MongoDB Atlas v3.30.0, Mar 21 25

MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi

mongodbatlas.LdapConfiguration

Explore with Pulumi AI

MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi

# Resource: mongodbatlas.LdapConfiguration

mongodbatlas.LdapConfiguration provides an LDAP Configuration resource. This allows an LDAP configuration for an Atlas project to be created and managed. This endpoint doesn’t verify connectivity using the provided LDAP over TLS configuration details. To verify a configuration before saving it, use the resource to verify the LDAP configuration.

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.Project("test", {
    name: "NAME OF THE PROJECT",
    orgId: "ORG ID",
});
const testLdapConfiguration = new mongodbatlas.LdapConfiguration("test", {
    projectId: test.id,
    authenticationEnabled: true,
    hostname: "HOSTNAME",
    port: 636,
    bindUsername: "USERNAME",
    bindPassword: "PASSWORD",
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.Project("test",
    name="NAME OF THE PROJECT",
    org_id="ORG ID")
test_ldap_configuration = mongodbatlas.LdapConfiguration("test",
    project_id=test.id,
    authentication_enabled=True,
    hostname="HOSTNAME",
    port=636,
    bind_username="USERNAME",
    bind_password="PASSWORD")

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := mongodbatlas.NewProject(ctx, "test", &mongodbatlas.ProjectArgs{
			Name:  pulumi.String("NAME OF THE PROJECT"),
			OrgId: pulumi.String("ORG ID"),
		})
		if err != nil {
			return err
		}
		_, err = mongodbatlas.NewLdapConfiguration(ctx, "test", &mongodbatlas.LdapConfigurationArgs{
			ProjectId:             test.ID(),
			AuthenticationEnabled: pulumi.Bool(true),
			Hostname:              pulumi.String("HOSTNAME"),
			Port:                  pulumi.Int(636),
			BindUsername:          pulumi.String("USERNAME"),
			BindPassword:          pulumi.String("PASSWORD"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.Project("test", new()
    {
        Name = "NAME OF THE PROJECT",
        OrgId = "ORG ID",
    });

    var testLdapConfiguration = new Mongodbatlas.LdapConfiguration("test", new()
    {
        ProjectId = test.Id,
        AuthenticationEnabled = true,
        Hostname = "HOSTNAME",
        Port = 636,
        BindUsername = "USERNAME",
        BindPassword = "PASSWORD",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.Project;
import com.pulumi.mongodbatlas.ProjectArgs;
import com.pulumi.mongodbatlas.LdapConfiguration;
import com.pulumi.mongodbatlas.LdapConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new Project("test", ProjectArgs.builder()
            .name("NAME OF THE PROJECT")
            .orgId("ORG ID")
            .build());

        var testLdapConfiguration = new LdapConfiguration("testLdapConfiguration", LdapConfigurationArgs.builder()
            .projectId(test.id())
            .authenticationEnabled(true)
            .hostname("HOSTNAME")
            .port(636)
            .bindUsername("USERNAME")
            .bindPassword("PASSWORD")
            .build());

    }
}

resources:
  test:
    type: mongodbatlas:Project
    properties:
      name: NAME OF THE PROJECT
      orgId: ORG ID
  testLdapConfiguration:
    type: mongodbatlas:LdapConfiguration
    name: test
    properties:
      projectId: ${test.id}
      authenticationEnabled: true
      hostname: HOSTNAME
      port: 636
      bindUsername: USERNAME
      bindPassword: PASSWORD

