Skip to content

Resource: proxmox_virtual_environment_realm_sync

Warning

Deprecated: Use proxmox_realm_sync instead. This resource will be removed in v1.0.

Triggers synchronization of an existing authentication realm using /access/domains/{realm}/sync. This resource represents the last requested sync configuration; deleting it does not undo the sync.

This resource wraps the /access/domains/{realm}/sync API and is intended to be used alongside realm configuration resources such as proxmox_virtual_environment_realm_ldap.

Example Usage

resource "proxmox_virtual_environment_realm_ldap" "example" {
  realm = "example-ldap"

  server1   = "ldap.example.com"
  port      = 389
  base_dn   = "ou=people,dc=example,dc=com"
  user_attr = "uid"

  # Enable group sync
  group_dn     = "ou=groups,dc=example,dc=com"
  group_filter = "(objectClass=groupOfNames)"
}

resource "proxmox_virtual_environment_realm_sync" "example" {
  realm = proxmox_virtual_environment_realm_ldap.example.realm

  # Sync both users and groups
  scope = "both"

  # Remove entries that no longer exist in LDAP
  remove_vanished = "acl;entry;properties"

  # Enable new users/groups by default
  enable_new = true
}

Schema

Required

  • realm (String) Name of the realm to synchronize.

Optional

  • dry_run (Boolean) Only simulate the sync without applying changes.
  • enable_new (Boolean) Enable newly synced users.
  • full (Boolean, Deprecated) Perform a full sync.
  • purge (Boolean, Deprecated) Purge removed entries.
  • remove_vanished (String) How to handle vanished entries (e.g. acl;properties;entry or none).
  • scope (String) Sync scope: users, groups, or both.

Read-Only

  • id (String) Unique sync identifier (same as realm).

Import

Import is supported using the following syntax:

#!/usr/bin/env sh
# Realm sync resources can be imported by realm name, e.g.:
terraform import proxmox_virtual_environment_realm_sync.example example.com

Importing only populates the realm and id attributes; other fields must be set in configuration.

Behavior Notes

  • The sync operation is one-shot: applying the resource runs the sync with the specified options. Proxmox does not expose a persistent sync object, so this resource only records the last requested sync configuration in Terraform state.
  • Destroying the resource does not undo any previously performed sync; it simply removes the resource from Terraform state.