatewayPluginLdapAuthAdvanced(ctx *Context, name string, args GatewayPluginLdapAuthAdvancedArgs, opts ...ResourceOption) (*GatewayPluginLdapAuthAdvanced, error)

public GatewayPluginLdapAuthAdvanced(string name, GatewayPluginLdapAuthAdvancedArgs args, CustomResourceOptions? opts = null)

public GatewayPluginLdapAuthAdvanced(String name, GatewayPluginLdapAuthAdvancedArgs args)
public GatewayPluginLdapAuthAdvanced(String name, GatewayPluginLdapAuthAdvancedArgs args, CustomResourceOptions options)

type: konnect:GatewayPluginLdapAuthAdvanced
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GatewayPluginLdapAuthAdvancedArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GatewayPluginLdapAuthAdvancedArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GatewayPluginLdapAuthAdvancedArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GatewayPluginLdapAuthAdvancedArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GatewayPluginLdapAuthAdvancedArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gatewayPluginLdapAuthAdvancedResource = new Konnect.GatewayPluginLdapAuthAdvanced("gatewayPluginLdapAuthAdvancedResource", new()
{
    Config = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedConfigArgs
    {
        Anonymous = "string",
        Attribute = "string",
        BaseDn = "string",
        BindDn = "string",
        CacheTtl = 0,
        ConsumerBies = new[]
        {
            "string",
        },
        ConsumerOptional = false,
        GroupBaseDn = "string",
        GroupMemberAttribute = "string",
        GroupNameAttribute = "string",
        GroupsRequireds = new[]
        {
            "string",
        },
        HeaderType = "string",
        HideCredentials = false,
        Keepalive = 0,
        LdapHost = "string",
        LdapPassword = "string",
        LdapPort = 0,
        Ldaps = false,
        LogSearchResults = false,
        Realm = "string",
        StartTls = false,
        Timeout = 0,
        VerifyLdapHost = false,
    },
    ControlPlaneId = "string",
    Enabled = false,
    GatewayPluginLdapAuthAdvancedId = "string",
    InstanceName = "string",
    Ordering = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedOrderingArgs
    {
        After = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedOrderingAfterArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
        Before = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedOrderingBeforeArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
    },
    Protocols = new[]
    {
        "string",
    },
    Route = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedRouteArgs
    {
        Id = "string",
    },
    Service = new Konnect.Inputs.GatewayPluginLdapAuthAdvancedServiceArgs
    {
        Id = "string",
    },
    Tags = new[]
    {
        "string",
    },
});

example, err := konnect.NewGatewayPluginLdapAuthAdvanced(ctx, "gatewayPluginLdapAuthAdvancedResource", &konnect.GatewayPluginLdapAuthAdvancedArgs{
Config: &.GatewayPluginLdapAuthAdvancedConfigArgs{
Anonymous: pulumi.String("string"),
Attribute: pulumi.String("string"),
BaseDn: pulumi.String("string"),
BindDn: pulumi.String("string"),
CacheTtl: pulumi.Float64(0),
ConsumerBies: pulumi.StringArray{
pulumi.String("string"),
},
ConsumerOptional: pulumi.Bool(false),
GroupBaseDn: pulumi.String("string"),
GroupMemberAttribute: pulumi.String("string"),
GroupNameAttribute: pulumi.String("string"),
GroupsRequireds: pulumi.StringArray{
pulumi.String("string"),
},
HeaderType: pulumi.String("string"),
HideCredentials: pulumi.Bool(false),
Keepalive: pulumi.Float64(0),
LdapHost: pulumi.String("string"),
LdapPassword: pulumi.String("string"),
LdapPort: pulumi.Float64(0),
Ldaps: pulumi.Bool(false),
LogSearchResults: pulumi.Bool(false),
Realm: pulumi.String("string"),
StartTls: pulumi.Bool(false),
Timeout: pulumi.Float64(0),
VerifyLdapHost: pulumi.Bool(false),
},
ControlPlaneId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewayPluginLdapAuthAdvancedId: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginLdapAuthAdvancedOrderingArgs{
After: &.GatewayPluginLdapAuthAdvancedOrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginLdapAuthAdvancedOrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginLdapAuthAdvancedRouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginLdapAuthAdvancedServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})

