Idea Name
Instead of having one large yaml file for ROR configuration, we could split the sections such as ACL, Users, etc… into its own file
Example
global.yaml
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
prompt_for_basic_auth: true
groups.yaml
access_control_rules:
- name: "::LOCAL ADMIN::"
groups: ["admin"]
kibana_access: admin
verbosity: error
- name: "::LDAP ADMIN::"
kibana_access: admin
ldap_auth:
name: "ldap01"
groups: ["EK_ADMINS"]
verbosity: error
users.yaml
users:
- username: admin
auth_key_sha256: hash
groups: ["admin"]
ldap.yaml
ldaps:
- name: ldap01
host: "${LDAP_HOST}"
port: ${LDAP_PORT}
ssl_enabled: true
ssl_trust_all_certs: true
bind_dn: "${LDAP_BIND_DN}"
bind_password: "${LDAP_BIND_PASSWORD}"
search_user_base_DN: "${LDAP_SEARCH_USER_DN}"
search_groups_base_DN: "${LDAP_SEARCH_GROUP_DN}"
user_id_attribute: "userPrincipalName"
unique_member_attribute: "member"
Let’s do this?
- 1
- 2
- 3
- 4
- 5
0 voters