search

l-with / terraform-provider-ldap

7 stars 4 forks source link

Authentication with Kerberos #84

Open Ravio1i opened 1 month ago

Ravio1i commented 1 month ago

We need to implement a method for logging into our LDAP provider using kinit and then perform operations managing the state of a ldap entry, which is currently done using the following command line tools:

kinit user@domain
ldapadd -H ldaps://domain -W -f computer.ldif -D domain\user

The existing module uses bind_user and bind_password for authentication. However, due to organizational restrictions, this method of logging in is not permissible.

We would like to ask to modify or extend the current module to authenticate using the kinit method and subsequently perform LDAP operations.

l-with commented 1 month ago

@Ravio1i Thank you for the suggestion. I understand the need.

The provider depends on the Go ldap package. I do not have much experience with Kerberos/SAML. According to my estimation the only connection method that looks like kerberos is GSSAPIBindRequest. Another possibility could be ExternalBind.

I do not have a test instance of an LDAP server with this authentication method.

Thus I have two questions:

  1. Could you provide a test instance with this authentication method?
  2. Would provide a pull request for this feature (we could co work on it)?