LDAP Target
You can define an LDAP target to be used with an LDAP Dynamic Secret or an LDAP Rotated Secret.
Let’s create an LDAP target using the Akeyless CLI.
Create an LDAP Target from the CLI
The CLI command to create an LDAP target is:
akeyless create-ldap-target \
--name <target name> \
--ladp-url <LDAP server URL> \
--bind-dn <LDAP Bind DN with CN> \
--bind-dn-password < Password for LDAP user >
Where:
-Name- A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.
-LDAP-URL- The URL of your LDAP server e.g. ldap[s]://<hostname>:<port>
-Bind-DN- The Bind DN of your LDAP user, will be used for connection setup.
-Bind-DN-Password- Password of the mentioned user on the Bind-DN.
-LDAP-CA-Cert - Optional, a CA certificate of your LDAP server for secure connection establishment.
Options
The full list of options for this command is:
-n, --name *Target name
-l, --ldap-url *LDAP Server URL
-b, --bind-dn *LDAP Bind DN
-p, --bind-dn-password *Password for LDAP Bind DN
-t, --ldap-ca-cert LDAP base-64 encoded CA Certificate
--token-expiration LDAP token expiration in seconds
-k, --key Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
--comment Comment about the target
--profile Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
--username Optional username for various authentication flows
--password Optional password for various authentication flows
--uid-token The universal identity token, Required only for universal_identity authentication
-h, --help display help information
--json[=false] Set output format to JSON
--no-creds-cleanup[=false] Do not clean local temporary expired creds
Updated about 1 month ago