LDAP With User To DN Mapping

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.Project("test", {
    name: "NAME OF THE PROJECT",
    orgId: "ORG ID",
});
const testLdapConfiguration = new mongodbatlas.LdapConfiguration("test", {
    projectId: test.id,
    authenticationEnabled: true,
    hostname: "HOSTNAME",
    port: 636,
    bindUsername: "USERNAME",
    bindPassword: "PASSWORD",
    caCertificate: "CA CERTIFICATE",
    authzQueryTemplate: "{USER}?memberOf?base",
    userToDnMappings: [{
        match: "(.+)",
        ldapQuery: "DC=example,DC=com??sub?(userPrincipalName={0})",
    }],
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.Project("test",
    name="NAME OF THE PROJECT",
    org_id="ORG ID")
test_ldap_configuration = mongodbatlas.LdapConfiguration("test",
    project_id=test.id,
    authentication_enabled=True,
    hostname="HOSTNAME",
    port=636,
    bind_username="USERNAME",
    bind_password="PASSWORD",
    ca_certificate="CA CERTIFICATE",
    authz_query_template="{USER}?memberOf?base",
    user_to_dn_mappings=[{
        "match": "(.+)",
        "ldap_query": "DC=example,DC=com??sub?(userPrincipalName={0})",
    }])

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := mongodbatlas.NewProject(ctx, "test", &mongodbatlas.ProjectArgs{
			Name:  pulumi.String("NAME OF THE PROJECT"),
			OrgId: pulumi.String("ORG ID"),
		})
		if err != nil {
			return err
		}
		_, err = mongodbatlas.NewLdapConfiguration(ctx, "test", &mongodbatlas.LdapConfigurationArgs{
			ProjectId:             test.ID(),
			AuthenticationEnabled: pulumi.Bool(true),
			Hostname:              pulumi.String("HOSTNAME"),
			Port:                  pulumi.Int(636),
			BindUsername:          pulumi.String("USERNAME"),
			BindPassword:          pulumi.String("PASSWORD"),
			CaCertificate:         pulumi.String("CA CERTIFICATE"),
			AuthzQueryTemplate:    pulumi.String("{USER}?memberOf?base"),
			UserToDnMappings: mongodbatlas.LdapConfigurationUserToDnMappingArray{
				&mongodbatlas.LdapConfigurationUserToDnMappingArgs{
					Match:     pulumi.String("(.+)"),
					LdapQuery: pulumi.String("DC=example,DC=com??sub?(userPrincipalName={0})"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var test = new Mongodbatlas.Project("test", new()
    {
        Name = "NAME OF THE PROJECT",
        OrgId = "ORG ID",
    });

    var testLdapConfiguration = new Mongodbatlas.LdapConfiguration("test", new()
    {
        ProjectId = test.Id,
        AuthenticationEnabled = true,
        Hostname = "HOSTNAME",
        Port = 636,
        BindUsername = "USERNAME",
        BindPassword = "PASSWORD",
        CaCertificate = "CA CERTIFICATE",
        AuthzQueryTemplate = "{USER}?memberOf?base",
        UserToDnMappings = new[]
        {
            new Mongodbatlas.Inputs.LdapConfigurationUserToDnMappingArgs
            {
                Match = "(.+)",
                LdapQuery = "DC=example,DC=com??sub?(userPrincipalName={0})",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.Project;
import com.pulumi.mongodbatlas.ProjectArgs;
import com.pulumi.mongodbatlas.LdapConfiguration;
import com.pulumi.mongodbatlas.LdapConfigurationArgs;
import com.pulumi.mongodbatlas.inputs.LdapConfigurationUserToDnMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new Project("test", ProjectArgs.builder()
            .name("NAME OF THE PROJECT")
            .orgId("ORG ID")
            .build());

        var testLdapConfiguration = new LdapConfiguration("testLdapConfiguration", LdapConfigurationArgs.builder()
            .projectId(test.id())
            .authenticationEnabled(true)
            .hostname("HOSTNAME")
            .port(636)
            .bindUsername("USERNAME")
            .bindPassword("PASSWORD")
            .caCertificate("CA CERTIFICATE")
            .authzQueryTemplate("{USER}?memberOf?base")
            .userToDnMappings(LdapConfigurationUserToDnMappingArgs.builder()
                .match("(.+)")
                .ldapQuery("DC=example,DC=com??sub?(userPrincipalName={0})")
                .build())
            .build());

