we are planing to go for the Enterprise Version of RoR. There is one thing which we want to know before going ahead.
Is there any option to create Users in an autoamtic way? For example writing directly into the clusterwide settings index or something similar?
You can certainly automate writes into the clusterwide settings to create local users.
However, if your users are created in an external system like (LDAP/SAML/Oauth+JWT) you could more practicly use dynamic variables to create a tenancy on the fly when a new user authenticates for the first time.
For example:
Using LDAP with dynamic variables to automatically create tenancies for new/unknown LDAP users.
The following configuration allows you to automatically create new Kibana tenancies simply by adding new users to an LDAP server.
readonlyrest:
access_control_rules:
- name: "Kibana tenants from LDAP"
indices: [".kibana_@{user}", "@{user}_logstash_*"]
kibana_index: ".kibana_@{user}"
ldap_auth:
name: "ldap1" # ldap name from below 'ldaps' section
groups: ["kibana_ldap_tenants", "it_admins"] # group within 'ou=Groups,dc=example,dc=com'
ldaps:
- name: ldap1
host: "ldap1.example.com"
port: 389
ssl_enabled: true
ssl_trust_all_certs: true
bind_dn: "cn=admin,dc=example,dc=com" # optional, skip for anonymous bind
bind_password: "password"
Steps to implement this:
An working LDAP server configured into ROR
Add a new user “new_user” into LDAP (without changing anything in ROR settings)
The new user tries to authenticate to ROR Enterprise
ROR forwards the authentication request to LDAP
Authentication is successful, and the user belongs to either “kibana_ldap_tenants”, or “it_admins”
ROR will create a brand new Kibana tenancy (kibana index: “.kibana_new_user”)