dustinmm80/authn-ldap-readme.md

## authn-ldap-readme.md

      
    Raw
  

              authn-ldap-readme.md
            
          
    Conjur Authn-LDAP

Download v0.2.0
A Conjur authenticator which calls out to an external LDAP service to bind.
Configuration with environment variables

Slosilo key setup

On successful authentication this service issues a bearer token using the
configured Slosilo private key. One of these is required (and the first found
is used):

SLOSILO_KEY - verbatim Slosilo private key,
SLOSILO_KEY_FILE - path to the Slosilo private key,
authn.slosilo_keystore table in the default postgres database, encrypted with
symmetric key from AUTHN_SLOSILO_KEY environment variable (this supports
running directly on Conjur appliance).

LDAP setup


LDAP_URI, for example ldap://example.com,
LDAP_BINDDN and LDAP_BINDPW - the binding for search;
anonymous if not provided,
LDAP_BASE is the base of the tree,
LDAP_FILTER, with %s as the placeholder for login name;
defaults to '(&(objectClass=posixAccount)(uid=%s))'.

Installation directly on Conjur appliance


SSH into the appliance.
Get debian package from https://github.com/conjurinc/authn-ldap/releases/latest
and install it with sudo dpkg -i.
Edit /opt/conjur/etc/authn-ldap.conf to set up connection to the LDAP server.
Run sudo start authn-ldap to initially start the service. (It will also
start automatically whenever Conjur or the machine is restarted.)
To use the authenticator, set authn service uri in the client (for example in
conjur-cli CONJUR_AUTHN_URL environment variable or authn_url config file
setting) to https://conjur.example.com/api/authn-ldap/, where
conjur.example.com is your appliance host.