Hi , I am new to HCP vault , I set up ldap authentication , and i have created admin policies , and I am trying assign that admin policies to ad group using : vault write auth/ldap/groups/vault-admin policies=admin
but whe i login using ldap ,ad group name is vault-admin, I am able to login but policies are not assigned and I am part of that Ad group , here is the filter i used: (&(objectClass=group)(member={{.UserDN}}))
can anyone show some direction ?
Can you post a vault lookup output?
Policies assigned via group show up under a different field than policies.
vault lookup isn’t a valid command - it’s vault token lookup. (Beware that this command prints out your secret token in the id field - we don’t need to see that.)
Actually, when you assign policies via auth/ldap/groups/ they are token policies, that will be seen in the policies field - not identity policies displayed in the identity_policies field.
Please also share the output of
vault read auth/ldap/config
vault read auth/ldap/groups/vault-admin
and the LDIF representation (that you get from the ldapsearch CLI for example) of your user and group.