LDAP

https://www.vaultproject.io/docs/auth/ldap.html

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X. 500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

Provision

bash docker/docker.sh
bash ldap/ldap.sh
bash vault/vault.shCopy to clipboardErrorCopied

vagrant up --provision-with basetools,docker,docsify,ldap,vaultCopy to clipboardErrorCopied

docker compose exec hashiqube /bin/bash
bash hashiqube/basetools.sh
bash docker/docker.sh
bash docsify/docsify.sh
bash ldap/ldap.sh
bash vault/vault.shCopy to clipboardErrorCopied

Enable LDAP Auth in Vault

vault auth enable ldap

Success! Enabled ldap auth method at: ldap/Copy to clipboardErrorCopied

vault write auth/ldap/config url="ldap://localhost:389" userdn="ou=people,dc=planetexpress,dc=com" groupdn="ou=people,dc=planetexpress,dc=com" groupattr="cn" insecure_tls=true userattr=uid starttls=false binddn="cn=admin,dc=planetexpress,dc=com" bindpass='GoodNewsEveryone'

Success! Data written to: auth/ldap/configCopy to clipboardErrorCopied

vault login -method=ldap username=hermes

Password (will be hidden):
WARNING! The VAULT_TOKEN environment variable is set! This takes precedence
over the value set by this command. To use the value set by this command,
unset the VAULT_TOKEN environment variable or set it to the token displayed
below.

Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.

Key                    Value
---                    -----
token                  s.dbcrQVvhuT1RNQiK3FMFiNZe
token_accessor         wNdDBVDTEj3AfAfxypJELiGD
token_duration         10h
token_renewable        true
token_policies         ["default"]
identity_policies      []
policies               ["default"]
token_meta_username    hermesCopy to clipboardErrorCopied

Ldap Vault Vagrant Provisioner

#!/bin/bash
sudo docker stop ldap
sudo docker rm ldap
yes | sudo docker system prune -a
yes | sudo docker system prune --volumes
sudo docker run --privileged -d -p 389:389 --name ldap rroemhild/test-openldap
echo -e '\e[38;5;198m'"++++ To use this in Vault please do"
echo -e '\e[38;5;198m'"++++ vault auth enable ldap"
echo -e '\e[38;5;198m'"++++ vault write auth/ldap/config url=\"ldap://localhost:389\" userdn=\"ou=people,dc=planetexpress,dc=com\" groupdn=\"ou=people,dc=planetexpress,dc=com\" groupattr=\"cn\" insecure_tls=true userattr=uid starttls=false binddn=\"cn=admin,dc=planetexpress,dc=com\" bindpass='GoodNewsEveryone'"
echo -e '\e[38;5;198m'"++++ vault login -method=ldap username=hermes (password: hermes)"
Copy to clipboardErrorCopied