Skip to content

Instantly share code, notes, and snippets.

@egeneralov

egeneralov/vault-ldap-with-freeipa-or-glauth.md

Created October 26, 2019 02:40
Show Gist options
  • Save egeneralov/07c192a6d02de810bc74dce85c892151 to your computer and use it in GitHub Desktop.
Save egeneralov/07c192a6d02de810bc74dce85c892151 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vault-ldap-with-freeipa-or-glauth.md

vault ldap

enable ldap auth

vault auth enable ldap

write ldap configuration

vault write auth/ldap/config \
url="ldaps://git.example.com" \
userattr=uid \
userdn="ou=users,dc=example,dc=com" \
groupdn="ou=groups,dc=example,dc=com" \
groupfilter="(&(memberOf=cn=gitlab,ou=services,dc=example,dc=com)(uid={{.Username}}))" \
groupattr="memberOf" \
binddn="cn=vault,ou=services,dc=example,dc=com" \
bindpass='password' \
insecure_tls=false \
starttls=false

test

vault login -method=ldap username=egeneralov

output must be like

Key                    Value
---                    -----
token                  s.gnw6DuK5dHvLEiiB0YukuhsU
token_accessor         BCwqORe0tPHjFWZLfKvoGPcO
token_duration         768h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_username    egeneralov
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment