LDAP add user to group does not change backend_roles

Security
1

Hi,
I configured LDAP authentication and everythings work fine.
But after first time autentication,i add user to another group and infomation about role_backends of user dont change.

Example:
I create user esuser5 and check authinfo :
curl --insecure https://**********:9200/_opendistro/_security/authinfo?pretty -u esuser5
Enter host password for user ‘esuser5’:
{
“user” : “User [name=esuser5, backend_roles=[ipausers], requestedTenant=null]”,
“user_name” : “esuser5”,
“user_requested_tenant” : null,
“remote_address” : “**************”,
“backend_roles” : [
“ipausers”
],
“custom_attribute_names” : [
“ldap.dn”,
attr.ldap.cn”,
“attr.ldap.gidNumber”,
“attr.ldap.krbCanonicalName”,
“attr.ldap.initials”,
“attr.ldap.createTimestamp”,
“attr.ldap.modifyTimestamp”,
“ldap.original.username”,
“attr.ldap.uidNumber”,
“attr.ldap.gecos”,
“attr.ldap.displayName”,
“attr.ldap.ipaUniqueID”,
“attr.ldap.sn”,
“attr.ldap.krbPrincipalName”,
“attr.ldap.entryusn”,
“attr.ldap.homeDirectory”,
“attr.ldap.krbLastPwdChange”,
“attr.ldap.loginShell”,
“attr.ldap.objectClass”,
“attr.ldap.parentid”,
“attr.ldap.uid”,
“attr.ldap.mail”,
“attr.ldap.givenName”
],
“roles” : [
“own_index”
],
“tenants” : {
“esuser5” : true
},
“principal” : null,
“peer_certificates” : “0”,
“sso_logout_url” : null
}

After that,i add esuser5 to group admins and check authinfo again and get same result.
backend_roles still ipausers,no admins.

Any idea ?

2

@haibt Did you manage to get this working?

If not, did you try to run ldapsearch to see if the new role is provided from ldap?