    }
}

resources:
  test:
    type: mongodbatlas:Project
    properties:
      name: NAME OF THE PROJECT
      orgId: ORG ID
  testLdapConfiguration:
    type: mongodbatlas:LdapConfiguration
    name: test
    properties:
      projectId: ${test.id}
      authenticationEnabled: true
      hostname: HOSTNAME
      port: 636
      bindUsername: USERNAME
      bindPassword: PASSWORD
      caCertificate: CA CERTIFICATE
      authzQueryTemplate: '{USER}?memberOf?base'
      userToDnMappings:
        - match: (.+)
          ldapQuery: DC=example,DC=com??sub?(userPrincipalName={0})

Create LdapConfiguration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new LdapConfiguration(name: string, args: LdapConfigurationArgs, opts?: CustomResourceOptions);

@overload
def LdapConfiguration(resource_name: str,
                      args: LdapConfigurationArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def LdapConfiguration(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      authentication_enabled: Optional[bool] = None,
                      bind_password: Optional[str] = None,
                      bind_username: Optional[str] = None,
                      hostname: Optional[str] = None,
                      project_id: Optional[str] = None,
                      authorization_enabled: Optional[bool] = None,
                      authz_query_template: Optional[str] = None,
                      ca_certificate: Optional[str] = None,
                      port: Optional[int] = None,
                      user_to_dn_mappings: Optional[Sequence[LdapConfigurationUserToDnMappingArgs]] = None)

func NewLdapConfiguration(ctx *Context, name string, args LdapConfigurationArgs, opts ...ResourceOption) (*LdapConfiguration, error)

public LdapConfiguration(string name, LdapConfigurationArgs args, CustomResourceOptions? opts = null)

public LdapConfiguration(String name, LdapConfigurationArgs args)
public LdapConfiguration(String name, LdapConfigurationArgs args, CustomResourceOptions options)

type: mongodbatlas:LdapConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LdapConfigurationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LdapConfigurationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LdapConfigurationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LdapConfigurationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LdapConfigurationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var ldapConfigurationResource = new Mongodbatlas.LdapConfiguration("ldapConfigurationResource", new()
{
    AuthenticationEnabled = false,
    BindPassword = "string",
    BindUsername = "string",
    Hostname = "string",
    ProjectId = "string",
    AuthorizationEnabled = false,
    AuthzQueryTemplate = "string",
    CaCertificate = "string",
    Port = 0,
    UserToDnMappings = new[]
    {
        new Mongodbatlas.Inputs.LdapConfigurationUserToDnMappingArgs
        {
            LdapQuery = "string",
            Match = "string",
            Substitution = "string",
        },
    },
});

example, err := mongodbatlas.NewLdapConfiguration(ctx, "ldapConfigurationResource", &mongodbatlas.LdapConfigurationArgs{
	AuthenticationEnabled: pulumi.Bool(false),
	BindPassword:          pulumi.String("string"),
	BindUsername:          pulumi.String("string"),
	Hostname:              pulumi.String("string"),
	ProjectId:             pulumi.String("string"),
	AuthorizationEnabled:  pulumi.Bool(false),
	AuthzQueryTemplate:    pulumi.String("string"),
	CaCertificate:         pulumi.String("string"),
	Port:                  pulumi.Int(0),
	UserToDnMappings: mongodbatlas.LdapConfigurationUserToDnMappingArray{
		&mongodbatlas.LdapConfigurationUserToDnMappingArgs{
			LdapQuery:    pulumi.String("string"),
			Match:        pulumi.String("string"),
			Substitution: pulumi.String("string"),
		},
	},
})

var ldapConfigurationResource = new LdapConfiguration("ldapConfigurationResource", LdapConfigurationArgs.builder()
    .authenticationEnabled(false)
    .bindPassword("string")
    .bindUsername("string")
    .hostname("string")
    .projectId("string")
    .authorizationEnabled(false)
    .authzQueryTemplate("string")
    .caCertificate("string")
    .port(0)
    .userToDnMappings(LdapConfigurationUserToDnMappingArgs.builder()
        .ldapQuery("string")
        .match("string")
        .substitution("string")
        .build())
    .build());

ldap_configuration_resource = mongodbatlas.LdapConfiguration("ldapConfigurationResource",
    authentication_enabled=False,
    bind_password="string",
    bind_username="string",
    hostname="string",
    project_id="string",
    authorization_enabled=False,
    authz_query_template="string",
    ca_certificate="string",
    port=0,
    user_to_dn_mappings=[{
        "ldap_query": "string",
        "match": "string",
        "substitution": "string",
    }])

const ldapConfigurationResource = new mongodbatlas.LdapConfiguration("ldapConfigurationResource", {
    authenticationEnabled: false,
    bindPassword: "string",
    bindUsername: "string",
    hostname: "string",
    projectId: "string",
    authorizationEnabled: false,
    authzQueryTemplate: "string",
    caCertificate: "string",
    port: 0,
    userToDnMappings: [{
        ldapQuery: "string",
        match: "string",
        substitution: "string",
    }],
});

type: mongodbatlas:LdapConfiguration
properties:
    authenticationEnabled: false
    authorizationEnabled: false
    authzQueryTemplate: string
    bindPassword: string
    bindUsername: string
    caCertificate: string
    hostname: string
    port: 0
    projectId: string
    userToDnMappings:
        - ldapQuery: string
          match: string
          substitution: string

LdapConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LdapConfiguration resource accepts the following input properties:

AuthenticationEnabled bool

Specifies whether user authentication with LDAP is enabled.

BindPassword string

The password used to authenticate the bind_username.

BindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

Hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

ProjectId string

The unique ID for the project to configure LDAP.

AuthorizationEnabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

AuthzQueryTemplate string

An LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs. Used only for user authorization. Use the {USER} placeholder in the URL to substitute the authenticated username. The query is relative to the host specified with hostname. The formatting for the query must conform to RFC4515 and RFC 4516. If you do not provide a query template, Atlas attempts to use the default value: {USER}?memberOf?base.

CaCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

Port int

The port to which the LDAP server listens for client connections. Default: 636

UserToDnMappings List<LdapConfigurationUserToDnMapping>

Maps an LDAP username for authentication to an LDAP Distinguished Name (DN). Each document contains a match regular expression and either a substitution or ldap_query template used to transform the LDAP username extracted from the regular expression. Atlas steps through the each document in the array in the given order, checking the authentication username against the match filter. If a match is found, Atlas applies the transformation and uses the output to authenticate the user. Atlas does not check the remaining documents in the array. For more details and examples see the MongoDB Atlas API Reference.

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

AuthenticationEnabled bool

Specifies whether user authentication with LDAP is enabled.

BindPassword string

The password used to authenticate the bind_username.

BindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

Hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

ProjectId string

The unique ID for the project to configure LDAP.

AuthorizationEnabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

AuthzQueryTemplate string

CaCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

Port int

The port to which the LDAP server listens for client connections. Default: 636

UserToDnMappings []LdapConfigurationUserToDnMappingArgs

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled Boolean

Specifies whether user authentication with LDAP is enabled.

bindPassword String

The password used to authenticate the bind_username.

bindUsername String

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

hostname String

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

projectId String

The unique ID for the project to configure LDAP.

authorizationEnabled Boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate String

caCertificate String

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

port Integer

The port to which the LDAP server listens for client connections. Default: 636

userToDnMappings List<LdapConfigurationUserToDnMapping>

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled boolean

Specifies whether user authentication with LDAP is enabled.

bindPassword string

The password used to authenticate the bind_username.

bindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

projectId string

The unique ID for the project to configure LDAP.

