import * as pulumi from "@pulumi/pulumi";
/**
 * > **Deprecated:** Use `proxmoxve.realm.Ldap` instead. This resource will be removed in v1.0.
 *
 * Manages an LDAP authentication realm in Proxmox VE.
 *
 * LDAP realms allow Proxmox to authenticate users against an LDAP directory service.
 *
 * ## Privileges Required
 *
 * | Path | Attribute |
 * |-----------------|----------------|
 * | /access/domains | Realm.Allocate |
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
 *
 * const example = new proxmoxve.realm.LdapLegacy("example", {
 *     realm: "example-ldap",
 *     server1: "ldap.example.com",
 *     port: 389,
 *     baseDn: "ou=people,dc=example,dc=com",
 *     userAttr: "uid",
 *     bindDn: "cn=admin,dc=example,dc=com",
 *     bindPassword: ldapBindPassword,
 *     mode: "ldap+starttls",
 *     verify: true,
 *     groupDn: "ou=groups,dc=example,dc=com",
 *     groupFilter: "(objectClass=groupOfNames)",
 *     comment: "Example LDAP realm managed by Terraform",
 * });
 * ```
 *
 * ## Notes
 *
 * ### Password Security
 *
 * The `bindPassword` is sent to Proxmox and stored securely, but it's never returned by the API. This means:
 * - Terraform cannot detect if the password was changed outside of Terraform
 * - You must maintain the password in your Terraform configuration or use a variable
 * - The password will be marked as sensitive in Terraform state
 *
 * ### LDAP vs LDAPS
 *
 * - **LDAP (port 389)**: Unencrypted connection. Not recommended for production.
 * - **LDAPS (port 636)**: Encrypted connection using SSL/TLS. Recommended for production.
 * - **LDAP+StartTLS**: Upgrades plain LDAP connection to TLS. Alternative to LDAPS.
 *
 * ### User Synchronization
 *
 * To trigger synchronization, use the `proxmoxve.realm.SyncLegacy` resource.
 *
 * ### Common Configuration Scenarios
 *
 * #### Anonymous Binding
 * For testing or public LDAP servers, omit `bindDn` and `bindPassword` to use anonymous binding:
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
 *
 * const anonymous = new proxmoxve.realm.LdapLegacy("anonymous", {
 *     realm: "public-ldap",
 *     server1: "ldap.example.com",
 *     baseDn: "ou=users,dc=example,dc=com",
 *     userAttr: "uid",
 * });
 * ```
 *
 * #### Secure LDAPS with Failover
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
 *
 * const secure = new proxmoxve.realm.LdapLegacy("secure", {
 *     realm: "secure-ldap",
 *     server1: "ldap1.example.com",
 *     server2: "ldap2.example.com",
 *     port: 636,
 *     baseDn: "ou=users,dc=example,dc=com",
 *     bindDn: "cn=readonly,dc=example,dc=com",
 *     bindPassword: ldapPassword,
 *     mode: "ldaps",
 *     verify: true,
 *     caPath: "/etc/pve/priv/ca.crt",
 * });
 * ```
 *
 * #### With Group Synchronization
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
 *
 * const withGroups = new proxmoxve.realm.LdapLegacy("with_groups", {
 *     realm: "corporate-ldap",
 *     server1: "ldap.corp.example.com",
 *     baseDn: "ou=users,dc=corp,dc=example,dc=com",
 *     bindDn: "cn=svc_ldap,ou=services,dc=corp,dc=example,dc=com",
 *     bindPassword: ldapPassword,
 *     mode: "ldap+starttls",
 *     groupDn: "ou=groups,dc=corp,dc=example,dc=com",
 *     groupFilter: "(objectClass=groupOfNames)",
 *     groupNameAttr: "cn",
 *     syncAttributes: "email=mail,firstname=givenName,lastname=sn",
 *     syncDefaultsOptions: "scope=both,enable-new=1",
 * });
 * ```
 *
 * ## See Also
 *
 * - [Proxmox VE User Management](https://pve.proxmox.com/wiki/User_Management)
 * - [Proxmox VE LDAP Authentication](https://pve.proxmox.com/wiki/User_Management#pveum_ldap)
 * - [Proxmox API: /access/domains](https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/domains)
 *
 * ## Import
 *
 * !/usr/bin/env sh
 * LDAP realms can be imported using the realm identifier, e.g.:
 *
 * ```sh
 * $ pulumi import proxmoxve:realm/ldapLegacy:LdapLegacy example example.com
 * ```
 *
 * > When importing, the `bindPassword` attribute cannot be imported since it's not returned by the Proxmox API. You'll need to set this attribute in your Terraform configuration after the import to manage it with Terraform.
 */
export declare class LdapLegacy extends pulumi.CustomResource {
    /**
     * Get an existing LdapLegacy resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LdapLegacyState, opts?: pulumi.CustomResourceOptions): LdapLegacy;
    /**
     * Returns true if the given object is an instance of LdapLegacy.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is LdapLegacy;
    /**
     * LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
     */
    readonly baseDn: pulumi.Output<string>;
    /**
     * LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
     */
    readonly bindDn: pulumi.Output<string | undefined>;
    /**
     * Password for the bind DN. Note: stored in Proxmox but not returned by API.
