Adding multiple new LDAP/Active Directory realms on the fly

ljacobs · February 17, 2017, 2:11pm

Hi all,

I am currently looking to x-pack and the elastic stack to implement a kind of User Management system, where there will be multiple external "companies" signing up and linking their own external ldap servers/active directories.

I've been looking through the documentation around ldap and active directory realms, and have two main concerns.

The documentation mentions that an ElasticSearch restart is required when configuring a new realm, this doesn't sound optimal for my use case where a new "company" can link or de-link their active directory at any time.
As order is specified in the configuration, this implies to me that if I have 100 active directories linked, users in active directory 100 will have first had their details checked in the other 99 repositories.

Is there a better method for setting up this kind of use case, where any number of external active directories/ldap repositories can be added and queried on the fly?

Cheers,
Lewis

warkolm · February 18, 2017, 10:15pm

Those are the limitations when you want to deploy in this sort of setup.

You could abstract things into the native (API) realm.

system · March 18, 2017, 10:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
LDAP multiple realms Elasticsearch	5	1057	August 28, 2018
Is it possible to connect to different ldap realm? Elasticsearch elastic-stack-security	5	413	June 10, 2020
How to Configure X-Pack for Active Directory Elasticsearch	7	4322	March 3, 2017
Multiple realms not working Elasticsearch elastic-stack-security	3	1259	July 6, 2017
CROSS REALM support for yaml role mapping file Elasticsearch	3	587	December 16, 2017

Adding multiple new LDAP/Active Directory realms on the fly

Related topics