Setting up Vault to integrate with LDAP Server(AD). samAccountName sign-in is working but not upn. According to Sample 1 of LDAP - Auth Methods | Vault | HashiCorp Developer, upn is supported.
tried all in below, none of them is working.
userattr=“userprincipalname”
userattr=“uid@upndomain”
remove userattr
any advices are very much appreciated.
Hello,
Could you please share the auth method config you are using? It should be similar to the example section of the doc page:
yes, i followed scenario 2 with userattr=sAMAccountName.
tried to change it to userattr=userprincipalname
and userattr=uid@userprincipaldomain
none of them can allow me sign in as upn.
Did you set upndomain in the config? (see example 1)
yes
vault write auth/ldap/config url="ldaps://dcs01.xxxx.com"
userattr=“samAccountName” userdn="ou=automation,dc=xxxx,dc=com"
groupdn=“ou=automation,dc=xxxx,dc=com” groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"
groupattr=“cn” `
binddn=“CN=ldap_service,OU=service accounts,OU=Automation,DC=xxxx,DC=com” bindpass='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
upndomain=“xxxx.com” `
insecure_tls=true starttls=true