Token_ttl support in LDAP auth method?

I’m trying to set up token TTLs for the LDAP and app-id auth methods (we’re moving to AppRole for the latter, this is a stopgap) and am having difficulty setting the token_ttl parameter for LDAP.

In the documentation, it says that the token_ttl argument is “The incremental lifetime for generated tokens”.

When I run:

vault write auth/ldap/config token_ttl=168h

to set a 168-hour TTL, I get a message indicating support, yet when I read the config back, the parameter is not present.

Additionally, I don’t see the argument listed in the source code.

Is this actually currently supported and, if not, is there a better way to set auth method-specific token TTLs? Thanks!

Does this one help you out?

To be honest, I still haven’t understood the difference between auth-lease and token-lease. So it could be misleading.