Skip to content
hands-on lab

Configuring Vault to Use LDAP Authentication

Difficulty: Intermediate
Duration: Up to 45 minutes
Students: 399
Rating: 4.8/5
Start lab
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

Lab Overview

HashiCorp Vault is a modern, multi-cloud-friendly solution for managing secrets at scale. To ease adoption of Vault into your organization, Vault provides LDAP authentication. In this Lab, you will learn how to configure Vault to using an organization's LDAP identities and groups for authentication without duplicating usernames, passwords, or memberships. You will create access policies that map to LDAP groups to seamlessly authorize LDAP users in Vault.

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Install Vault on Linux systems
  • Enable and configure LDAP authentication in Vault
  • Create access policies that map to LDAP groups
  • Authenticate LDAP users using the Vault CLI

Lab Prerequisites

You should be familiar with:

  • Vault basics
  • LDAP directory and schema knowledge is beneficial, but not required

 

Updates

April 25th, 2023 - Resolved an issue that caused the lab to fail to set up on rare occasions

December 8th, 2022 - Added check to validate lab progression

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

Environment before

Environment after

Covered topics

Development
DevOps
Security
HashiCorp Vault

Lab steps

Logging In to the Amazon Web Services Console
Opening the AWS Cloud9 IDE
Installing HashiCorp Vault
Starting the Vault Sever in Development Mode
Understanding the LDAP Directory
Creating Vault Policies for the Organization
Configuring Vault LDAP Authentication
Testing the LDAP Authentication and Access Policies

Lab Rules