luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add docs for OpenLDAP plugin's new AD schema (#9619)

This commit is contained in:
Tom Proctor 2020-08-10 10:24:38 +01:00 committed by GitHub
parent f0e0d3bc73
commit 494cdf5bcb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -3,6 +3,7 @@
IMPROVEMENTS:
* auth/jwt: Add support for fetching groups and user information from G Suite during authentication. [[GH-123](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/123)]
* secrets/openldap: Add "ad" schema that allows the engine to correctly rotate AD passwords. [[GH-16](https://github.com/hashicorp/vault-plugin-secrets-openldap/pull/16)]
BUG FIXES:

2
website/pages/api-docs/secret/openldap/index.mdx
View File

@ -40,7 +40,7 @@ to search and change entry passwords in OpenLDAP.
- `password_policy` `(string: <optional>)` - The name of the [password policy](/docs/concepts/password-policies)
to use to generate passwords. Note that this accepts the name of the policy, not the policy itself.
- `schema` `(string: "openldap")` - The OpenLDAP schema to use when storing entry passwords.
Valid schemas include:`openldap` and `racf`.
Valid schemas include:`openldap`, `racf` and `ad`.
- `request_timeout` `(integer: 90, string: "90s" <optional>)` - Timeout, in seconds, for the connection when
making requests against the server before returning back an error.
- `starttls` `(bool: <optional>)` - If true, issues a `StartTLS` command after establishing an unencrypted connection.

17
website/pages/docs/secrets/openldap/index.mdx
View File

@ -63,8 +63,8 @@ This plugin currently supports LDAP v3.
## Schema
The OpenLDAP Secret Engine supports two different schemas: `openldap` (default) and
`racf`.
The OpenLDAP Secret Engine supports three different schemas: `openldap` (default),
`racf` and `ad`.
### OpenLDAP
@ -93,6 +93,19 @@ vault write openldap/config \
password_policy=racf_password_policy
```
### Active Directory (AD)
For managing Active Directory instances, the secret engine must be configured to use the
schema `ad`.
```bash
vault write openldap/config \
binddn=$USERNAME \
bindpass=$PASSWORD \
url=ldaps://138.91.247.105 \
schema=ad
```
## Password Generation
This engine previously allowed configuration of the length of the password that is generated