How can I link a user to a group through their UID when utilizing LDAP authentication in Hashicorp Vault?

asked 2022-06-12 11:00:00 +0000

pufferfish
41 ●3 ●2

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2021-12-31 23:00:00 +0000

lalupa
21 ●1 ●1

To link a user to a group through their UID when utilizing LDAP authentication in Hashicorp Vault, follow these steps:

Identify the group you want to link the user to and obtain its distinguished name (DN).
Create a new LDAP policy in Vault that grants the necessary access to the group. For example:

path "secret/my-group/*" {
  capabilities = ["read", "list"]
}

Assign the policy to the user using their LDAP UID. For example:

$ vault write auth/ldap/groups/my-group/users/<UID> policies=my-group-policy

Verify that the user has access to the group's secrets by logging in as the user and using the vault kv get command to retrieve a secret from the group's path.

$ vault login -method=ldap username=<USERNAME>
$ vault kv get secret/my-group/secret-name

If successful, the above command should return the value of the secret-name key.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools

Stats

Asked: 2022-06-12 11:00:00 +0000

Seen: 14 times

Last updated: Dec 31 '21

How can I link a user to a group through their UID when utilizing LDAP authentication in Hashicorp Vault? edit

1 Answer