LDAP Target

You can define an LDAP target to be used with an LDAP Dynamic Secret or an LDAP Rotated Secret.

Let’s create an LDAP target using the Akeyless CLI.

Create an LDAP Target from the CLI

The CLI command to create an LDAP target is:

akeyless create-ldap-target \
--name <target name> \
--ladp-url <LDAP server URL> \
--bind-dn <LDAP Bind DN with CN> \
--bind-dn-password < Password for LDAP user >


-Name- A unique name for the target. The name can include the path to the virtual folder in which you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

-LDAP-URL- The URL of your LDAP server e.g. ldap[s]://<hostname>:<port>

-Bind-DN- The Bind DN of your LDAP user, will be used for connection setup.

-Bind-DN-Password- Password of the mentioned user on the Bind-DN.

-LDAP-CA-Cert - Optional, a CA certificate of your LDAP server for secure connection establishment.


The full list of options for this command is:

-n, --name                      *Target name
  -l, --ldap-url                  *LDAP Server URL
  -b, --bind-dn                   *LDAP Bind DN
  -p, --bind-dn-password          *Password for LDAP Bind DN
  -t, --ldap-ca-cert               LDAP base-64 encoded CA Certificate
      --token-expiration           LDAP token expiration in seconds
  -k, --key                        Key name. The key will be used to encrypt the target secret value. If key name is not specified, the account default protection key is used
      --comment                    Comment about the target
      --profile                    Use a specific profile (located at $HOME/.akeyless/profiles) or a temp access token
      --username                   Optional username for various authentication flows
      --password                   Optional password for various authentication flows
      --uid-token                  The universal identity token, Required only for universal_identity authentication
  -h, --help                       display help information
      --json[=false]               Set output format to JSON
      --no-creds-cleanup[=false]   Do not clean local temporary expired creds

Did this page help you?