HashiCorp Vault

This is more of just a quick note to remember some things for the LDAP configuration when NOT using Microsoft AD.

For OpenLDAP/FreeIPA, this is what you need for correct group listing/membership-

Group Filter: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
Group Attribute: cn
Group DN: cn=groups,cn=accounts,dc=<your domain>,dc=<your suffix>

Leave a Reply