class Aws::MQ::Types::LdapServerMetadataInput

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.

Does not apply to RabbitMQ brokers.

@note When making an API call, you may pass LdapServerMetadataInput

data as a hash:

    {
      hosts: ["__string"], # required
      role_base: "__string", # required
      role_name: "__string",
      role_search_matching: "__string", # required
      role_search_subtree: false,
      service_account_password: "__string", # required
      service_account_username: "__string", # required
      user_base: "__string", # required
      user_role_name: "__string",
      user_search_matching: "__string", # required
      user_search_subtree: false,
    }

@!attribute [rw] hosts

Specifies the location of the LDAP server such as AWS Directory
Service for Microsoft Active Directory . Optional failover server.
@return [Array<String>]

@!attribute [rw] role_base

The distinguished name of the node in the directory information tree
(DIT) to search for roles or groups. For example, ou=group, ou=corp,
dc=corp, dc=example, dc=com.
@return [String]

@!attribute [rw] role_name

Specifies the LDAP attribute that identifies the group name
attribute in the object returned from the group membership query.
@return [String]

@!attribute [rw] role_search_matching

The LDAP search filter used to find roles within the roleBase. The
distinguished name of the user matched by userSearchMatching is
substituted into the \\\{0\\} placeholder in the search filter. The
client's username is substituted into the \\\{1\\} placeholder. For
example, if you set this option to (member=uid=\\\{1\\})for the user
janedoe, the search filter becomes (member=uid=janedoe) after string
substitution. It matches all role entries that have a member
attribute equal to uid=janedoe under the subtree selected by the
roleBase.
@return [String]

@!attribute [rw] role_search_subtree

The directory search scope for the role. If set to true, scope is to
search the entire subtree.
@return [Boolean]

@!attribute [rw] service_account_password

Service account password. A service account is an account in your
LDAP server that has access to initiate a connection. For example,
cn=admin,dc=corp, dc=example, dc=com.
@return [String]

@!attribute [rw] service_account_username

Service account username. A service account is an account in your
LDAP server that has access to initiate a connection. For example,
cn=admin,dc=corp, dc=example, dc=com.
@return [String]

@!attribute [rw] user_base

Select a particular subtree of the directory information tree (DIT)
to search for user entries. The subtree is specified by a DN, which
specifies the base node of the subtree. For example, by setting this
option to ou=Users,ou=corp, dc=corp, dc=example, dc=com, the search
for user entries is restricted to the subtree beneath ou=Users,
ou=corp, dc=corp, dc=example, dc=com.
@return [String]

@!attribute [rw] user_role_name

Specifies the name of the LDAP attribute for the user group
membership.
@return [String]

@!attribute [rw] user_search_matching

The LDAP search filter used to find users within the userBase. The
client's username is substituted into the \\\{0\\} placeholder in
the search filter. For example, if this option is set to
(uid=\\\{0\\}) and the received username is janedoe, the search
filter becomes (uid=janedoe) after string substitution. It will
result in matching an entry like uid=janedoe, ou=Users,ou=corp,
dc=corp, dc=example, dc=com.
@return [String]

@!attribute [rw] user_search_subtree

The directory search scope for the user. If set to true, scope is to
search the entire subtree.
@return [Boolean]

@see docs.aws.amazon.com/goto/WebAPI/mq-2017-11-27/LdapServerMetadataInput AWS API Documentation

Constants

SENSITIVE