HI @sscarduzio,
we got success in readonlyrest configuration and we have met our all requirements.
but now our another requirement is-
we don’t want to give credentials for each LDAP group.
In below configuration we have to specify bind_dn and bind_password of at least one user to bind other users of that group. We are not able to get username and password of one person for each LDAP to specify bind_dn and bind_password.
Is there any way that we can specify only one bind_dn and bind_password for all users and groups, Because we have only one host i.e. host: “ad.example.com”. We want only one username and password to bind all users of my LDAP and don’t want to specify in each LDAP.
readonlyrest:
ssl:
enable: true
keystore_file: "/opt/READONLYREST/elasticsearch-6.3.0/config/keystore.jks"
keystore_pass: readonlyrest
key_pass: readonlyrest
key_alias: elk01 #This is needed only when the keystore has multiple entries
audit_collector: true
access_control_rules:
- name: "::admin::"
auth_key: admin:admin
- name: "::KIBANA-SRV::"
auth_key: kibana:kibana
verbosity: error
- name: RULE1
indices: [".kibana","logstash-*","index1"]
groups: ["lg1"]
- name: 'Grant RW Kibana access to a LDAP group Wallets Research'
indices: [".kibana","logstash-*","index2","advance_search_rating_detail"]
- name: 'Grant RW Kibana access to a LDAP group Development'
indices: [".kibana","logstash-*","index2"]
ldap_authentication: "ldap3"
users:
- username: RonakB
groups: ["lg1"]
ldap_authentication: "ldap1"
ldaps:
- name: ldap1
host: "ad.example.com"
port: 389 # default 389
ssl_enabled: false # default true
ssl_trust_all_certs: false # default false
bind_dn: "CN=RasdB,OU=Wallets Research,OU=Mercator – Client Analytics,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=example,DC=com"
bind_password: "abh@2018"
search_user_base_DN: "OU=Wallets Research,OU=Mercator – Client Analytics,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=example,DC=com"
search_groups_base_DN: "OU=Wallets Research,OU=Mercator – Client Analytics,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=example,DC=com"
user_id_attribute: "sAMAccountName" # default "uid"
unique_member_attribute: "uniqueMember" # default "uniqueMember"
- name: ldap2
host: "ad.example.com"
port: 389 # default 389
ssl_enabled: false # default true
ssl_trust_all_certs: false # default false
bind_dn: "CN=c-ahamad,OU=Development,OU=Mercator – Corporate functions,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=example,DC=com"
bind_password: "abc#1234"
search_user_base_DN: "OU=Development,OU=Mercator – Corporate functions,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=crisil,DC=com"
search_groups_base_DN: "OU=Development,OU=Mercator – Corporate functions,OU=Mercator,OU=Mumbai Airoli Mercator,DC=ad,DC=crisil,DC=com"
user_id_attribute: "sAMAccountName" # default "uid"
unique_member_attribute: "uniqueMember" # default "uniqueMember"