https://www.vaultproject.io/docs/auth/ldap.html
LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X. 500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.
vagrant up --provision-with basetools,docker,docsify,ldap
Bringing machine 'user.local.dev' up with 'virtualbox' provider...
==> user.local.dev: Checking if box 'ubuntu/xenial64' version '20190918.0.0' is up to date...
==> user.local.dev: A newer version of the box 'ubuntu/xenial64' for provider 'virtualbox' is
==> user.local.dev: available! You currently have version '20190918.0.0'. The latest is version
==> user.local.dev: '20200108.0.0'. Run `vagrant box update` to update.
==> user.local.dev: [vagrant-hostsupdater] Checking for host entries
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev
==> user.local.dev: Running provisioner: ldap (shell)...
user.local.dev: Running: /var/folders/7j/gsrjvmds05n53ddg28krf4_80001p9/T/vagrant-shell20200112-42422-54mu94.sh
user.local.dev: Error response from daemon: No such container: ldap
user.local.dev: Error: No such container: ldap
user.local.dev: WARNING! This will remove:
user.local.dev: - all stopped containers
user.local.dev: - all networks not used by at least one container
user.local.dev: - all images without at least one container associated to them
user.local.dev: - all build cache
user.local.dev:
user.local.dev: Are you sure you want to continue? [y/N]
user.local.dev: Total reclaimed space: 0B
user.local.dev: WARNING! This will remove:
user.local.dev: - all stopped containers
user.local.dev: - all networks not used by at least one container
user.local.dev: - all volumes not used by at least one container
user.local.dev: - all dangling images
user.local.dev: - all dangling build cache
user.local.dev:
user.local.dev: Are you sure you want to continue? [y/N]
user.local.dev: Total reclaimed space: 0B
user.local.dev: Unable to find image 'rroemhild/test-openldap:latest' locally
user.local.dev: latest: Pulling from rroemhild/test-openldap
user.local.dev: 8f91359f1fff: Pulling fs layer
user.local.dev: 8458cf10881b: Pulling fs layer
user.local.dev: 2d09b054bd7f: Pulling fs layer
user.local.dev: 1d4d29320e86: Pulling fs layer
user.local.dev: 5bf9bcc17444: Pulling fs layer
user.local.dev: 1d4d29320e86: Waiting
user.local.dev: 5bf9bcc17444: Waiting
user.local.dev: 2d09b054bd7f: Verifying Checksum
user.local.dev: 2d09b054bd7f: Download complete
user.local.dev: 1d4d29320e86: Verifying Checksum
user.local.dev: 1d4d29320e86: Download complete
user.local.dev: 5bf9bcc17444:
user.local.dev: Download complete
user.local.dev: 8458cf10881b: Verifying Checksum
user.local.dev: 8458cf10881b: Download complete
user.local.dev: 8f91359f1fff: Verifying Checksum
user.local.dev: 8f91359f1fff: Download complete
user.local.dev: 8f91359f1fff: Pull complete
user.local.dev: 8458cf10881b: Pull complete
user.local.dev: 2d09b054bd7f: Pull complete
user.local.dev: 1d4d29320e86: Pull complete
user.local.dev: 5bf9bcc17444: Pull complete
user.local.dev: Digest: sha256:a0dc748e4132fbdaa88a3adb189b6da65bc3eb1a4e2d7611a51ecf018431847b
user.local.dev: Status: Downloaded newer image for rroemhild/test-openldap:latest
user.local.dev: 910085a603a0a4007d3a916f9659d4cac23356bd1fd05eed5193cf805071b5c5
user.local.dev: ++++ To use this in Vault please do
user.local.dev: ++++ vault write auth/ldap/config url="ldap://localhost:389" userdn="ou=people,dc=planetexpress,dc=com" groupdn="ou=people,dc=planetexpress,dc=com" groupattr="cn" insecure_tls=true userattr=uid starttls=false binddn="cn=admin,dc=planetexpress,dc=com" bindpass='GoodNewsEveryone'
user.local.dev: ++++ vault login -method=ldap username=hermes (password: hermes)
vault auth enable ldap
Success! Enabled ldap auth method at: ldap/
vault write auth/ldap/config url="ldap://localhost:389" userdn="ou=people,dc=planetexpress,dc=com" groupdn="ou=people,dc=planetexpress,dc=com" groupattr="cn" insecure_tls=true userattr=uid starttls=false binddn="cn=admin,dc=planetexpress,dc=com" bindpass='GoodNewsEveryone'
Success! Data written to: auth/ldap/config
vault login -method=ldap username=hermes
Password (will be hidden):
WARNING! The VAULT_TOKEN environment variable is set! This takes precedence
over the value set by this command. To use the value set by this command,
unset the VAULT_TOKEN environment variable or set it to the token displayed
below.
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token s.dbcrQVvhuT1RNQiK3FMFiNZe
token_accessor wNdDBVDTEj3AfAfxypJELiGD
token_duration 10h
token_renewable true
token_policies ["default"]
identity_policies []
policies ["default"]
token_meta_username hermes