Vault with ldap

I tried vault integration with ldap by mapping ad group members to vault policy. The problem i faced is that when changing the AD user group, the ad user still mapped to the initial policy .

I appreciate any help here


Is this enterprise or OSS? Are you using namespaces?
Also what policy did you want to be assigned, default is the only one by “default”.

Hi @aram

Thank you for your reply.

I’m using OSS , no namespaces, I created a new policy and mapped the ad group to it.

I found that deleting the policy from UI will not unlink it with the AD group, Changing the AD group with API will do!

I’m trying to find a way to design dynamic policy based on paths for ad groups.

Thanks for the info.

Sounds like your doing exactly what Scenario 3 is setup for in LDAP - Auth Methods | Vault by HashiCorp. Check that and see what’s different.

If it still isn’t working you need to provide all of the details on your setup, all of the policy and mappings you have done and groups.

Do take a look at @jeffsanicola 's nice policy cheat sheet.