Templated policy path that maps to LDAP username

I’m trying to create a policy that policy with a templated path that uses the User’s LDAP username. The token appears to have metadata: username, but the entity’s metadata is nil.

I have tried the following:

These map to entity_xxxxxxxx or the entity UUID, neither of which are helpful

path "...{{identity.entity.name}}/*"
path "...{{identity.entity.id}}/*"

None of these seem to map to anything I can find

path "...{{identity.entity.metadata.name}}/*"
path "...{{identity.entity.metadata.username}}/*

Is there a way to have LDAP add the username to the entity metadata or to access the entity aliases?

Try identity.entity.aliases.<mount accessor>.name

Where do I get the value for ? Isn’t this unique per user?

mount accessor ? Use vault auth list

image

identity.entity.aliases.auth_ldap_204c6cb1.name

I’m not sure is that you’re searching, but try it.

I wrote two quick articles last year on this, how to use templates and how to provision entities first, to control the name. Here is the link to the first.

It uses the userpass auth, but the pattern is the same for ldap. Also, the endpoint sys/internal/ui/resultant-acl will render the actual paths based on the identity values.

I hope this helps a little.