var gatewayPluginLdapAuthAdvancedResource = new GatewayPluginLdapAuthAdvanced("gatewayPluginLdapAuthAdvancedResource", GatewayPluginLdapAuthAdvancedArgs.builder()
    .config(GatewayPluginLdapAuthAdvancedConfigArgs.builder()
        .anonymous("string")
        .attribute("string")
        .baseDn("string")
        .bindDn("string")
        .cacheTtl(0)
        .consumerBies("string")
        .consumerOptional(false)
        .groupBaseDn("string")
        .groupMemberAttribute("string")
        .groupNameAttribute("string")
        .groupsRequireds("string")
        .headerType("string")
        .hideCredentials(false)
        .keepalive(0)
        .ldapHost("string")
        .ldapPassword("string")
        .ldapPort(0)
        .ldaps(false)
        .logSearchResults(false)
        .realm("string")
        .startTls(false)
        .timeout(0)
        .verifyLdapHost(false)
        .build())
    .controlPlaneId("string")
    .enabled(false)
    .gatewayPluginLdapAuthAdvancedId("string")
    .instanceName("string")
    .ordering(GatewayPluginLdapAuthAdvancedOrderingArgs.builder()
        .after(GatewayPluginLdapAuthAdvancedOrderingAfterArgs.builder()
            .accesses("string")
            .build())
        .before(GatewayPluginLdapAuthAdvancedOrderingBeforeArgs.builder()
            .accesses("string")
            .build())
        .build())
    .protocols("string")
    .route(GatewayPluginLdapAuthAdvancedRouteArgs.builder()
        .id("string")
        .build())
    .service(GatewayPluginLdapAuthAdvancedServiceArgs.builder()
        .id("string")
        .build())
    .tags("string")
    .build());

gateway_plugin_ldap_auth_advanced_resource = konnect.GatewayPluginLdapAuthAdvanced("gatewayPluginLdapAuthAdvancedResource",
    config={
        "anonymous": "string",
        "attribute": "string",
        "base_dn": "string",
        "bind_dn": "string",
        "cache_ttl": 0,
        "consumer_bies": ["string"],
        "consumer_optional": False,
        "group_base_dn": "string",
        "group_member_attribute": "string",
        "group_name_attribute": "string",
        "groups_requireds": ["string"],
        "header_type": "string",
        "hide_credentials": False,
        "keepalive": 0,
        "ldap_host": "string",
        "ldap_password": "string",
        "ldap_port": 0,
        "ldaps": False,
        "log_search_results": False,
        "realm": "string",
        "start_tls": False,
        "timeout": 0,
        "verify_ldap_host": False,
    },
    control_plane_id="string",
    enabled=False,
    gateway_plugin_ldap_auth_advanced_id="string",
    instance_name="string",
    ordering={
        "after": {
            "accesses": ["string"],
        },
        "before": {
            "accesses": ["string"],
        },
    },
    protocols=["string"],
    route={
        "id": "string",
    },
    service={
        "id": "string",
    },
    tags=["string"])

const gatewayPluginLdapAuthAdvancedResource = new konnect.GatewayPluginLdapAuthAdvanced("gatewayPluginLdapAuthAdvancedResource", {
    config: {
        anonymous: "string",
        attribute: "string",
        baseDn: "string",
        bindDn: "string",
        cacheTtl: 0,
        consumerBies: ["string"],
        consumerOptional: false,
        groupBaseDn: "string",
        groupMemberAttribute: "string",
        groupNameAttribute: "string",
        groupsRequireds: ["string"],
        headerType: "string",
        hideCredentials: false,
        keepalive: 0,
        ldapHost: "string",
        ldapPassword: "string",
        ldapPort: 0,
        ldaps: false,
        logSearchResults: false,
        realm: "string",
        startTls: false,
        timeout: 0,
        verifyLdapHost: false,
    },
    controlPlaneId: "string",
    enabled: false,
    gatewayPluginLdapAuthAdvancedId: "string",
    instanceName: "string",
    ordering: {
        after: {
            accesses: ["string"],
        },
        before: {
            accesses: ["string"],
        },
    },
    protocols: ["string"],
    route: {
        id: "string",
    },
    service: {
        id: "string",
    },
    tags: ["string"],
});

