Fortanix DSM for LDAP Authentication on Sensu Server

1.0 Introduction

The purpose of this article is to describe the procedure to set up LDAP or Active Directory (AD) authentication on the Sensu server. By connecting Sensu with LDAP/AD, you can use your existing directory users and groups for login and access.

2.0 Terminology References

AD - Active Directory
LDAP - Lightweight Directory Access Protocol
API - Application Programming Interface

3.0 Configure AD or LDAP Authentication

This section describes the procedure to configure AD or LDAP authentication on the Sensu server.

Perform the following steps:

Run the following command to create a YAML file for the AD configuration on the Sensu server:

vi ad.yml

Add the following content to the file (update placeholders with your environment details):

type: ad 
api_version: authentication/v2 
metadata: 
  name: ActiveDirectory 
spec: 
  groups_prefix: ad 
  servers: 
  - binding: 
      password: <bind account password> 
      user_dn: cn=<bindaccount>,ou=<group>,dc=<domain>,dc=com 
    default_upn_domain: <domain.com> 
    include_nested_groups: true 
    host: <domain controller FQDN> 
    insecure: true 
    port: 636 
    security: tls 
    trusted_ca_file: /etc/ssl/certs/downstairs-root-ca.pem 
    user_search: 
      attribute: sAMAccountName 
      base_dn: <DN for root of search> 
      name_attribute: displayName 
      object_class: user 
    group_search: 
      attribute: member 
      base_dn: ou=groups,dc=downstairs,dc=com 
      name_attribute: cn 
      object_class: group 
  username_prefix: ad

Run the following command to create the authentication (auth) resource defined in the ad.yml file on the Sensu server:
```
sensuctl create --file /location/ad.yml 
```
Run the following command to verify that the auth resource was created successfully:
```
sensuctl auth list 
```
1. Log in with a user account that is within the search root.
2. The user will be able to log in, but will not see any namespaces or other resources until roles are assigned.
Run the following command to restart sensu-backend without systemd to monitor interactions in real time, or use it for troubleshooting by checking logs:
```
journalctl -xe | grep sensu 
```

Run the following command to create a resource role that determines permissions:

sensuctl role create djuser --namespace sdkms --resource=checks,entities,events --verb=get,list

Run the following command to create a role binding between an AD group and the role:

sensuctl role-binding create djuser --role=djuser --group=ad:sensu --namespace sdkms

Run the following command to list the roles:
```
sensuctl role list 
```

Fortanix DSM for LDAP Authentication on Sensu Server

1.0 Introduction

2.0 Terminology References

3.0 Configure AD or LDAP Authentication

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6