Active Directory Role Mappings to Groups

I am trying to map roles to AD groups. But can't get it working.

I tried the following

PUT /_security/role_mapping/Lvl-3
  "roles" : [ "Level_3" ],
  "rules" : { "field" : { "groups" : "OU=Ops_Intel_Groups,OU=Accounts_Groups,CN=Lvl-3,DC=DOMAIN,DC=local" } },
  "enabled": true

I tried with upper case and lower case. i.e. OU/ou, CN/cn, etc.

This is the AD structure/hierarchy

Under Ops_Intel_Groups there are a few security groups and one of them is Lvl-3

This is elasticsearch.yml
    order: 0
    enabled: true
    domain_name: "DOMAIN.local"
    url: ["ldaps://server1:636", "ldaps://server2:636", "ldaps://server3:636", "ldaps://server4:636", "ldaps://server5:636", "ldaps://server6:636"]
    load_balance.type: failover
    ssl.certificate_authorities: ["pem.pem"]
    ssl.verification_mode: certificate

Anything missing? or maybe wrong syntax?

When I map a single user to a role, it works fine. The issue is with AD groups.


In the log I see the following

[SERVER] Authentication of [myuser@domain.local] 
using realm [active_directory/active_directory_1] 
with token [UsernamePasswordToken] 
was [AuthenticationResult{status=SUCCESS, ...


Then I get


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.