type: konnect:GatewayPluginLdapAuthAdvanced
properties:
    config:
        anonymous: string
        attribute: string
        baseDn: string
        bindDn: string
        cacheTtl: 0
        consumerBies:
            - string
        consumerOptional: false
        groupBaseDn: string
        groupMemberAttribute: string
        groupNameAttribute: string
        groupsRequireds:
            - string
        headerType: string
        hideCredentials: false
        keepalive: 0
        ldapHost: string
        ldapPassword: string
        ldapPort: 0
        ldaps: false
        logSearchResults: false
        realm: string
        startTls: false
        timeout: 0
        verifyLdapHost: false
    controlPlaneId: string
    enabled: false
    gatewayPluginLdapAuthAdvancedId: string
    instanceName: string
    ordering:
        after:
            accesses:
                - string
        before:
            accesses:
                - string
    protocols:
        - string
    route:
        id: string
    service:
        id: string
    tags:
        - string

GatewayPluginLdapAuthAdvanced Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GatewayPluginLdapAuthAdvanced resource accepts the following input properties:

Config GatewayPluginLdapAuthAdvancedConfig
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginLdapAuthAdvancedId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginLdapAuthAdvancedOrdering
Protocols List<string>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.

Config GatewayPluginLdapAuthAdvancedConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginLdapAuthAdvancedId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginLdapAuthAdvancedOrderingArgs
Protocols []string: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginLdapAuthAdvancedRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginLdapAuthAdvancedServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginLdapAuthAdvancedConfig
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId String: The ID of this resource.
instanceName String
ordering GatewayPluginLdapAuthAdvancedOrdering
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginLdapAuthAdvancedConfig
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId string: The ID of this resource.
instanceName string
ordering GatewayPluginLdapAuthAdvancedOrdering
protocols string[]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginLdapAuthAdvancedConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled bool: Whether the plugin is applied.
gateway_plugin_ldap_auth_advanced_id str: The ID of this resource.
instance_name str
ordering GatewayPluginLdapAuthAdvancedOrderingArgs
protocols Sequence[str]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

Outputs

All input properties are implicitly available as output properties. Additionally, the GatewayPluginLdapAuthAdvanced resource produces the following output properties:

CreatedAt double: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt double: Unix epoch when the resource was last updated.

CreatedAt float64: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt float64: Unix epoch when the resource was last updated.

createdAt Double: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Double: Unix epoch when the resource was last updated.

createdAt number: Unix epoch when the resource was created.
id string: The provider-assigned unique ID for this managed resource.
updatedAt number: Unix epoch when the resource was last updated.

created_at float: Unix epoch when the resource was created.
id str: The provider-assigned unique ID for this managed resource.
updated_at float: Unix epoch when the resource was last updated.

createdAt Number: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Number: Unix epoch when the resource was last updated.

Look up Existing GatewayPluginLdapAuthAdvanced Resource

Get an existing GatewayPluginLdapAuthAdvanced resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GatewayPluginLdapAuthAdvancedState, opts?: CustomResourceOptions): GatewayPluginLdapAuthAdvanced

