diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17a8dfa..65bdbc9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,3 +10,6 @@
* v1.0.2 -- 20210402
- add `role_description` variable
+
+* v1.0.3 -- 20210402
+ - add export of ldap_dn
diff --git a/README.md b/README.md
index 6e540ca..75bc53c 100644
--- a/README.md
+++ b/README.md
@@ -109,5 +109,6 @@ No modules.
| Name | Description |
|------|-------------|
+| [ldap\_dn](#output\_ldap\_dn) | Created LDAP DN for role (empty if ldap is not enabled) |
| [role\_arn](#output\_role\_arn) | Created role ARN |
| [role\_name](#output\_role\_name) | Created role name |
diff --git a/main.tf b/main.tf
index f650705..bcee0e6 100644
--- a/main.tf
+++ b/main.tf
@@ -78,6 +78,7 @@ locals {
ldap_provider_exists = data.external.ldap_provider_bin.result.status == "0" ? true : false
enable_ldap = var.enable_ldap_creation && var.ldap_user != "" && var.ldap_password != "" && var.saml_provider_arn != "" && local.ldap_provider_exists
+ ldap_dn = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
base_tags = {
"boc:tf_module_version" = local._module_version
@@ -135,7 +136,7 @@ resource "null_resource" "role_ldif" {
resource "ldap_object" "role" {
count = local.ldap_exists && local.enable_ldap ? 1 : 0
provider = ldap
- dn = format("cn=%s,ou=%s,ou=AWS,ou=Cloud,ou=Application,o=U.S. Census Bureau,c=US", aws_iam_role.role.name, local.account_id)
+ dn = local.ldap_dn
object_classes = [
"top",
"bocGroup",
diff --git a/outputs.tf b/outputs.tf
index 9f9435c..84a527a 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -8,3 +8,8 @@ output "role_name" {
description = "Created role name"
value = aws_iam_role.role.name
}
+
+output "ldap_dn" {
+ description = "Created LDAP DN for role (empty if ldap is not enabled)"
+ value = local.enable_ldap ? local.ldap_dn : ""
+}
diff --git a/version.tf b/version.tf
index 02c6357..1dfb710 100644
--- a/version.tf
+++ b/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.0.2"
+ _module_version = "1.0.3"
}