I had some questions regarding using Vault with LDAP filters.
Using multiple urls and wanting to return users who are members of several groups for web interface authentication.
I was able to solve it using the rule below, where the userfilter filters two groups using an OR SYNTAX.
Enable Auth Ldap DOC: LDAP - Auth Methods | Vault | HashiCorp Developer
Enable Authentication LDAP
vault auth enable ldap
Write de Rule
vault write auth/ldap/config \
url=“ldaps://ldap.example.com,ldaps://ldap2.example.com”
userattr=sAMAccountName
userdn=“ou=Users,dc=example,dc=com”
userfilter=“(|(&({{.UserAttr}}={{.Username}})(memberof=CN=full_cn1))(&({{.UserAttr}}={{.Username}})(memberof=CN=full_cn2)))”
groupdn=“ou=Users,dc=example,dc=com”
groupfilter=“(&(objectClass=group)(member={{.UserDN}}))”
groupattr=“memberOf”
binddn=“cn=vault,ou=users,dc=example,dc=com”
bindpass=‘My$ecrt3tP4ss’
certificate=@ldap_ca_cert.pem \