Class MsadUserAccountControlMapper

# keycloak.ldap.MsadUserAccountControlMapper

Allows for creating and managing MSAD user account control mappers for Keycloak users federated via LDAP.

The MSAD (Microsoft Active Directory) user account control mapper is specific to LDAP user federation providers that are pulling from AD, and it can propagate AD user state to Keycloak in order to enforce settings like expired passwords or disabled accounts.

Example Usage

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm(&quot;realm&quot;, new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = &quot;test&quot;,
    });
    var ldapUserFederation = new Keycloak.Ldap.UserFederation(&quot;ldapUserFederation&quot;, new Keycloak.Ldap.UserFederationArgs
    {
        BindCredential = &quot;admin&quot;,
        BindDn = &quot;cn=admin,dc=example,dc=org&quot;,
        ConnectionUrl = &quot;ldap://my-ad-server&quot;,
        RdnLdapAttribute = &quot;cn&quot;,
        RealmId = realm.Id,
        UserObjectClasses = 
        {
            &quot;person&quot;,
            &quot;organizationalPerson&quot;,
            &quot;user&quot;,
        },
        UsernameLdapAttribute = &quot;cn&quot;,
        UsersDn = &quot;dc=example,dc=org&quot;,
        UuidLdapAttribute = &quot;objectGUID&quot;,
    });
    var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(&quot;msadUserAccountControlMapper&quot;, new Keycloak.Ldap.MsadUserAccountControlMapperArgs
    {
        LdapUserFederationId = ldapUserFederation.Id,
        RealmId = realm.Id,
    });
}

}

Argument Reference

The following arguments are supported:

realm_id - (Required) The realm that this LDAP mapper will exist in.
ldap_user_federation_id - (Required) The ID of the LDAP user federation provider to attach this mapper to.
name - (Required) Display name of this mapper when displayed in the console.
ldap_password_policy_hints_enabled - (Optional) When true, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to false.

Inheritance

System.Object

Resource

CustomResource

MsadUserAccountControlMapper

Inherited Members

CustomResource.Id

Resource.GetResourceType()

Resource.GetResourceName()

Resource.Urn

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Keycloak.Ldap

Assembly: Pulumi.Keycloak.dll

Syntax

public class MsadUserAccountControlMapper : CustomResource

Constructors

View Source

MsadUserAccountControlMapper(String, MsadUserAccountControlMapperArgs, CustomResourceOptions)

Create a MsadUserAccountControlMapper resource with the given unique name, arguments, and options.

Declaration

public MsadUserAccountControlMapper(string name, MsadUserAccountControlMapperArgs args, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resource
MsadUserAccountControlMapperArgs	args	The arguments used to populate this resource's properties
CustomResourceOptions	options	A bag of options that control this resource's behavior

Properties

View Source

LdapPasswordPolicyHintsEnabled

Declaration

public Output<bool?> LdapPasswordPolicyHintsEnabled { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

LdapUserFederationId

The ldap user federation provider to attach this mapper to.

Declaration

public Output<string> LdapUserFederationId { get; }

Property Value

Type	Description
Output<System.String>

View Source

Name

Display name of the mapper when displayed in the console.

Declaration

public Output<string> Name { get; }

Property Value

Type	Description
Output<System.String>

View Source

RealmId

The realm in which the ldap user federation provider exists.

Declaration

public Output<string> RealmId { get; }

Property Value

Type	Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, MsadUserAccountControlMapperState, CustomResourceOptions)

Get an existing MsadUserAccountControlMapper resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration

public static MsadUserAccountControlMapper Get(string name, Input<string> id, MsadUserAccountControlMapperState state = null, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resulting resource.
Input<System.String>	id	The unique provider ID of the resource to lookup.
MsadUserAccountControlMapperState	state	Any extra arguments used during the lookup.
CustomResourceOptions	options	A bag of options that control this resource's behavior

Returns

Type	Description
MsadUserAccountControlMapper