[HELP] configuring login via LDAP using Zentyal

Hello folks, I need some help to configure login via LDAP on hashicorp vault, i’ve setted up vault via kubernetes and its working fine, now I want to use Zentyal server (https://zentyal.com/) to autenticate.

The error i’m getting:

Error authenticating: Error making API request.
Code: 403. Errors:
* permission denied


Error authenticating: Error making API request.
Code: 400. Errors:
* ldap operation failed: failed to bind as user

The command i’m using to configure vault:

vault auth enable ldap

vault write auth/ldap/config \
    url="ldap://myserver" \
    userattr="uid" \
    userdn="OU=justatest,CN=Users,DC=justatest,DC=lan" \
    groupdn="OU=justatest,OU=Groups,CN=Users,DC=justatest,DC=lan" \
    groupfilter="(&(objectClass=group)(member={{.UserDN}}))" \
    groupattr="cn" \
    binddn="CN=administrator,CN=Users,DC=justatest,DC=lan" \

If i run and ldap search on cli works fine
ldapsearch -b "dc=justatest,dc=lan" -H ldap://myserver:389 -D administrator@justatest.lan "(sAMAccountName=lucas.aleixo)" -W -LLL "(member=CN=lucas.aleixo,OU=Users,OU=justatest,DC=justatest,DC=lan)"

Is there something i might be missing?
Any help is welcome :slight_smile:

I used the environment variable VAULT_LOG_LEVEL=trace so I could find the way to solution looking at the logs, I changed some things on zentyal, and the new command is:

vault write auth/ldap/config \ url=“ldap://myserver:389” \ binddn=“administrator@justatest.lan” \ bindpass=“mypass” \ userattr=“sAMAccountName” \ userdn=“CN=Users,DC=justatest,DC=lan” \ groupdn=“CN=Groups,DC=justatest,DC=lan”

1 Like