Foxpass Cache Integration Guide

This page documents how to get your hosts to point to the Foxpass cache. If you haven't set up the cache yet, do so first by following the directions here.

🚧

Note

Only new hosts can use the cache system. If you would like to configure your current hosts to support it, contact us at [email protected].

To configure your hosts to point to your cache, simply run the install scripts as usual and add arguments with your cache endpoint.

Get the Endpoints

If you're running the cache in testing mode without a certificate or private key

Get the IP address of the container using the docker inspect command. The LDAP endpoint is simply "ldap://" + the IP address and the API endpoint is "http://" + the IP address.

If you're running the cache in production mode with a certificate and private key

If you’re using a cert and key, then use the URL you've set up for your cache.
The LDAP endpoint is simply “ldaps://” + the URL and the API endpoint is “https://” + the URL.

Run the Setup Script

Specify the LDAP and API endpoints by adding extra arguments to the setup script like so:

sudo python foxpass_setup.py --base-dn <base_dn> --bind-user <bind_user> --bind-pw <bind_pw> --api-key <api_key> --secondary-ldap <ldap_endpoint> --secondary-api <api_endpoint>

If you’re running multiple caches you can specify each endpoint by listing each cache as a separate argument. If the first cache fails, the server will check the second one and so on.

sudo python foxpass_setup.py --base-dn <base_dn> --bind-user <bind_user> --bind-pw <bind_pw> --api-key <api_key> --secondary-ldap <ldap_endpoint_1> --secondary-ldap <ldap_endpoint_2> --secondary-api <api_endpoint_1>  --secondary-api <api_endpoint_2>

Your final command should look something like this:

sudo python foxpass_setup.py --base-dn dc=example,dc=com --bind-user linux --bind-pw efGHbD3aFq --api-key 5GC3NRI5goRBAGkrlsxzYedg0r8HPAO7 --secondary-ldap ldaps://foxpass-cache.mycompany.com --secondary-api https://foxpass-cache.mycompany.com