GuyBarros/vault_ldap.tf

## vault_ldap.tf
resource "vault_mount" "ldap" {
  path        = "ldap"
  type        = "openldap"
  description = "LDAP Secret Engine"
}


resource "vault_generic_endpoint" "openldapconfig" {
  depends_on           = [vault_mount.ldap]
  path                 = "${vault_mount.ldap.path}/config"
  ignore_absent_fields = true

  data_json = <<EOT
    {
    "binddn": "CN=vaultadmin,CN=Users,DC=hashidemos,DC=io",
    "bindpass": "P@ssw0rd",
    "url": "ldap://ec2-18-130-232-151.eu-west-2.compute.amazonaws.com",
    "schema": "ad",
    "insecure_tls": true,
    "starttls": false,
    "ttl": "10m"
    }
EOT
}

openldap/role/:role_name
resource "vault_generic_endpoint" "openldaprole" {
  depends_on           = [vault_mount.openldapconfig]
  path                 = "${vault_mount.ldap.path}/role/${var.openldaprolename}"
  ignore_absent_fields = true

  data_json = <<EOT
    {
    "creation_ldif": "dn: CN={{.Username}},CN=Users,DC=hashidemos,DC=io changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user userPrincipalName: {{.Username}}@hashidemos.io dn: CN={{.Username}},CN=Users,DC=hashidemos,DC=io changetype: modify replace: unicodePwd unicodePwd::{{ printf \"%q\" .Password | utf16le | base64 }} - replace: userAccountControl userAccountControl: 66048 - dn: CN=Hashicorp APP Admins,OU=Groups,DC=hashidemos,DC=io changetype: modify add: member member: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io -",
    "deletion_ldif": "dn: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io changetype: delete -",
    "rollback_ldif": "dn: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io changetype: delete -",
    }
EOT
}
	resource "vault_mount" "ldap" {
	path = "ldap"
	type = "openldap"
	description = "LDAP Secret Engine"
	}


	resource "vault_generic_endpoint" "openldapconfig" {
	depends_on = [vault_mount.ldap]
	path = "${vault_mount.ldap.path}/config"
	ignore_absent_fields = true

	data_json = <<EOT
	{
	"binddn": "CN=vaultadmin,CN=Users,DC=hashidemos,DC=io",
	"bindpass": "P@ssw0rd",
	"url": "ldap://ec2-18-130-232-151.eu-west-2.compute.amazonaws.com",
	"schema": "ad",
	"insecure_tls": true,
	"starttls": false,
	"ttl": "10m"
	}
	EOT
	}

	openldap/role/:role_name
	resource "vault_generic_endpoint" "openldaprole" {
	depends_on = [vault_mount.openldapconfig]
	path = "${vault_mount.ldap.path}/role/${var.openldaprolename}"
	ignore_absent_fields = true

	data_json = <<EOT
	{
	"creation_ldif": "dn: CN={{.Username}},CN=Users,DC=hashidemos,DC=io changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user userPrincipalName: {{.Username}}@hashidemos.io dn: CN={{.Username}},CN=Users,DC=hashidemos,DC=io changetype: modify replace: unicodePwd unicodePwd::{{ printf \"%q\" .Password \| utf16le \| base64 }} - replace: userAccountControl userAccountControl: 66048 - dn: CN=Hashicorp APP Admins,OU=Groups,DC=hashidemos,DC=io changetype: modify add: member member: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io -",
	"deletion_ldif": "dn: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io changetype: delete -",
	"rollback_ldif": "dn: CN={{.Username}},CN=Users,DC=Hashidemos,DC=io changetype: delete -",
	}
	EOT
	}