Open telmomurphy opened 2 months ago
For what it's worth, I just tracked down something very similar. I found it related to a bad configuration of token_bound_cidrs. I saw the behavior in auth/ldap/config and auth/approle/role/something.
I'm not sure what I was doing wrong, since I couldn't see the bad configuration, but I think it involved using the "token_bound_cidrs=@file" syntax. I was able to fix/bypass it by using vault write auth/ldap/config token_bound_cidrs="1.1.1.1/1,2.2.2.2/2,..."
I hope this helps.
I've managed to find out the issue, although not 100% sure why it fails i have a good workaround. in that cluster i use FluentD to ship logs elsewhere and somehow not all audit logs are parsing correctly therefore the path can't be accessed as it cannot write to audit output. My workaround was to enable a second audit output (also recommended in the documentation). In my case i'm outputting to stdout and this way there is no more parsing issues
I have HA vault deployed in kubernetes through helm. Authentication is served using ldap. After enabling audit socket i’ve stopped being able to open ldap auth method configuration over the UI, if i disable audit, it starts working again. I was running vault 16.1 and now have upgraded to 17.2 but to no avail. Error below:
Ember Data Request GET /v1/auth/ldap/?help=1 returned a 500 Payload (application/json) [object Object] internal error
To Reproduce Steps to reproduce the behavior:
Expected behavior Continue to be able to configure LDAP auth over UI without issues.
Environment: NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION vault vault 2 2024-07-23 08:58:40.790685612 +0100 IST deployed vault-0.28.1 1.17.2
Vault server configuration file(s):
Additional context Add any other context about the problem here.