Hello, I’m really stuck here. I inherited a system which stores secrets in a Hashicorp vault, and I’m getting this error, Authentication failed: ldap operation failed: unable to retrieve user bind DN
I am not sure how to resolve this issue, and have been Googling for hours, and trying a lot of things.
- I did see the post here on this forum at ref. [A], but it isn’t helpful.
- Also the post at ref [B] gives some information about setting the
binddnvariable, but in classic utterly-frustrate-a-new user form, doesn’t say where to set it, how to set it, in what file it exists, or give any examples.
- Hashicorp Vault v1.6.x
- The vault is running on a docker container, on an AWS EC2.
… I have the .pem file, and am able to ssh into the EC2 - . I am able to ssh into the docker container with root priv, like so:
… docker exec -it 123abc123abc sh - On the container, some
vaultcommands work; e.g:
… vault version
→ Vault v1.6.0 (123asdf1234adsf1234adsf1234adsf13w4radsf1234asdff) - It is using ldap configuration
- When trying to retrieve config and other info, I get this message:
… a. “* missing client token”
How to proceed?
I’m not an expert with this, and would appreciate clear, full, command-line examples.
Thanks for your help.
Sincerely,
Keith
DOCKER COMPOSE FILE
$ cat docker-compose.yml
version: ‘3’
services:
vault:
image: vault:1.6.0
cap_add:
- IPC_LOCK
environment:
- VAULT_ADDR=http://127.0.0.1:8200
command: vault server -config=/vault/config/config.json
ports:
- 80:8200
volumes:
- vault-data:/vault
- ./config.json:/vault/config/config.json
volumes:
vault-data:ubuntu@ip-192-0-2-1:/home/tarjan-docker
VAULT CONFIG
/vault/config # cat config.json
{
“backend”: {
“file”: {
“path”: “/vault/data”
}
},
“listener”: {
“tcp”:{
“address”: “0.0.0.0:8200”,
“tls_disable”: 1
}
},
“default_lease_ttl”: “30m”,
“max_lease_ttl”: “30m”,
“log_level”: “info”,
“ui”: true
}