Hard code metadata values in ldap realm configuration


(Jonathan Channon) #1

In the LDAP realm configuration you can set the metadata value to be an ldap attribute that the realm uses to populate the user's metadata property. Is there a way to hardcode a value for metadata for example if I didn't want the realm to find a attribute on the ldap server but use a hardcoded value of "foo" as user metadata, is that possible?

Thanks


(Tim Vernum) #2

No. Why do you want it?


(Jonathan Channon) #3

Because we can't ask customers to change their ldap schema we were thinking that we setup multiple ldap realms with different filters to import different types of users. If we know they are different types of users we could hardcode the metadata field to something relevant for that type of user


(Tim Vernum) #4

What are you going to use that metadata for?
If it's for role mapping, then you might be able to use the realm name instead.
That wouldn't work for DLS templates though.


(Jonathan Channon) #5

We want to use it to do document level security and a role that contains a query to match a user's metadata to a field on the document - eg - https://www.elastic.co/blog/attribute-based-access-control-with-xpack


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.