Hello,
We have Vault version V1.11.3 configured with OIDC for sign on.
Once the user is authenticated in Vault via OIDC, can we search for the groups he belongs to in a LDAP repository to give permission on the secrets in Vault?
Best regards,
David
You’re describing wanting to use some bits of the oidc auth method combined with some bits of the ldap auth method. There isn’t any way to do this out of the box - you’d have to write yourself a modified version of the oidc auth method as a Vault plugin, embedding extra LDAP code.
A more standard way to accomplish your goal, would be to expose group information through your OIDC identity provider, so that a separate LDAP lookup was not needed.
Hello maxb.
Thank you for your answer.
Best regards,
David