Dipesh
December 18, 2020, 5:15pm
1
Hi All,
We have done LDAP Integration in Opendistro security plugin and for separate user level it is working but unable to configure LDAP as in group level, we followed official Opendistro document but still we are not able to access in LDAP groups, we are using Opendistro V1.8.0 can anyone please guide us on that still we are facing that issue.
Thanks,
Dipesh Kumar Nage
victor
January 8, 2021, 10:32am
2
Hi,
We have the exact same issue. We only want to authenticate users in a certain security group. We dont want to search the whole OU. Is there any known fix to this?
Anthony
February 11, 2021, 8:02pm
3
@Dipesh See below my set up, I have groups mapped in ou=GroupsNew, will this work for your use case?
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
ldap:
description: "Authenticate via LDAP or Active Directory"
http_enabled: true
transport_enabled: false
order: 2
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- <ldap_ip>:<port>
bind_dn: <username>
password: <password>
userbase: 'cn=Users,dc=local,dc=local'
username_attribute: "uid"
usersearch: '(sAMAccountName={0})'
authz:
roles_from_myldap:
description: "Authorize via LDAP or Active Directory"
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- <ldap_ip>:<port>
bind_dn: <username>
password: <password>
rolebase: 'ou=GroupsNew,dc=local,dc=local'
rolesearch: '(member={0})'
userroleattribute: null
userrolename: disabled
rolename: cn
resolve_nested_roles: true
userbase: 'cn=Users,dc=local,dc=local'
usersearch: '(uid={0})'