Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2021-12-31 23:00:00 +0000

lalupa gravatar image

To link a user to a group through their UID when utilizing LDAP authentication in Hashicorp Vault, follow these steps:

  1. Identify the group you want to link the user to and obtain its distinguished name (DN).

  2. Create a new LDAP policy in Vault that grants the necessary access to the group. For example:

path "secret/my-group/*" {
  capabilities = ["read", "list"]
}
  1. Assign the policy to the user using their LDAP UID. For example:
$ vault write auth/ldap/groups/my-group/users/<UID> policies=my-group-policy
  1. Verify that the user has access to the group's secrets by logging in as the user and using the vault kv get command to retrieve a secret from the group's path.
$ vault login -method=ldap username=<USERNAME>
$ vault kv get secret/my-group/secret-name

If successful, the above command should return the value of the secret-name key.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact