Hi,
I want to authorize vault admin processes through active directory group. I’ve set up LDAP auth , with the following dumped from vault read auth/ldap/config :
Key Value
binddn cn=xxx,cn=Users,dc=xx,dc=xx,dc=xx
case_sensitive_names false
certificate -----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----
deny_null_bind true
discoverdn false
groupattr memberOf
groupdn ou=Users,dc=xxx,dc=xx,dc=xx
groupfilter (&(objectClass=person)(sAMAccountName={{.Username}}))
insecure_tls false
request_timeout 90
starttls true
tls_max_version tls12
tls_min_version tls10
token_explicit_max_ttl 0s
token_max_ttl 0s
token_no_default_policy false
token_num_uses 0
token_period 0s
token_ttl 0s
token_type default
upndomain n/a
url ldaps://xxx.xxx.xx.xx:636
use_pre111_group_cn_behavior false
use_token_groups false
userattr cn
userdn dc=xxx,dc=gov,dc=tr
userfilter n/a
When I try to login with ldap aut method, I can access the interface but get the following message:
no LDAP groups found in groupDN
‘cn=groups,cn=accounts,dc=my,dc=domain,dc=com’; only policies from
locally-defined groups available
what could be the cause of this problem?