Configure Developer Environment to Use LDAP Authentication

This section describes how to set the Conjur command-line environment to authenticate using LDAP authentication.

Overview

By default, Client CLI and API authentication both use credentials stored in Conjur. After you configure Conjur to use LDAP Authentication, CLI and API users can optionally configure their command line environment to authenticate using LDAP credentials.

Configuration

To set your command line environment to use LDAP credentials, you need to change the value of the CONJUR_AUTHN_URL environment variable to point to the URL of your authn-ldap service. The URL of the authn-ldap service is:

https://<host>/authn-ldap/<serviceid>

Parameter	Description
host	The FQDN of the Conjur Server or the Leader in a high-availability cluster.
serviceid	The unique id for the authn-ldap service that you declared in policy. See Step 2: Define an authentication service in policy.

For example:

https://conjur.example.com/authn-ldap/my-ldap-server

Use either of the following methods to change the value of CONJUR_AUTHN_URL.

Add to your ~/.conjurrc file

Add the following line to the ~/.conjurrc file, where `~` is the path to your user profile.

authn_url: https://<host>/authn-ldap/<serviceid>

Change the CONJURRC environment variable

In your CLI session, change the value of the CONJURRC environment variable to your authn_url value. In the CLI session, enter:

export CONJUR_AUTHN_URL=<your-authn-url>

For example:

export CONJUR_AUTHN_URL=https://conjur.example.com/authn-ldap/my-ldap-server

The CONJURRC environment variable overrides the value in the ~/.conjurrc file.