-
Notifications
You must be signed in to change notification settings - Fork 157
Open
Description
The below is what I'm currently doing to assign an access policy I created in Vault directly to certain LDAP users:
- ansible.builtin.uri:
url: "{{ hashivault_url }}/v1/auth/ldap/users/{{ item.key }}"
method: POST
headers:
X-Vault-Token: "{{ }}"
body:
groups: ""
policies: "{{ item.value.policies }}"
body_format: json
status_code: [204]
loop: "{{ hv_ad_users | dict2items }}"
loop_control:
label: "{{ item.key }}"
Looking at the docs, there's only ldap_group to connect policies to groups, not directly to users:
https://terryhowe.github.io/ansible-modules-hashivault/modules/hashivault_ldap_group_module.html#hashivault-ldap-group-module
Am I missing something, or is this missing? If so, can it be added?
I'm aware this is an atypical situation, but we create service accounts in our LDAP for legacy reasons and don't do group management there. Only in our AD's.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels