add configuration parameters to skip password rotation on import

hashicorp / vault-plugin-secrets-openldap

OpenLDAP secret engine for Vault

Mozilla Public License 2.0

17 stars 7 forks source link

add configuration parameters to skip password rotation on import #83

Closed kpcraig closed 10 months ago

kpcraig commented 10 months ago

This adds a new parameter to both the ldap configuration and the static role that will skip the initial password rotation on import. While this means vault won't know the password for the static user (/ldap/static-cred/role-name won't return a password), it does mean that an admin can pre-load users into ldap (say, during an AD->LDAP migration), without immediately changing the passwords.

This setting is off by default to retain backwards compatibility.

fairclothjm commented 10 months ago

Should we add a changelog entry for this?