I have a Vault cluster in which secrets for my application are stored.
In one namespace of that cluster, I get different set of policies in Web UI and in command-line.
What should I check ?
To make things clearer, here are my policies when using command-line
/ # vault login -method=ldap username=MyLDAPAccount -path=myCompany/spice
Password (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
WARNING! The following warnings were returned from Vault:
* no LDAP groups found in groupDN ''; only policies from locally-defined
groups available
Key Value
--- -----
token REDACTED
token_accessor REDACTED
token_duration 12h
token_renewable true
token_policies ["default"]
identity_policies []
policies ["default"]
token_meta_username MyLDAPAccount
And my policies in UI are (from the browser local storage)
{
"userRootNamespace": "myCompany/spice",
"displayName": "myLDAPAccount",
"backend": {
"type": "ldap",
"typeDisplay": "LDAP",
"description": "LDAP authentication.",
"tokenPath": "client_token",
"displayNamePath": "metadata.username",
"formAttributes": ["username", "password"]
},
"token": "REDACTED",
"policies": ["admin", "default"],
"renewable": true,
"entity_id": "REDACTED",
"ttl": 43200,
"tokenExpirationEpoch": 1575079762001
}