Hi again
vault: 1.13.2
scenario: I have 2 active directories, 2012 R2 and 2019
In both AD exist the user1 as specific user for test and adminslot1 and adminslot2 for sharing credentials
Why using backend Windows 2012 i can only add 1 library in the secret engine LDAP?
I want to implement share credentials and specific credentials, that’s why i use 2 libraries 1 for set sharing credentials and 1 for specific user
Using LDAP secret engine and windows server 2012
vault secrets enable -path=ldap2012 ldap
Success! Data written
vault write ldap2012/config binddn='CN=vaultuser,OU=Users,DC=domain,DC=local' bindpass='mypassword' \
url=ldaps://dc1.domain.local:636 userdn='dc=domain,dc=local' insecure_tls=true schema=ad
Success! Data written
vault write ldap2012/library/team1 service_account_names="adminslot1@domain.local,adminslot2@domain.local" ttl=30 max_ttl=60
Success! Data written
vault write ldap2012/library/user1 service_account_names="user1@domain.local" ttl=30 max_ttl=60
Error writing data to ldap2012/library/user1: Error making API request.
URL: PUT https://vault.domain.local/v1/ldap/library/user1
Code: 404. Errors:
* no handler for route "ldap2012/library/user1". route entry not found.
vault list ldap2012/library/
Keys
----
team1
If I use Windows 2019 same settings works fine.
vault secrets enable -path=ldap2019 ldap
Success! Data written
vault write ldap2019/config binddn='CN=vaultuser,OU=Users,DC=domain,DC=local' bindpass='mypassword' \
url=ldaps://dc1.domain.local:636 userdn='dc=domain,dc=local' insecure_tls=true schema=ad
Success! Data written
vault write ldap2019/library/team1 service_account_names="adminslot1@domain.local,adminslot2@domain.local" ttl=30 max_ttl=60
Success! Data written
vault write ldap2019/library/user1 service_account_names="user1@apsytems.local" ttl=30 max_ttl=60
Success! Data written
vault list ldap2019/library/
Keys
----
user1
team1