Skip to content

Commit

Permalink
auth/kerberos: add config to include ldap groups in group alias (#16890)
Browse files Browse the repository at this point in the history
  • Loading branch information
jasonodonnell committed Aug 26, 2022
1 parent be83be7 commit 772141a
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
3 changes: 3 additions & 0 deletions changelog/16890.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
auth/kerberos: add `add_group_aliases` config to include LDAP groups in Vault group aliases
```
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ require (
github.com/hashicorp/vault-plugin-auth-cf v0.12.0
github.com/hashicorp/vault-plugin-auth-gcp v0.13.2
github.com/hashicorp/vault-plugin-auth-jwt v0.13.0
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.2
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.3
github.com/hashicorp/vault-plugin-auth-kubernetes v0.13.0
github.com/hashicorp/vault-plugin-auth-oci v0.11.0
github.com/hashicorp/vault-plugin-database-couchbase v0.7.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -978,8 +978,8 @@ github.com/hashicorp/vault-plugin-auth-gcp v0.13.2 h1:rv8gBKYzFz9BD9pFRyrmfi46Bu
github.com/hashicorp/vault-plugin-auth-gcp v0.13.2/go.mod h1:tHtTF/qQmrRrY5DEOxWxoW/y5Wk9VoHsBOC339RO3d8=
github.com/hashicorp/vault-plugin-auth-jwt v0.13.0 h1:BeMC4ZnP8iwRgL8vInEvCICA6e+iiDtkmOdNYKg3aGQ=
github.com/hashicorp/vault-plugin-auth-jwt v0.13.0/go.mod h1:+WL5kaq/0L5OROsA31X15U8yTIX4GTEv1rTLA9d15eo=
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.2 h1:rtQ4aSr3vtAaQ8Al4p4ftZXgl47o+XyEbAR+mQNYaMs=
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.2/go.mod h1:eqjae8tMBpAWgJNk1NjV/vtJYXQRZnYudUkBFowz3bY=
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.3 h1:QumrPHn5n9iTaZScZwplqdnXoeMOrb3GJcwMweTmR3o=
github.com/hashicorp/vault-plugin-auth-kerberos v0.7.3/go.mod h1:eqjae8tMBpAWgJNk1NjV/vtJYXQRZnYudUkBFowz3bY=
github.com/hashicorp/vault-plugin-auth-kubernetes v0.13.0 h1:pONFgWz9hbcS1wFxPtQJYj9Mt/nzPVX1kw1DGv+92Ww=
github.com/hashicorp/vault-plugin-auth-kubernetes v0.13.0/go.mod h1:/hQF30guXWLcIUiTYsXoQ0dUTHspo0q30nLBr1RE+Lw=
github.com/hashicorp/vault-plugin-auth-oci v0.11.0 h1:DrdccnGU8O28I1MIs21zmbYM2Nta7RLOAzozvDSX9h0=
Expand Down
6 changes: 5 additions & 1 deletion website/content/api-docs/auth/kerberos.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ for verifying inbound SPNEGO tokens.
principal name when parsing the keytab file. For example when this is set to true,
if a keytab has the service principal name `foo/localhost@example.com`, Vault
will strip the service principal name to just be `foo@example.com`.
- `add_group_aliases` - When set to true, Vault will add any LDAP groups found for
the user as group aliases.

### Sample Request

Expand All @@ -54,9 +56,10 @@ $ curl \

```json
{
"add_group_aliases": false,
"keytab": "BQIAAAA6AAEACk1BVFJJWC5MQU4ACXZhdWx0X3N2YwAAAAFdzZSjAgAXABDwhEyRR9nRqkpP8KTn2A83AAAAAg==",
"remove_instance_name": false,
"service_account": "vault_svc",
"service_account": "vault_svc"
}
```

Expand Down Expand Up @@ -85,6 +88,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"add_group_aliases": false,
"remove_instance_name": false,
"service_account": "vault_svc"
},
Expand Down

0 comments on commit 772141a

Please sign in to comment.