Well, it seems I need help to configure, it does not work fine on my side.
I had in mind to give elastic access to users by having them in a Active directory group.
I also asked to other users on Github to see how they dealed.
Maybe it is related to my special version 15.1 ?
here my RoR block :
- name: elkg test LAB (read)
ldap_authentication: "srvldap"
ldap_authorization:
name: "srvldap"
groups: ["L_elkg_test_vcsa6_R"]
type: allow
kibana_access: ro
indices: ["<no-index>", "watcher", "watcher_alarms", ".kibana*", "log_lu_ei_sys_vcsa6*", "home"]
ldaps:
- name: srvldap
host: "srvldap.root.corp"
port: 389
ssl_enabled: false
ssl_trust_all_certs: true
bind_dn: "CN=elk_account_ldap,OU=Service_Account,DC=srvldap,DC=root,DC=corp"
bind_password: "pouetpouet"
search_user_base_DN: "DC=srvldap,DC=root,DC=corp"
user_id_attribute: "sAMAccountName"
search_groups_base_DN: "OU=ELK,OU=LAB,DC=srvldap,DC=root,DC=corp"
unique_member_attribute: "member"
connection_pool_size: 10
connection_timeout_in_sec: 10
request_timeout_in_sec: 10
cache_ttl_in_sec: 60
I had in mind to obtain this behavior :
Users belonging to group L_elkg_test_vcsa6_R (CN=L_elkg_test_vcsa6_R,OU=ELK,OU=LAB,DC=srvldap,DC=root,DC=corp) would only match to the block, and gets access to kibana ro, indices “”, “watcher”, “watcher_alarms”, “.kibana*”, “log_lu_ei_sys_vcsa6*”, “home” etc.
Currently the group has no member inside, but all users in ldaps srvldap are able and match the block…
what did I do wrong in my block rule ? or I should not do like this ?