When we configure RoR to connect to the AD and define ldap users against local groups, example:
- name: admins indices: [".kibana", ".kibana_*", "ls-*"] kibana_access: admin kibana_index: ".kibana" groups: ["admins"] - username: test groups: ["admins", "dev"] ldap_authentication: name: ldap1
Everything is consistent, the drop down works flawlessly, no complains.
But when we want to define ldap groups instead (so no users in the config, directly fetch the users from the AD groups), example:
- name: admins perms ldap_auth: name: "ldap1" groups: ["admins"] indices: [".kibana", ".kibana_*", "ls-*"] kibana_access: admin kibana_index: ".kibana" - name: dev ldap_auth: name: "ldap1" groups: ["dev"] indices: [".kibana_dev", "ls-x-*", "ls-g-*"] kibana_access: rw kibana_hide_apps: ["readonlyrest_kbn", "timelion", "monitoring"] kibana_index: ".kibana_dev"
That’s where our problems start, my user belong to both groups, we can login but sometimes the drop menu (admins / dev) appears sometimes it doesn’t… when it appears and I land on admins and choose dev, it goes to it but the drop menu instead of persisting disappear…
In conclusion if I rely on the AD only for user auth, everything is consistent, drop menu works flawlessly, if I rely on AD groups for everything it’s an inconsistent experience.
Any experience or opinion you can share.