In the LDAP realm configuration you can set the
metadata value to be an ldap attribute that the realm uses to populate the user's metadata property. Is there a way to hardcode a value for metadata for example if I didn't want the realm to find a attribute on the ldap server but use a hardcoded value of "foo" as user metadata, is that possible?
Because we can't ask customers to change their ldap schema we were thinking that we setup multiple ldap realms with different filters to import different types of users. If we know they are different types of users we could hardcode the metadata field to something relevant for that type of user
What are you going to use that metadata for?
If it's for role mapping, then you might be able to use the realm name instead.
That wouldn't work for DLS templates though.
We want to use it to do document level security and a role that contains a query to match a user's metadata to a field on the document - eg - https://www.elastic.co/blog/attribute-based-access-control-with-xpack
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.