The below is what I'm currently doing to assign an access policy I created in Vault directly to certain LDAP users:
- ansible.builtin.uri:
url: "{{ hashivault_url }}/v1/auth/ldap/users/{{ item.key }}"
method: POST
headers:
X-Vault-Token: "{{ }}"
body:
groups: ""
policies: "{{ item.value.policies }}"
body_format: json
status_code: [204]
loop: "{{ hv_ad_users | dict2items }}"
loop_control:
label: "{{ item.key }}"
Looking at the docs, there's only ldap_group to connect policies to groups, not directly to users:
https://terryhowe.github.io/ansible-modules-hashivault/modules/hashivault_ldap_group_module.html#hashivault-ldap-group-module
Am I missing something, or is this missing? If so, can it be added?
I'm aware this is an atypical situation, but we create service accounts in our LDAP for legacy reasons and don't do group management there. Only in our AD's.
The below is what I'm currently doing to assign an access policy I created in Vault directly to certain LDAP users:
url: "{{ hashivault_url }}/v1/auth/ldap/users/{{ item.key }}"
method: POST
headers:
X-Vault-Token: "{{ }}"
body:
groups: ""
policies: "{{ item.value.policies }}"
body_format: json
status_code: [204]
loop: "{{ hv_ad_users | dict2items }}"
loop_control:
label: "{{ item.key }}"
Looking at the docs, there's only ldap_group to connect policies to groups, not directly to users:
https://terryhowe.github.io/ansible-modules-hashivault/modules/hashivault_ldap_group_module.html#hashivault-ldap-group-module
Am I missing something, or is this missing? If so, can it be added?
I'm aware this is an atypical situation, but we create service accounts in our LDAP for legacy reasons and don't do group management there. Only in our AD's.