authorizationEnabled boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate string

caCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

port number

The port to which the LDAP server listens for client connections. Default: 636

userToDnMappings LdapConfigurationUserToDnMapping[]

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authentication_enabled bool

Specifies whether user authentication with LDAP is enabled.

bind_password str

The password used to authenticate the bind_username.

bind_username str

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

hostname str

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

project_id str

The unique ID for the project to configure LDAP.

authorization_enabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authz_query_template str

ca_certificate str

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

port int

The port to which the LDAP server listens for client connections. Default: 636

user_to_dn_mappings Sequence[LdapConfigurationUserToDnMappingArgs]

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled Boolean

Specifies whether user authentication with LDAP is enabled.

bindPassword String

The password used to authenticate the bind_username.

bindUsername String

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

hostname String

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

projectId String

The unique ID for the project to configure LDAP.

authorizationEnabled Boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate String

caCertificate String

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

port Number

The port to which the LDAP server listens for client connections. Default: 636

userToDnMappings List<Property Map>

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

Outputs

All input properties are implicitly available as output properties. Additionally, the LdapConfiguration resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing LdapConfiguration Resource

Get an existing LdapConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: LdapConfigurationState, opts?: CustomResourceOptions): LdapConfiguration

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication_enabled: Optional[bool] = None,
        authorization_enabled: Optional[bool] = None,
        authz_query_template: Optional[str] = None,
        bind_password: Optional[str] = None,
        bind_username: Optional[str] = None,
        ca_certificate: Optional[str] = None,
        hostname: Optional[str] = None,
        port: Optional[int] = None,
        project_id: Optional[str] = None,
        user_to_dn_mappings: Optional[Sequence[LdapConfigurationUserToDnMappingArgs]] = None) -> LdapConfiguration

func GetLdapConfiguration(ctx *Context, name string, id IDInput, state *LdapConfigurationState, opts ...ResourceOption) (*LdapConfiguration, error)

public static LdapConfiguration Get(string name, Input<string> id, LdapConfigurationState? state, CustomResourceOptions? opts = null)

public static LdapConfiguration get(String name, Output<String> id, LdapConfigurationState state, CustomResourceOptions options)

resources:  _:    type: mongodbatlas:LdapConfiguration    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationEnabled bool

Specifies whether user authentication with LDAP is enabled.

AuthorizationEnabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

AuthzQueryTemplate string

BindPassword string

The password used to authenticate the bind_username.

BindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

CaCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

Hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

Port int

The port to which the LDAP server listens for client connections. Default: 636

ProjectId string

The unique ID for the project to configure LDAP.

UserToDnMappings List<LdapConfigurationUserToDnMapping>

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

AuthenticationEnabled bool

Specifies whether user authentication with LDAP is enabled.

AuthorizationEnabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

AuthzQueryTemplate string

BindPassword string

The password used to authenticate the bind_username.

BindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

CaCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

Hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

Port int

The port to which the LDAP server listens for client connections. Default: 636

ProjectId string

The unique ID for the project to configure LDAP.

UserToDnMappings []LdapConfigurationUserToDnMappingArgs

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled Boolean

Specifies whether user authentication with LDAP is enabled.

authorizationEnabled Boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate String

bindPassword String

The password used to authenticate the bind_username.

bindUsername String

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

caCertificate String

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

hostname String

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

port Integer

The port to which the LDAP server listens for client connections. Default: 636

projectId String

The unique ID for the project to configure LDAP.

userToDnMappings List<LdapConfigurationUserToDnMapping>

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled boolean

Specifies whether user authentication with LDAP is enabled.

authorizationEnabled boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate string

bindPassword string

The password used to authenticate the bind_username.

bindUsername string

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

caCertificate string

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

hostname string

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

port number

The port to which the LDAP server listens for client connections. Default: 636

projectId string

The unique ID for the project to configure LDAP.

userToDnMappings LdapConfigurationUserToDnMapping[]

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authentication_enabled bool

Specifies whether user authentication with LDAP is enabled.

authorization_enabled bool

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authz_query_template str

bind_password str

The password used to authenticate the bind_username.

bind_username str

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

ca_certificate str

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

hostname str

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

port int

The port to which the LDAP server listens for client connections. Default: 636

project_id str

The unique ID for the project to configure LDAP.

user_to_dn_mappings Sequence[LdapConfigurationUserToDnMappingArgs]

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

authenticationEnabled Boolean

Specifies whether user authentication with LDAP is enabled.

authorizationEnabled Boolean

Specifies whether user authorization with LDAP is enabled. You cannot enable user authorization with LDAP without first enabling user authentication with LDAP.

authzQueryTemplate String

bindPassword String

The password used to authenticate the bind_username.

bindUsername String

The user DN that Atlas uses to connect to the LDAP server. Must be the full DN, such as CN=BindUser,CN=Users,DC=myldapserver,DC=mycompany,DC=com.

caCertificate String

CA certificate used to verify the identify of the LDAP server. Self-signed certificates are allowed.

hostname String

The hostname or IP address of the LDAP server. The server must be visible to the internet or connected to your Atlas cluster with VPC Peering.

port Number

The port to which the LDAP server listens for client connections. Default: 636

projectId String

The unique ID for the project to configure LDAP.

userToDnMappings List<Property Map>

user_to_dn_mapping.0.match - (Optional) A regular expression to match against a provided LDAP username. Each parenthesis-enclosed section represents a regular expression capture group used by the substitution or ldap_query template.
user_to_dn_mapping.0.substitution - (Optional) An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name. Each bracket-enclosed numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.
user_to_dn_mapping.0.ldap_query - (Optional) An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516. Each numeric value is replaced by the corresponding regular expression capture group extracted from the LDAP username that matched the match regular expression.

Supporting Types

LdapConfigurationUserToDnMapping
, LdapConfigurationUserToDnMappingArgs

LdapQuery string
Match string
Substitution string

LdapQuery string
Match string
Substitution string

ldapQuery String
match String
substitution String

ldapQuery string
match string
substitution string

ldap_query str
match str
substitution str

ldapQuery String
match String
substitution String

Import

LDAP Configuration must be imported using project ID, e.g.

$ pulumi import mongodbatlas:index/ldapConfiguration:LdapConfiguration test 5d09d6a59ccf6445652a444a

For more information see: MongoDB Atlas API Reference.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: MongoDB Atlas pulumi/pulumi-mongodbatlas
License: Apache-2.0
Notes: This Pulumi package is based on the mongodbatlas Terraform Provider.

MongoDB Atlas v3.30.0 published on Friday, Mar 21, 2025 by Pulumi

pulumi/pulumi-mongodbatlas

mongodbatlas.LdapConfiguration

On this page

On this page

# Resource: mongodbatlas.LdapConfiguration

Example Usage

LDAP With User To DN Mapping

Create LdapConfiguration Resource

Constructor syntax

Parameters

Constructor example

LdapConfiguration Resource Properties

Inputs

Outputs

Look up Existing LdapConfiguration Resource

Supporting Types

LdapConfigurationUserToDnMapping
, LdapConfigurationUserToDnMappingArgs

Import

Package Details

On this page

On this page

mongodbatlas.LdapConfiguration

On this page

On this page

# Resource: mongodbatlas.LdapConfiguration

Example Usage

LDAP With User To DN Mapping

Create LdapConfiguration Resource

Constructor syntax

Parameters

Constructor example

LdapConfiguration Resource Properties

Inputs

Outputs

Look up Existing LdapConfiguration Resource

Supporting Types

LdapConfigurationUserToDnMapping, LdapConfigurationUserToDnMappingArgs

Import

Package Details

On this page

On this page

LdapConfigurationUserToDnMapping
, LdapConfigurationUserToDnMappingArgs