Documentation

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.

See: newLdapServerMetadataOutput smart constructor.

Create a value of LdapServerMetadataOutput with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:userRoleName:LdapServerMetadataOutput', ldapServerMetadataOutput_userRoleName - Specifies the name of the LDAP attribute for the user group membership.

$sel:userSearchSubtree:LdapServerMetadataOutput', ldapServerMetadataOutput_userSearchSubtree - The directory search scope for the user. If set to true, scope is to search the entire subtree.

$sel:roleSearchSubtree:LdapServerMetadataOutput', ldapServerMetadataOutput_roleSearchSubtree - The directory search scope for the role. If set to true, scope is to search the entire subtree.

$sel:roleName:LdapServerMetadataOutput', ldapServerMetadataOutput_roleName - Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.

$sel:hosts:LdapServerMetadataOutput', ldapServerMetadataOutput_hosts - Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.

$sel:userSearchMatching:LdapServerMetadataOutput', ldapServerMetadataOutput_userSearchMatching - The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example, dc=com.

$sel:userBase:LdapServerMetadataOutput', ldapServerMetadataOutput_userBase - Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp, dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.

$sel:roleSearchMatching:LdapServerMetadataOutput', ldapServerMetadataOutput_roleSearchMatching - The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.

$sel:serviceAccountUsername:LdapServerMetadataOutput', ldapServerMetadataOutput_serviceAccountUsername - Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example, dc=com.

$sel:roleBase:LdapServerMetadataOutput', ldapServerMetadataOutput_roleBase - The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp, dc=example, dc=com.

Specifies the name of the LDAP attribute for the user group membership.

The directory search scope for the user. If set to true, scope is to search the entire subtree.

The directory search scope for the role. If set to true, scope is to search the entire subtree.

Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.

Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.

The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example, dc=com.

Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp, dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.

The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.

Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example, dc=com.

The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp, dc=example, dc=com.