Hi, I have a shared elastic search cluster with 1 node and 2 shards per node.
My LDAP user database is not classified in groups, so I’d like to know if there’s a way to give permissions to users instead of groups using LDAP authentication.
Hi, I gave up LDAP and decided to go with proxy_auth to solve my problem. My university has an Identity provider (Shibboleth). I’m using it now combined with Apache(reverse proxy) to pass the auth variables(username) to kibana which forwards them to ReadOnlyRest, where I choose which users have permissions to certain indices or not. It’s really neat
Yes! Shibboleth is not directly supported.
The way to go is exactly what you did and what CERN did: Apache as reverse proxy to handle the authentication and set a header. Then in ROR you use proxy_auth rule and headers variables like @{username} as values for the indices rule, et al.