Configuring LDAP Authentication for Terraform Enterprise

Avatar
Anton Akulov
  • Updated

Configuring LDAP Authentication for Terraform Enterprise

Introduction

This guide describes how to configure LDAP authentication during an automated installation of Terraform Enterprise by modifying the necessary configuration files.

Prerequisites

  • Access to the Terraform Enterprise instance's underlying server.
  • An automated installation method for Terraform Enterprise.

Procedure

The automated installation process for Terraform Enterprise with LDAP authentication requires configuring two files.

Step 1: Configure Replicated for LDAP Authentication

First, you must configure the Replicated daemon to use LDAP for authentication. Modify the /etc/replicated.conf file to set the DaemonAuthenticationType to ldap. The Terraform Enterprise installer reads this file first.

Example configuration for /etc/replicated.conf:

{
  "DaemonAuthenticationType": "ldap",
  "ImportSettingsFrom": "/etc/ptfe-settings.json",
  "LicenseFileLocation": "/tmp/license.rli",
  "LogLevel": "debug",
  "ReleaseSequence": 123,
  "TlsBootstrapType": "server-path",
  "TlsBootstrapHostname": "server.company.com",
  "TlsBootstrapCert": "/etc/server.crt",
  "TlsBootstrapKey": "/etc/server.key"
}

Step 2: Define LDAP Settings for Terraform Enterprise

Next, define the specific LDAP parameters in the Terraform Enterprise settings file, which is typically located at /etc/ptfe-settings.json. The installer imports settings from the file specified in the ImportSettingsFrom parameter in /etc/replicated.conf.

Example LDAP parameters in /etc/ptfe-settings.json:

{
  "ldap_hostname": { "value": "" },
  "ldap_port": { "value": "" },
  "label_encryption_label": { "value": "" },
  "ldap_encryption": { "value": "" },
  "ldap_search_user": { "value": "" },
  "ldap_search_password": { "value": "" },
  "ldap_schema": { "value": "" },
  "ldap_base_dn": { "value": "" },
  "ldap_usersearch_dn": { "value": "" },
  "ldap_advanced_search": { "value": "" },
  "ldap_restricted_user_group": { "value": "" },
  "ldap_user_query": { "value": "" },
  "ldap_restricted_group_query": { "value": "" },
  "ldap_username_field": { "value": "" },
  "ldap_login_username": { "value": "" },
  "ldap_login_password": { "value": "" }
}

Exporting Existing LDAP Settings

To retrieve the current LDAP settings from an existing Terraform Enterprise instance, you can run the following command.

$ replicatedctl app-config export --hidden

Additional Information

  • For more details on automating customer installations, refer to Replicated's documentation on automated installations.
  • It is recommended to also consult the official Terraform Enterprise documentation for comprehensive details on authentication methods and configuration settings.

Articles in this section

See more

Related articles