Create an LDAP Rotated Secret

You can create a rotated secret for an LDAP user before you get started, make sure you have created an LDAP Target that includes the LDAP server information, as well as credentials for a user authorized to change the LDAP users credentials.

Create an LDAP Rotated Secret from the CLI

Let’s create an LDAP rotated secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Gateway UI instead.

The CLI command to create an LDAP rotated secret is:

akeyless create-rotated-secret --name <secret name> \
--target-name <LDAP target name to associate> \
--rotator-type ldap \
----rotated-username <username> \
--user-dn <Base DN to preform user search> \ 
--auto-rotate <true|false> \
--rotation-interval <1-365> \
--rotation_hour <hour in UTC>

where:

  • name: A unique name for the rotated secret. The name can include the path to the virtual folder in which you want to create the new secret, using slash / separators. If the folder does not exist, it will be created together with the secret.
  • rotator-type: should be set to ldap.
  • --rotated-username: The username which is password will be rotate.
  • target-name: The name of the LDAP target with which the rotated secret should be associated.
  • auto-rotate: Optional, only required when the rotated secret should update the credentials. If this value is defined as true, specify the rotation-interval in days, and optionally also the rotation_hour.

Create an LDAP Rotated Secret from the Akeyless Gateway UI

Let’s create an LDAP rotated secret using the Akeyless Gateway UI. If you’d prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Gateway, and select Rotated Secret > New > Create new rotated secret.

  2. Give the rotated secret a name, and define where it should be saved.

  3. Define the rest of the rotated secret settings as follows:

Field

Description

Authenticate with the following credentials

Determines how to connect to the associated target:

Target Credentials: Use the credentials defined for the associated target to connect.

Select Target Credentials for LDAP.

Rotation interval (in days)

Defines the number of days (1-365) to wait between automatic password rotations when Auto Rotate is enabled.

Rotation hour (local time zone)

Defines the time the password is rotated when Auto Rotate is enabled.

Auto rotate

Determines if automatic rotation is enabled.

Target

Defines the name of the LDAP target to be associated with the secret.

Rotator type

Determines the rotator type:
Select LDAP.

Encrypt with the following Key

To enable zero-Knowledge, select a key with a Customer Fragment. For more information about zero-knowledge, see Implement Zero Knowledge.

Username

The username which is password will be rotated.

User Base DN

LDAP Base DN settings.

LDAP User Attribute

Optional Default set to CN.


Did this page help you?