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[GatewayPluginLdapAuthAdvancedConfigArgs] = None,
        control_plane_id: Optional[str] = None,
        created_at: Optional[float] = None,
        enabled: Optional[bool] = None,
        gateway_plugin_ldap_auth_advanced_id: Optional[str] = None,
        instance_name: Optional[str] = None,
        ordering: Optional[GatewayPluginLdapAuthAdvancedOrderingArgs] = None,
        protocols: Optional[Sequence[str]] = None,
        route: Optional[GatewayPluginLdapAuthAdvancedRouteArgs] = None,
        service: Optional[GatewayPluginLdapAuthAdvancedServiceArgs] = None,
        tags: Optional[Sequence[str]] = None,
        updated_at: Optional[float] = None) -> GatewayPluginLdapAuthAdvanced

func GetGatewayPluginLdapAuthAdvanced(ctx *Context, name string, id IDInput, state *GatewayPluginLdapAuthAdvancedState, opts ...ResourceOption) (*GatewayPluginLdapAuthAdvanced, error)

public static GatewayPluginLdapAuthAdvanced Get(string name, Input<string> id, GatewayPluginLdapAuthAdvancedState? state, CustomResourceOptions? opts = null)

public static GatewayPluginLdapAuthAdvanced get(String name, Output<String> id, GatewayPluginLdapAuthAdvancedState state, CustomResourceOptions options)

resources:  _:    type: konnect:GatewayPluginLdapAuthAdvanced    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Config GatewayPluginLdapAuthAdvancedConfig
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt double: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginLdapAuthAdvancedId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginLdapAuthAdvancedOrdering
Protocols List<string>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt double: Unix epoch when the resource was last updated.

Config GatewayPluginLdapAuthAdvancedConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt float64: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginLdapAuthAdvancedId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginLdapAuthAdvancedOrderingArgs
Protocols []string: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginLdapAuthAdvancedRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginLdapAuthAdvancedServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt float64: Unix epoch when the resource was last updated.

config GatewayPluginLdapAuthAdvancedConfig
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Double: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId String: The ID of this resource.
instanceName String
ordering GatewayPluginLdapAuthAdvancedOrdering
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Double: Unix epoch when the resource was last updated.

config GatewayPluginLdapAuthAdvancedConfig
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt number: Unix epoch when the resource was created.
enabled boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId string: The ID of this resource.
instanceName string
ordering GatewayPluginLdapAuthAdvancedOrdering
protocols string[]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt number: Unix epoch when the resource was last updated.

config GatewayPluginLdapAuthAdvancedConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
created_at float: Unix epoch when the resource was created.
enabled bool: Whether the plugin is applied.
gateway_plugin_ldap_auth_advanced_id str: The ID of this resource.
instance_name str
ordering GatewayPluginLdapAuthAdvancedOrderingArgs
protocols Sequence[str]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginLdapAuthAdvancedRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginLdapAuthAdvancedServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.
updated_at float: Unix epoch when the resource was last updated.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Number: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginLdapAuthAdvancedId String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Number: Unix epoch when the resource was last updated.

