Initially I put something like that in my plugins/opendistro_security/securityconfig/config.yml
:
ldap:
http_enabled: true
transport_enabled: true
order: 5
http_authenticator:
type: basic
challenge: false
authentication_backend:
# LDAP authentication backend (authenticate users against a LDAP or Active Directory)
type: ldap
config:
# enable ldaps
enable_ssl: false
# enable start tls, enable_ssl should be false
enable_start_tls: false
# send client certificate
enable_ssl_client_auth: false
# verify ldap hostname
verify_hostnames: false
hosts:
- ldap.domain.com:3268
bind_dn: ${LDAP_BIND_DN}
password: ${LDAP_BIND_PASSWORD}
usersearch: '(sAMAccountName={0})'
userbase: 'OU=Accounts and Groups,DC=domain,DC=com'
username_attribute: 'sAMAccountName'
But even though I set those variables in ES environment, I got errors on LDAP connection with error 49, implying that credentials are not valid. When I replace the variables with actual values, it works. That’s not bad, but I want to commit this config to Git, and having secrets there is, of course, extremely undesirable. Is there any workaround?