     */
    readonly bindPassword: pulumi.Output<string | undefined>;
    /**
     * Path to CA certificate file for SSL verification.
     */
    readonly caPath: pulumi.Output<string | undefined>;
    /**
     * Enable case-sensitive username matching.
     */
    readonly caseSensitive: pulumi.Output<boolean>;
    /**
     * Path to client certificate key.
     */
    readonly certKeyPath: pulumi.Output<string | undefined>;
    /**
     * Path to client certificate for SSL authentication.
     */
    readonly certPath: pulumi.Output<string | undefined>;
    /**
     * Description of the realm.
     */
    readonly comment: pulumi.Output<string | undefined>;
    /**
     * Use this realm as the default for login.
     */
    readonly default: pulumi.Output<boolean>;
    /**
     * LDAP filter for user searches.
     */
    readonly filter: pulumi.Output<string | undefined>;
    /**
     * LDAP objectClasses for groups (comma-separated).
     */
    readonly groupClasses: pulumi.Output<string | undefined>;
    /**
     * LDAP base DN for group searches.
     */
    readonly groupDn: pulumi.Output<string | undefined>;
    /**
     * LDAP filter for group searches.
     */
    readonly groupFilter: pulumi.Output<string | undefined>;
    /**
     * LDAP attribute representing the group name.
     */
    readonly groupNameAttr: pulumi.Output<string | undefined>;
    /**
     * LDAP connection mode (ldap, ldaps, ldap+starttls).
     */
    readonly mode: pulumi.Output<string | undefined>;
    /**
     * LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
     */
    readonly port: pulumi.Output<number | undefined>;
    /**
     * Realm identifier (e.g., 'example.com').
     */
    readonly realm: pulumi.Output<string>;
    /**
     * Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
     *
     * @deprecated Deprecated by Proxmox: use mode instead.
     */
    readonly secure: pulumi.Output<boolean>;
    /**
     * Primary LDAP server hostname or IP address.
     */
    readonly server1: pulumi.Output<string>;
    /**
     * Fallback LDAP server hostname or IP address.
     */
    readonly server2: pulumi.Output<string | undefined>;
    /**
     * SSL/TLS version (tlsv1, tlsv1*1, tlsv1*2, tlsv1_3).
     */
    readonly sslVersion: pulumi.Output<string | undefined>;
    /**
     * Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
     */
    readonly syncAttributes: pulumi.Output<string | undefined>;
    /**
     * Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
     */
    readonly syncDefaultsOptions: pulumi.Output<string | undefined>;
    /**
     * LDAP attribute representing the username.
     */
    readonly userAttr: pulumi.Output<string>;
    /**
     * LDAP objectClasses for users (comma-separated).
     */
    readonly userClasses: pulumi.Output<string | undefined>;
    /**
     * Verify LDAP server SSL certificate.
     */
    readonly verify: pulumi.Output<boolean>;
    /**
     * Create a LdapLegacy resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: LdapLegacyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering LdapLegacy resources.
 */
export interface LdapLegacyState {
    /**
     * LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
     */
    baseDn?: pulumi.Input<string | undefined>;
    /**
     * LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
     */
    bindDn?: pulumi.Input<string | undefined>;
    /**
     * Password for the bind DN. Note: stored in Proxmox but not returned by API.
     */
    bindPassword?: pulumi.Input<string | undefined>;
    /**
     * Path to CA certificate file for SSL verification.
     */
    caPath?: pulumi.Input<string | undefined>;
    /**
     * Enable case-sensitive username matching.
     */
    caseSensitive?: pulumi.Input<boolean | undefined>;
    /**
     * Path to client certificate key.
     */
    certKeyPath?: pulumi.Input<string | undefined>;
    /**
     * Path to client certificate for SSL authentication.
     */
    certPath?: pulumi.Input<string | undefined>;
    /**
     * Description of the realm.
     */
    comment?: pulumi.Input<string | undefined>;
    /**
     * Use this realm as the default for login.
     */
    default?: pulumi.Input<boolean | undefined>;
    /**
     * LDAP filter for user searches.
     */
    filter?: pulumi.Input<string | undefined>;
    /**
     * LDAP objectClasses for groups (comma-separated).
     */
    groupClasses?: pulumi.Input<string | undefined>;
    /**
     * LDAP base DN for group searches.
     */
    groupDn?: pulumi.Input<string | undefined>;
    /**
     * LDAP filter for group searches.
     */
    groupFilter?: pulumi.Input<string | undefined>;
    /**
     * LDAP attribute representing the group name.
     */
    groupNameAttr?: pulumi.Input<string | undefined>;
    /**
     * LDAP connection mode (ldap, ldaps, ldap+starttls).
     */
    mode?: pulumi.Input<string | undefined>;
    /**
     * LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
     */
    port?: pulumi.Input<number | undefined>;
    /**
     * Realm identifier (e.g., 'example.com').