Supporting Types

GatewayPluginLdapAuthAdvancedConfig, GatewayPluginLdapAuthAdvancedConfigArgs

Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
Attribute string: Attribute to be used to search the user; e.g., "cn".
BaseDn string: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
BindDn string: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
CacheTtl double: Cache expiry time in seconds.
ConsumerBies List<string>: Whether to authenticate consumers based on username, custom_id, or both.
ConsumerOptional bool: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
GroupBaseDn string: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
GroupMemberAttribute string: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
GroupNameAttribute string: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
GroupsRequireds List<string>: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
HeaderType string: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
HideCredentials bool: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
Keepalive double: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
LdapHost string: Host on which the LDAP server is running.
LdapPassword string: The password to the LDAP server.
LdapPort double: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
Ldaps bool: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
LogSearchResults bool: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
Realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
StartTls bool: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
Timeout double: An optional timeout in milliseconds when waiting for connection with LDAP server.
VerifyLdapHost bool: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
Attribute string: Attribute to be used to search the user; e.g., "cn".
BaseDn string: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
BindDn string: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
CacheTtl float64: Cache expiry time in seconds.
ConsumerBies []string: Whether to authenticate consumers based on username, custom_id, or both.
ConsumerOptional bool: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
GroupBaseDn string: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
GroupMemberAttribute string: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
GroupNameAttribute string: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
GroupsRequireds []string: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
HeaderType string: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
HideCredentials bool: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
Keepalive float64: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
LdapHost string: Host on which the LDAP server is running.
LdapPassword string: The password to the LDAP server.
LdapPort float64: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
Ldaps bool: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
LogSearchResults bool: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
Realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
StartTls bool: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
Timeout float64: An optional timeout in milliseconds when waiting for connection with LDAP server.
VerifyLdapHost bool: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
attribute String: Attribute to be used to search the user; e.g., "cn".
baseDn String: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
bindDn String: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
cacheTtl Double: Cache expiry time in seconds.
consumerBies List<String>: Whether to authenticate consumers based on username, custom_id, or both.
consumerOptional Boolean: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
groupBaseDn String: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
groupMemberAttribute String: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
groupNameAttribute String: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
groupsRequireds List<String>: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
headerType String: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
hideCredentials Boolean: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
keepalive Double: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
ldapHost String: Host on which the LDAP server is running.
ldapPassword String: The password to the LDAP server.
ldapPort Double: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
ldaps Boolean: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
logSearchResults Boolean: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
realm String: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
startTls Boolean: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
timeout Double: An optional timeout in milliseconds when waiting for connection with LDAP server.
verifyLdapHost Boolean: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
attribute string: Attribute to be used to search the user; e.g., "cn".
baseDn string: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
bindDn string: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
cacheTtl number: Cache expiry time in seconds.
consumerBies string[]: Whether to authenticate consumers based on username, custom_id, or both.
consumerOptional boolean: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
groupBaseDn string: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
groupMemberAttribute string: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
groupNameAttribute string: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
groupsRequireds string[]: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
headerType string: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
hideCredentials boolean: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
keepalive number: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
ldapHost string: Host on which the LDAP server is running.
ldapPassword string: The password to the LDAP server.
ldapPort number: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
ldaps boolean: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
logSearchResults boolean: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
startTls boolean: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
timeout number: An optional timeout in milliseconds when waiting for connection with LDAP server.
verifyLdapHost boolean: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

anonymous str: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
attribute str: Attribute to be used to search the user; e.g., "cn".
base_dn str: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
bind_dn str: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
cache_ttl float: Cache expiry time in seconds.
consumer_bies Sequence[str]: Whether to authenticate consumers based on username, custom_id, or both.
consumer_optional bool: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
group_base_dn str: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
group_member_attribute str: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
group_name_attribute str: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
groups_requireds Sequence[str]: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
header_type str: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
hide_credentials bool: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
keepalive float: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
ldap_host str: Host on which the LDAP server is running.
ldap_password str: The password to the LDAP server.
ldap_port float: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
ldaps bool: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
log_search_results bool: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
realm str: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
start_tls bool: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
timeout float: An optional timeout in milliseconds when waiting for connection with LDAP server.
verify_ldap_host bool: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
attribute String: Attribute to be used to search the user; e.g., "cn".
baseDn String: Base DN as the starting point for the search; e.g., 'dc=example,dc=com'.
bindDn String: The DN to bind to. Used to perform LDAP search of user. This bind_dn should have permissions to search for the user being authenticated.
cacheTtl Number: Cache expiry time in seconds.
consumerBies List<String>: Whether to authenticate consumers based on username, custom_id, or both.
consumerOptional Boolean: Whether consumer mapping is optional. If consumer_optional=true, the plugin will not attempt to associate a consumer with the LDAP authenticated user.
groupBaseDn String: Sets a distinguished name (DN) for the entry where LDAP searches for groups begin. This field is case-insensitive.',dc=com'.
groupMemberAttribute String: Sets the attribute holding the members of the LDAP group. This field is case-sensitive.
groupNameAttribute String: Sets the attribute holding the name of a group, typically called name (in Active Directory) or cn (in OpenLDAP). This field is case-insensitive.
groupsRequireds List<String>: The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"] are in the same array indices, both group1 AND group2 need to be present in the LDAP search result. - When ["group1", "group2"] are in different array indices, either group1 OR group2 need to be present in the LDAP search result.
headerType String: An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password). If header_type is set to "basic", then the Authorization header would be Authorization: basic base64(username:password). Note that header_type can take any string, not just 'ldap' and 'basic'.
hideCredentials Boolean: An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.
keepalive Number: An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.
ldapHost String: Host on which the LDAP server is running.
ldapPassword String: The password to the LDAP server.
ldapPort Number: TCP port where the LDAP server is listening. 389 is the default port for non-SSL LDAP and AD. 636 is the port required for SSL LDAP and AD. If ldaps is configured, you must use port 636.
ldaps Boolean: Set it to true to use ldaps, a secure protocol (that can be configured to TLS) to connect to the LDAP server. When ldaps is configured, you must use port 636. If the ldap setting is enabled, ensure the start_tls setting is disabled.
logSearchResults Boolean: Displays all the LDAP search results received from the LDAP server for debugging purposes. Not recommended to be enabled in a production environment.
realm String: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
startTls Boolean: Set it to true to issue StartTLS (Transport Layer Security) extended operation over ldap connection. If the start_tls setting is enabled, ensure the ldaps setting is disabled.
timeout Number: An optional timeout in milliseconds when waiting for connection with LDAP server.
verifyLdapHost Boolean: Set to true to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the lua_ssl_trusted_certificate directive.

