How to combine (logical "and") membership of 2 LDAP groups in role_mapping file

Hello everybody,
I have trouble writing LDAP role_mapping.yml.
I want to map users who are members of both 'elk-users' and 'team-core' groups to an elastic role. I did it through API and Lucene language using the 'all' keyword but cannot translate it to YAML file.
this is my role_mapping file contents:

  - cn=elk-admins,dc=yektanet,dc=tech
  - cn=elk-users,cn=team-core,dc=yektanet,dc=tech

the superuser role mapping works well but the second mapping always fails (no roles for a user with both elk-users and team-core group membership).

I would be grateful if someone helps me through this.

It is not possible to do that in the role mapping file.
If you need that functionality then you will need to use to role mapping API instead.

1 Like

Thanks for the answer.
However, it's worth mentioning I did a workaround by putting my LDAP query in user_search.filter field:

  base_dn: "dc=yektanet,dc=tech"
  filter: "(&(cn={0})(|(memberOf=cn=elk-users,dc=yektanet,dc=tech)(memberOf=cn=elk-admins,dc=yektanet,dc=tech)))"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.