Can someone assist me with my LDAP configuration?
Notice that “groups” contains “group_does_not_exist”. Not surprisingly, this group does not exist on my LDAP server. In spite of this, though, it appears that the first (and only) access control rule is being used for all users.
If I simply execute the statement
curl 'localhost:9200/_cat/indices?v' (even from an external machine), it returns a valid list of indexes. If I set “indexes” to “", all indices will be returned. But if I set “indexes” to "logs-”, then only the subset of indices are returned. This indicates to me that this rule is being used for authorization. Yet how is it being matched if the LDAP group doesn’t exist (and I’m not even specifying a user when executing the statement)?
What am I missing? Any help appreciated.
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
- name: Access control rule 1
- name: ldap1