Open Jeka-Dem opened 4 years ago
I had the same error with Vault v1.4.3 using a 3 node raft storage back-end. I was authenticating users based on their samaccount username. It appears that there is a workaround to this issue by leaving upndomain
blank and setting groupfilter
to: (&(objectClass=user)(samAccountName={{.Username}}))
I can confirm that this solved the Error of Authentication failed: ldap operation failed: unable to retrieve user bind DN for me. See this other related issue: https://github.com/hashicorp/vault/issues/6325
I had the same error with vault v 1.11.0. Even I was authenticating users based on their samAccountName. Thanks, @what-the-crypto , your solution to change the group filter to: groupfilter="(&(objectClass=user)(samAccountName={{.Username}}))"
did the trick. The vault was able to Bind DN and authenticate.
Describe the bug LDAP auth can't find user outstand
OU=Vault,OU=Domain_Services,DC=test,DC=loc
locationTo Reproduce Steps to reproduce the behavior:
Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token.
Key Value
token s.duKYuWYyhUpb2J31WWvr7jIo token_accessor lI3f9dstd9B7VFqprUAuWruV token_duration 768h token_renewable true token_policies ["default" "vault-admin"] identity_policies [] policies ["default" "vault-admin"] token_meta_username vault
Expected behavior Success login and apply mapped group vault-admin
Environment:
vault status
): 1.4.2vault version
): v1.4.3Vault server configuration file(s):
Additional context Member list of
Vault.Admins