To link a user to a group through their UID when utilizing LDAP authentication in Hashicorp Vault, follow these steps:
Identify the group you want to link the user to and obtain its distinguished name (DN).
Create a new LDAP policy in Vault that grants the necessary access to the group. For example:
path "secret/my-group/*" {
capabilities = ["read", "list"]
}
$ vault write auth/ldap/groups/my-group/users/<UID> policies=my-group-policy
vault kv get
command to retrieve a secret from the group's path.$ vault login -method=ldap username=<USERNAME>
$ vault kv get secret/my-group/secret-name
If successful, the above command should return the value of the secret-name
key.
Asked: 2022-06-12 11:00:00 +0000
Seen: 16 times
Last updated: Dec 31 '21