![]() Our docs have a whole section on LDAP troubleshooting, with commonly seen authentication and authorization errors. These are useful for differentiating the sources of users and groups when defining role bindings and cluster role bindings.įor more examples and a deep-dive of LDAP attributes, check out our documentation. The two Sensu specific outliers that I would like to mention are the optional, but highly suggested, groups_prefix and username_prefix. I won’t delve into the details of this configuration, but if you’ve done any work with LDAP in the past most of these attributes should be straightforward. Trusted_ca_file: /path/to/trusted-certificate-authorities.pem Here’s an example RBAC profile (for ClusterRole and ClusterRoleBinding) for Sensu Go: Once you’ve created users, you can manage their access via role-based access control (RBAC). ![]() Using Sensu’s built-in authentication, you can create and manage credentials (usernames and passwords) with the users API, either directly or via sensuctl. You can do this either with Sensu’s built-in authentication or via an external authentication, which we’ll go into more detail later. You can also use username and password to access the API, but we suggest using API keys for that. To access the Sensu web UI, and sensuctl (the Sensu command-line tool), you’ll need to authenticate via a username and password. While LDAP has a variety of use cases, in this post, I’ll focus on authentication - specifically, how to use LDAP authentication for single-sign on (SSO) with Sensu Go.įirst off, a quick overview of Sensu authentication. SSO is often accomplished by using Lightweight Directory Access Protocol (LDAP). ![]() ![]() As the name implies, SSO allows for users to log on to various related - but independent - services using the same username and password. One way to get around this problem - avoiding password reuse or the use of weak (easy-to-remember) passwords - is to use single-sign on (SSO). While many of us understand the need for strong passwords, we also know that most people don’t want to use a unique and highly complex password for each of the multitude of services they need to authenticate to. ![]()
0 Comments
Leave a Reply. |