Learn how to dynamically generate user credentials via LDAP.
Open Secret Overview Dashboard
Click on the 'Add Dynamic Secret' button
Select 'LDAP'
Provide the inputs for dynamic secret parameters
{{Username}}
, {{Password}}
and {{EncodedPassword}}
are templatized variables for the username and password generated by the dynamic secret.{{EncodedPassword}}
is the encoded password required for the unicodePwd
field in Active Directory as described here.OpenLDAP Example:{{Username}}
is a templatized variable for the username generated by the dynamic secret.OpenLDAP / Active Directory Example:{{Username}}
, {{Password}}
and {{EncodedPassword}}
are templatized variables for the username generated by the dynamic secret.OpenLDAP / Active Directory Example:{{randomUsername}}
: Random username string{{unixTimestamp}}
: Current Unix timestamp{{identity.name}}
: Name of the identity that is generating the secret{{random N}}
: Random string of N characterstruncate
: Truncates a string to a specified lengthreplace
: Replaces a substring with another valueClick `Submit`
Generate dynamic secrets
Submit
button, a new secret lease will be generated and the credentials from it will be shown to you with an array of DN’s altered depending on the Creation LDIF.unicodePwd
field. This must be proceeded by two colons ::
as shown in the example. SourceuserAccountControl
field to enable account. Read More
userAccountControl
set to 512
enables a user.userAccountControl
value for this is: 65536
.userAccountControl
flag is cumulative set it to 512 + 65536
= 66048
to do both.memberOf
attribute. The member attribute of a group and the memberOf
attribute of a user are linked attributes, where the member attribute represents the forward link, which can be modified. In the context of AD group membership, the group’s member
attribute serves as the forward link. Therefore, to add a newly created dynamic user to a group, a modification request must be issued to the desired group, updating its membership to include the new user.-
).