Hello,
i’ve setup vault with ldap, and with cli it works:
on client
~$ vault login -method=ldap username=yaroslav.n
Password (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token hvs.CAESIFYuIEi3cWqwwNoRBbDdy9CNZE714KkLKpMP4Trpb9_kGh4KHGh2cy4wS1hZd3RkR05aUTFvVGVlV1AzdWNPQ1g
token_accessor X4i1zEaWyso9zwniCoXCyGAE
token_duration 8h
token_renewable true
token_policies ["vault-admins"]
identity_policies ["vault-admins"]
policies ["vault-admins"]
token_meta_username yaroslav.n
~$ vault read auth/ldap/config
Key Value
--- -----
anonymous_group_search false
binddn vault-bind@subdomain.domain.local
case_sensitive_names false
certificate n/a
connection_timeout 0
deny_null_bind true
discoverdn true
groupattr memberOf
groupdn (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
groupfilter (&(objectClass=group)(member={{.UserDN}}))
insecure_tls true
max_page_size 0
request_timeout 0
starttls false
tls_max_version tls12
tls_min_version tls12
token_bound_cidrs []
token_explicit_max_ttl 0s
token_max_ttl 8h
token_no_default_policy true
token_num_uses 2
token_period 0s
token_policies []
token_ttl 8h
token_type service
upndomain subdomain.domain.local
url ldap://10.6.76.104
use_pre111_group_cn_behavior false
use_token_groups true
userattr samaccountname
userdn CN=Users,DC=subdomain,DC=domain,DC=local
userfilter n/a
username_as_alias true
~$ vault kv list test
Keys
----
e
but in web ui i see:
vault: 1.13.2
why it may happen?
If i understand correct, if there were some issues with reverse proxy - so root token and userpass auth should also fail… but root token and userpass works fine in web.
please, point the way to find the issue…