Vault userpass/ldap over JSON

log

vault server -dev
export VAULT_ADDR='http://127.0.0.1:8200'
vault auth <token>

vault auth-enable userpass
vault write auth/userpass/users/justin password=secret policies=root

$ curl $VAULT_ADDR/v1/auth/userpass/login/justin -d '{ "password": "secret" }'
{
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "auth": {
    "client_token": "fda922fc-98e2-efd8-a03b-b79f69603c77",
    "policies": [
      "root"
    ],
    "metadata": {
      "username": "justin"
    },
    "lease_duration": 0,
    "renewable": false
  }
}

vault auth-enable ldap
vault write auth/ldap/config url="ldap://ldap.forumsys.com" \
  userattr=uid \
  userdn="dc=example,dc=com" \
  groupdn="dc=example,dc=com"
vault write auth/ldap/groups/scientists policies=root

$ curl $VAULT_ADDR/v1/auth/ldap/login/tesla -d '{ "password": "password" }'
{
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "auth": {
    "client_token": "5cb92552-6b6d-d0c9-ac5d-006a6339fd5e",
    "policies": [
      "root"
    ],
    "metadata": {
      "policies": "root",
      "username": "tesla"
    },
    "lease_duration": 0,
    "renewable": false
  }
}