As of v6.0.20, Redis Enterprise Software supports two LDAP authentication mechanisms: the cluster-based mechanism supported in earlier versions and a role-based mechanism.

If you currently rely on the cluster-based mechanism, you can continue to use it in the short term. However:

  • You can only use one LDAP authorization mechanism at a time.

  • Support for the cluster-based mechanism is deprecated and will be removed in a future version.

At some point, you’ll want to migrate to role-based LDAP.

Migration checklist

This checklist covers the basic process:

  1. Identify accounts per app on the customer end.

  2. Create or identify an LDAP user account on the server that is responsible for LDAP authentication and authorization.

  3. Create or identify an LDAP group that contains the app team members.

  4. Verify or configure the Redis Enterprise ACLs.

  5. Configure each database ACL.

  6. Remove the earlier “external” (LDAP) users from Redis Enterprise.

  7. Use Settings > LDAP to enable role-based LDAP.

  8. Map your LDAP groups to access control roles.

  9. Test application connectivity using the LDAP credentials of an app team member.

  10. (Recommended) Turn off default access for the database to avoid anonymous client connections.

Because deployments and requirements vary, you’ll likely need to adjust these guidelines.

Test LDAP access

To test your LDAP integration, you can:

  • Connect with redis-cli and use the AUTH command to test LDAP username/password credentials.

  • Sign in to the admin console using LDAP credentials authorized for admin access.

  • Use RedisInsight to access a database using authorized LDAP credentials.

  • Use the REST API to connect using authorized LDAP credentials.

More info