Disable LDAP root credential rotation

You can temporarily disable root rotation with the disable_automated_rotation paramter in your plugin configuration.

If you use rotation_period, disabling rotation also resets the credential TTL.

Assumptions

You have set up an ldap plugin.
You have permission to update the plugin configuration.

Update your configuration to disable rotation:

{
  "schema":                     "ad",
  "binddn":                     "<ldap_username>",
  "bindpass":                   "<ldap_password>",
  "url":                        "<ldap_server_uri>",
  "disable_automated_rotation": "true"
}

For example:

{
  "schema":                     "ad",
  "binddn":                     "cn=admin,dc=abc,dc=com",
  "bindpass":                   "iamabadpassword",
  "url":                        "ldaps://138.91.247.105",
  "disable_automated_rotation": "true"
}

{
  "schema":                     "openldap",
  "binddn":                     "<ldap_username>",
  "bindpass":                   "<ldap_password>",
  "url":                        "<ldap_server_uri>",
  "disable_automated_rotation": "true"
}

For example:

{
  "schema":                     "openldap",
  "binddn":                     "cn=admin,dc=abc,dc=com",
  "bindpass":                   "iamabadpassword",
  "url":                        "ldaps://138.91.247.105",
  "disable_automated_rotation": "true"
}

{
  "schema":                     "racf",
  "binddn":                     "<ldap_username>",
  "bindpass":                   "<ldap_password>",
  "url":                        "<ldap_server_uri>",
  "disable_automated_rotation": "true"
}

For example:

{
  "schema":                     "racf",
  "binddn":                     "cn=admin,dc=abc,dc=com",
  "bindpass":                   "iamabadpassword",
  "url":                        "ldaps://138.91.247.105",
  "disable_automated_rotation": "true"
}

Apply the changes.

Use vault write with the {mount_path}/config path to apply your ldap.json configuration file:

$ vault write <mount_path>/config @ldap.json

For example:

$ vault write devcreds/config @ldap.json

Make a POST call to /{mount_path}/config to apply your configuration file, ldap-config.json:

$ curl                                                \
  --request POST                                      \
  --header    "X-Vault-Token: ${VAULT_TOKEN}"         \
  --namespace "X-Vault-Namespace: ${VAULT_NAMESPACE}" \
  --data @ldap.json                                   \
  ${VAULT_ADDR}/v1/<mount_path>/config

For example:

$ curl                                                \
  --request POST                                      \
  --header    "X-Vault-Token: ${VAULT_TOKEN}"         \
  --namespace "X-Vault-Namespace: ${VAULT_NAMESPACE}" \
  --data @ldap.json                                   \
  ${VAULT_ADDR}/v1/devcreds/config

If you have the plugin landing page open, click Configure {plugin_type} >. Otherwise:
1. Open the GUI for your Vault instance.
2. Log in under the namespace for the plugin or select the namespace from the selector at the bottom of the left-hand menu and re-authenticate.
3. Select Secrets Engines from the left-hand menu.
4. Click the plugin mount you want to configure.
5. Click Configure {plugin_type} >.
Select your LDAP schema.
Update the rotation details according to your configuration file.
Click Save.