search

cloudfoundry-community / vault-boshrelease

Apache License 2.0
28 stars 35 forks source link

LDAP Auth Method #53

Closed solera-concourse closed 6 years ago

solera-concourse commented 6 years ago

How can I enable and configure LDAP Auth Method to vault-boshrelease ?

MattSurabian commented 6 years ago

This is something that would happen "out of band" and not during the deploy process. After the Vault is initialized and unsealed you can enable the LDAP auth backend and write the configuration like it says in the documentation: https://www.vaultproject.io/docs/auth/ldap.html

A functional config will likely look something like this:

vault write auth/ldap/config                        \
    url=ldaps://LDAP_SERVER:LDAP_PORT                 \
    discoverdn=true                                   \
    userattr=uid                                      \
    userdn=ou=accounts,dc=companyName,dc=com          \
    groupdn=ou=groups,dc=companyNamedc=com            \
    insecure_tls=false                                \
    starttls=true