Nested ldap group

driveirk · October 12, 2022, 9:14am

Idea Name

We have 2 locations US and EU.

Only dev_us users can log in to kibana US

Only dev_eu users can join kibana EU

The EU crashes crash and US users should be able to login to Kibana EU.

To do this, we make the dev_us group nested within the dev_eu group.

dev_eu

|->dev_us

And dev_us users can login to kibana EU.

Example

"dev_us":[ "billie" ]
dev_EU: [
  "anne",
   "dev_us"
]

ROR in kibana EU:
access only[“dev_EU”]

That is, we have large nested groups. And usually it is enough for a person to put Senior_developers_grp in order to understand that he is also included in developer_grp. Now we have to indicate that the person is in developer_grp and Senior_developers_grp, as nesting does not work.

I hope I managed to explain?

Let’s do this?

1
2
3
4
5

0 voters

sscarduzio · October 12, 2022, 9:44am

So I assume when a user in a nested group logs in, we resolve two groups, i.e. solution a) from previous topic ?

driveirk · October 12, 2022, 10:21am

Yes everything is correct.
I want to note that in the ROR configuration, if you look at the previous post, the senior_developers_grp group is not specified.
It is indicated that only develpers_grp has access

driveirk · May 9, 2023, 2:24pm

Hi, you wrote that you created ticket RORDEV-747 in jira .
How can I watch it? I can’t find a link to the ticket.

coutoPL · June 18, 2023, 6:29pm

This is done. Will be released with 1.49.1. See our docs.

coutoPL · June 26, 2023, 9:27pm

ROR 1.49.1 released.

driveirk · July 7, 2023, 4:34pm

Yes, it works. Thanks a lot.
using nested_groups_depth