I have this use case:
I have reverse proxy, which will query the ldap based on kerberos auth, it will populate the headers with user name and all the groups from ldap. Everything is working fine, but i’m unable to google solution how to set up readonlyrest.yml with those groups.
For example i will have header X-Forwarded-Groups:grp1,grp2,grp3, i only care about grp2, because for grp2 i need to restrict access to some indices and actions.
So i want to extract those headers values and if it contains the grp2 then use this auth block in readonlyrest.yml.
Is this possible ? (I want to also have ldap auth in readonlyrest, but i cannot find if its possible to authentificate user with reverse proxy and then fire ldap to get groups in readonlyrest side)