     */
    realm?: pulumi.Input<string | undefined>;
    /**
     * Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
     *
     * @deprecated Deprecated by Proxmox: use mode instead.
     */
    secure?: pulumi.Input<boolean | undefined>;
    /**
     * Primary LDAP server hostname or IP address.
     */
    server1?: pulumi.Input<string | undefined>;
    /**
     * Fallback LDAP server hostname or IP address.
     */
    server2?: pulumi.Input<string | undefined>;
    /**
     * SSL/TLS version (tlsv1, tlsv1*1, tlsv1*2, tlsv1_3).
     */
    sslVersion?: pulumi.Input<string | undefined>;
    /**
     * Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
     */
    syncAttributes?: pulumi.Input<string | undefined>;
    /**
     * Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
     */
    syncDefaultsOptions?: pulumi.Input<string | undefined>;
    /**
     * LDAP attribute representing the username.
     */
    userAttr?: pulumi.Input<string | undefined>;
    /**
     * LDAP objectClasses for users (comma-separated).
     */
    userClasses?: pulumi.Input<string | undefined>;
    /**
     * Verify LDAP server SSL certificate.
     */
    verify?: pulumi.Input<boolean | undefined>;
}
/**
 * The set of arguments for constructing a LdapLegacy resource.
 */
export interface LdapLegacyArgs {
    /**
     * LDAP base DN for user searches (e.g., 'ou=users,dc=example,dc=com').
     */
    baseDn: pulumi.Input<string>;
    /**
     * LDAP bind DN for authentication (e.g., 'cn=admin,dc=example,dc=com').
     */
    bindDn?: pulumi.Input<string | undefined>;
    /**
     * Password for the bind DN. Note: stored in Proxmox but not returned by API.
     */
    bindPassword?: pulumi.Input<string | undefined>;
    /**
     * Path to CA certificate file for SSL verification.
     */
    caPath?: pulumi.Input<string | undefined>;
    /**
     * Enable case-sensitive username matching.
     */
    caseSensitive?: pulumi.Input<boolean | undefined>;
    /**
     * Path to client certificate key.
     */
    certKeyPath?: pulumi.Input<string | undefined>;
    /**
     * Path to client certificate for SSL authentication.
     */
    certPath?: pulumi.Input<string | undefined>;
    /**
     * Description of the realm.
     */
    comment?: pulumi.Input<string | undefined>;
    /**
     * Use this realm as the default for login.
     */
    default?: pulumi.Input<boolean | undefined>;
    /**
     * LDAP filter for user searches.
     */
    filter?: pulumi.Input<string | undefined>;
    /**
     * LDAP objectClasses for groups (comma-separated).
     */
    groupClasses?: pulumi.Input<string | undefined>;
    /**
     * LDAP base DN for group searches.
     */
    groupDn?: pulumi.Input<string | undefined>;
    /**
     * LDAP filter for group searches.
     */
    groupFilter?: pulumi.Input<string | undefined>;
    /**
     * LDAP attribute representing the group name.
     */
    groupNameAttr?: pulumi.Input<string | undefined>;
    /**
     * LDAP connection mode (ldap, ldaps, ldap+starttls).
     */
    mode?: pulumi.Input<string | undefined>;
    /**
     * LDAP server port. Default: 389 (LDAP) or 636 (LDAPS).
     */
    port?: pulumi.Input<number | undefined>;
    /**
     * Realm identifier (e.g., 'example.com').
     */
    realm: pulumi.Input<string>;
    /**
     * Use LDAPS (LDAP over SSL/TLS) instead of plain LDAP.
     *
     * @deprecated Deprecated by Proxmox: use mode instead.
     */
    secure?: pulumi.Input<boolean | undefined>;
    /**
     * Primary LDAP server hostname or IP address.
     */
    server1: pulumi.Input<string>;
    /**
     * Fallback LDAP server hostname or IP address.
     */
    server2?: pulumi.Input<string | undefined>;
    /**
     * SSL/TLS version (tlsv1, tlsv1*1, tlsv1*2, tlsv1_3).
     */
    sslVersion?: pulumi.Input<string | undefined>;
    /**
     * Comma-separated list of attributes to sync (e.g., 'email=mail,firstname=givenName').
     */
    syncAttributes?: pulumi.Input<string | undefined>;
    /**
     * Default synchronization options. Format: comma-separated 'key=value' pairs. Valid keys: 'scope' (users/groups/both), 'enable-new' (1/0), 'remove-vanished' (semicolon-separated: entry/acl/properties), 'full' (deprecated), 'purge' (deprecated). Example: 'scope=users,enable-new=1,remove-vanished=entry;acl'.
     */
    syncDefaultsOptions?: pulumi.Input<string | undefined>;
    /**
     * LDAP attribute representing the username.
     */
    userAttr?: pulumi.Input<string | undefined>;
    /**
     * LDAP objectClasses for users (comma-separated).
     */
    userClasses?: pulumi.Input<string | undefined>;
    /**
     * Verify LDAP server SSL certificate.
     */
    verify?: pulumi.Input<boolean | undefined>;
}
//# sourceMappingURL=ldapLegacy.d.ts.map