We currently have a three node ELK cluster and two kibana instances. We have setup ReadOnlyRest to use ldap. Whenever we make permissions changes under our ldap users within the kibana ReadOnlyRest tab the changes make it so that we are only able to have ldap users login to one of the two kibana instances.
Our non-ldap users such as admin can still login on both kibana instances. It seems fairly random which instance we can login to as ldap users. It does not seem to be tied to which instance we update ReadOnlyRest on
This is for ReadOnlyRest that matches kibana version 6.5.1