LDAP object
An API object that represents the cluster’s LDAP configuration.
| Name | Type/Value | Description |
|---|---|---|
| bind_dn | string | DN used when binding with the LDAP server to run queries |
| bind_pass | string | Password used when binding with the LDAP server to run queries |
| ca_cert | string | PEM-encoded CA certificate(s) used to validate TLS connections to the LDAP server |
| cache_ttl | integer (default: 300) | Maximum TTL (in seconds) of cached entries |
| control_plane | boolean (default: false) | Use LDAP for user authentication/authorization in the control plane |
| data_plane | boolean (default: false) | Use LDAP for user authentication/authorization in the data plane |
| directory_timeout_s | integer (range: 5-60) (default: 5) | The connection timeout to the LDAP server when authenticating a user, in seconds |
| dn_group_attr | string | The name of an attribute of the LDAP user entity that contains a list of the groups that user belongs to. (Mutually exclusive with “dn_group_query”) |
| dn_group_query | complex object | An LDAP search query for mapping from a user DN to the groups the user is a member of. The substring “%D” in the filter will be replaced with the user’s DN. (Mutually exclusive with “dn_group_attr”) |
| starttls | boolean (default: false) | Use StartTLS negotiation for the LDAP connection |
| uris | array of strings | URIs of LDAP servers that only contain the schema, host, and port |
| user_dn_query | complex object | An LDAP search query for mapping from a username to a user DN. The substring “%u” in the filter will be replaced with the username. (Mutually exclusive with “user_dn_template”) |
| user_dn_template | string | A string template that maps between the username, provided to the cluster for authentication, and the LDAP DN. The substring “%u” will be replaced with the username. (Mutually exclusive with “user_dn_query”) |