Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing LDAP secrets engine #1032

Open
JordanStopford opened this issue Aug 3, 2023 · 4 comments
Open

Missing LDAP secrets engine #1032

JordanStopford opened this issue Aug 3, 2023 · 4 comments
Assignees
@briantist
Labels
enhancement a new feature or addition ldap ldap auth method secrets engines generally related to a Vault secrets engine

Comments

@JordanStopford
Copy link
Contributor

JordanStopford commented Aug 3, 2023
edited

Hi,

It looks like hvac hasn't yet implemented the LDAP secrets engine - from the Vault docs it looks as if the active directory secrets engine is deprecated in favour of this one and has provided a migration path.

Is anyone working on this? If not am happy to contribute, but didn't want to double up on effort if not required.

Regards,

Jordan
@mweigel
Copy link
Contributor

mweigel commented Aug 13, 2023

I have an interest in seeing this implemented as well. I'm no LDAP expert but I could potentially help with this (even if you just need someone to assist with testing etc.)

@JordanStopford
Copy link
Contributor Author

@mweigel That would be really helpful! Do you have a full LDAP setup configured in your environment? I am planning to start work on this next week

@mweigel
Copy link
Contributor

mweigel commented Aug 16, 2023

Hey, I don't have a "real" environment to test against. I'd be using my local environment for testing. To test against active directory I'd use - https://github.com/splitbrain/vagrant-active-directory I've tested this quickly and it does work. That project is referenced in a Vault tutorial - https://developer.hashicorp.com/vault/tutorials/auth-methods/active-directory-mfa-login-totp#prerequisites

For LDAP I'd either use a Vagant VM or container to test against OpenLDAP / FreeIPA.

@JordanStopford
Copy link
Contributor Author

I've added an initial commit for this under #1033

@JordanStopford JordanStopford mentioned this issue Aug 23, 2023
Merged
@briantist briantist self-assigned this Aug 27, 2023
@briantist briantist added enhancement a new feature or addition secrets engines generally related to a Vault secrets engine ldap ldap auth method labels Aug 27, 2023
briantist added a commit that referenced this issue Apr 13, 2024
@JordanStopford @briantist
LDAP secret engine support (#1032) (#1033)
bedff7c 
* Initial commit for LDAP secrets engine
No dynamic role support yet

* Fix docs and linting issues

* Fix linting error

* Run tests with docker container so we don't need to install vault
Use LDAP server in docker as well
Configure Vault/LDAP with terraform
Added LDAP tests - not yet finished

* More tests

* Fix indentation

* Fix client not being available

* Various test fixes

* Reverting the changes prior to implementing unit tests

* Reverting the changes prior to implementing unit tests

* Reverting the changes prior to implementing unit tests

* Unit tests for LDAP secrets

* Reverting the changes prior to implementing unit tests

* Linting

* Fix newline?

* Fix newline?

* Fix linting

* Apply suggestions from code review

Documentation updates

* Update hvac/api/secrets_engines/ldap.py

remove unused args/kwargs

* nit: remove docs character

* remove use of arbitrary kwargs

* use example.com in tests

* add unit test for generate_static_credentials

---------

Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@briantist briantist

Labels
enhancement a new feature or addition ldap ldap auth method secrets engines generally related to a Vault secrets engine
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@briantist @mweigel @JordanStopford