Migrate to role-based LDAP
Redis Enterprise Software supports LDAP through a role-based mechanism, first introduced in v6.0.20.
Earlier versions of Redis Enterprise Software supported a cluster-based mechanism; however, that mechanism was removed in v6.2.12.
If you’re using the cluster-based mechanism to enable LDAP authentication, you need to migrate to the role-based mechanism before upgrading to Redis Enterprise Software v6.2.12 or later.
This checklist covers the basic process:
Identify accounts per app on the customer end.
Create or identify an LDAP user account on the server that is responsible for LDAP authentication and authorization.
Create or identify an LDAP group that contains the app team members.
Verify or configure the Redis Enterprise ACLs.
Configure each database ACL.
Remove the earlier “external” (LDAP) users from Redis Enterprise.
(Recommended) Update cluster configuration to replace the cluster-based configuration file.
You can use
rladminto update the cluster configuration:
$ touch /tmp/saslauthd_empty.conf $ rladmin cluster config saslauthd_ldap_conf \ /tmp/saslauthd_empty.conf
Here, a blank file replaces the earlier configuration.
Use Settings > LDAP to enable role-based LDAP.
Map your LDAP groups to access control roles.
Test application connectivity using the LDAP credentials of an app team member.
(Recommended) Turn off default access for the database to avoid anonymous client connections.
Because deployments and requirements vary, you’ll likely need to adjust these guidelines.
Test LDAP access
To test your LDAP integration, you can:
redis-cliand use the
AUTHcommand to test LDAP username/password credentials.
Sign in to the admin console using LDAP credentials authorized for admin access.
Use RedisInsight to access a database using authorized LDAP credentials.
Use the REST API to connect using authorized LDAP credentials.
- Enable and configure role-based LDAP
- Map LDAP groups to access control roles
- Update database ACLs to authorize LDAP access
- Learn more about Redis Enterprise Software security and practices