GatewayPluginLdapAuthAdvancedOrdering, GatewayPluginLdapAuthAdvancedOrderingArgs

After GatewayPluginLdapAuthAdvancedOrderingAfter
Before GatewayPluginLdapAuthAdvancedOrderingBefore

After GatewayPluginLdapAuthAdvancedOrderingAfter
Before GatewayPluginLdapAuthAdvancedOrderingBefore

after GatewayPluginLdapAuthAdvancedOrderingAfter
before GatewayPluginLdapAuthAdvancedOrderingBefore

after GatewayPluginLdapAuthAdvancedOrderingAfter
before GatewayPluginLdapAuthAdvancedOrderingBefore

after GatewayPluginLdapAuthAdvancedOrderingAfter
before GatewayPluginLdapAuthAdvancedOrderingBefore

after Property Map
before Property Map

GatewayPluginLdapAuthAdvancedOrderingAfter, GatewayPluginLdapAuthAdvancedOrderingAfterArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginLdapAuthAdvancedOrderingBefore, GatewayPluginLdapAuthAdvancedOrderingBeforeArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginLdapAuthAdvancedRoute, GatewayPluginLdapAuthAdvancedRouteArgs

Id string

Id string

id String

id string

id str

id String

GatewayPluginLdapAuthAdvancedService, GatewayPluginLdapAuthAdvancedServiceArgs

Id string

Id string

id String

id string

id str

id String

Import

$ pulumi import konnect:index/gatewayPluginLdapAuthAdvanced:GatewayPluginLdapAuthAdvanced my_konnect_gateway_plugin_ldap_auth_advanced "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: konnect kong/terraform-provider-konnect
License
Notes: This Pulumi package is based on the konnect Terraform Provider.

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

kong/terraform-provider-konnect

konnect.GatewayPluginLdapAuthAdvanced

On this page

On this page

Example Usage

Create GatewayPluginLdapAuthAdvanced Resource

Constructor syntax

Parameters

Constructor example

GatewayPluginLdapAuthAdvanced Resource Properties

Inputs

Outputs

Look up Existing GatewayPluginLdapAuthAdvanced Resource

Supporting Types

GatewayPluginLdapAuthAdvancedConfig, GatewayPluginLdapAuthAdvancedConfigArgs

GatewayPluginLdapAuthAdvancedOrdering, GatewayPluginLdapAuthAdvancedOrderingArgs

GatewayPluginLdapAuthAdvancedOrderingAfter, GatewayPluginLdapAuthAdvancedOrderingAfterArgs

GatewayPluginLdapAuthAdvancedOrderingBefore, GatewayPluginLdapAuthAdvancedOrderingBeforeArgs

GatewayPluginLdapAuthAdvancedRoute, GatewayPluginLdapAuthAdvancedRouteArgs

GatewayPluginLdapAuthAdvancedService, GatewayPluginLdapAuthAdvancedServiceArgs

Import

Package Details

On this page

On this page