How to grant access to ssh-sign to the LDAP authenticated users?

Hi, with the use of LDAP auth i’ve managed to access with my ActiveDirectory users on vault.
I had a secret created before by the root user where users could retrieve a ssh-key signed by the vault server CA.

The thing is that the new users who get authenticated in vault, dont have access to that SSH-CA-KEY-SIGN resource.

How could i give acces to this SSH-KEY-SIGN resource to all my AD users?

You would do this the same way all access is managed in Vault - by writing policies and associating them with identity entities or groups (or in some cases having them linked directly to tokens by particular login methods).

I recognise this is a very general reply, but it is difficult to be more specific without more details of the current configuration that you are building on top of.

Sorry, but cant see the HCL syntax example

This discussion forum has a recurring problem with new accounts being registered, and then immediately used exactly once, to post a not-very-helpful reply, using text which appears plausibly AI generated. I assume it’s some type of attempted scam.

I could be wrong - but currently @ziongeorge799 matches the pattern I have come to associate with such activity.

@miguelangelpovea8 , it is likely that there never was an example, it’s just bad AI written text.

EDIT: They did indeed prove themselves to be a link spammer, just waiting until their account lost newly-registered status, and gained the ability to post links.