- remove default ldap provider, requires links to proper provider lda…

…p configs and passing provider like

```hcl
    providers = { ldap = ldap.bocas }
```

CHANGELOG.md

@@ -58,6 +58,10 @@
   - change ldap.e.tco default to ldap2.e.tco
   - add -p to mkdir
 
+* 1.4.2 -- 2023-10-11
+  - remove default ldap provider, requires links to proper provider ldap configs and passing provider like
+      providers = { ldap = ldap.bocas }
+
 ## version 2.x
 
 branch: compat-tf-0.13

README.md

@@ -21,6 +21,15 @@ Because of this quirk, this is a two-step apply.  The first step creates the IAM
 ```
 
 # Notes
+On 2023-10-11, TCO changed the LDAP servers to (1) require authentication, and (2) update the TLS certificate.  Because
+of #1, the provider calls to the LDAP provider must provide credentials.  This module requires you to pass a proper
+ldap profile that includes credentials, even if you are not going to create an LDAP role.
+
+The server replacements are as folows:
+* ldap.e.tco.census.gov => ldap2.e.tco.census.gov
+* ldap.tco.census.gov => nldap2.tco.census.gov
+* nldap.tco.census.gov => nldap2.tco.census.gov
+
 ## Policies
 
 When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
@@ -44,6 +53,9 @@ Creating a SAML role with two attached policies
 ```hcl
 module "myrole1" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap.ebocas
+  }
 
   role_name                  = "my-role1"
   role_description           = "Role to do some super cool stuff"
@@ -66,6 +78,9 @@ Creating a non-SAML role
 ```hcl
 module "myrole2" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap
+  }
 
   role_name                  = "my-role2"
   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
@@ -86,6 +101,9 @@ data "aws_iam_document_policy" "my-policy-1" {
 
 module "myrole3" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+  providers = {
+    ldap = ldap
+  }
 
   role_name                  = "my-role3"
   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]

main.tf

@@ -22,6 +22,15 @@
 * ```
 *
 * # Notes
+* On 2023-10-11, TCO changed the LDAP servers to (1) require authentication, and (2) update the TLS certificate.  Because
+* of #1, the provider calls to the LDAP provider must provide credentials.  This module requires you to pass a proper
+* ldap profile that includes credentials, even if you are not going to create an LDAP role.
+*
+* The server replacements are as folows:
+* * ldap.e.tco.census.gov => ldap2.e.tco.census.gov
+* * ldap.tco.census.gov => nldap2.tco.census.gov
+* * nldap.tco.census.gov => nldap2.tco.census.gov
+*
 * ## Policies
 *
 * When using `attached_policies`, it is important those policy ARNs exist before attempting to use the module
@@ -45,6 +54,9 @@
 * ```hcl
 * module "myrole1" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap.ebocas
+*   }
 * 
 *   role_name                  = "my-role1"
 *   role_description           = "Role to do some super cool stuff"
@@ -67,6 +79,9 @@
 * ```hcl
 * module "myrole2" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap
+*   }
 * 
 *   role_name                  = "my-role2"
 *   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]
@@ -87,6 +102,9 @@
 * 
 * module "myrole3" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+*   providers = {
+*     ldap = ldap
+*   }
 * 
 *   role_name                  = "my-role3"
 *   attached_policies          = [ data.aws_iam_policy.aws-managed-readonlyaccess.arn ]

version.tf

@@ -1,4 +1,4 @@
 locals {
-  _module_version = "1.4.1"
+  _module_version = "1.4.2"
   #  _module_version = "2.2.0"
 }