I'm trying to find out how to implement document level security based on ldap groups.I have installed xpack plugin and configured ldap realm in elastic search.yml file successfully. Login /out is working based on ldap userid/password through kibana. However I'm looking for authorization of users based on ldap group they are in. User can be in multiple groups. For example if a document has permissions for users in group1,group2. So any user in ldap group1 should be able to access that particular document. user is recognized based on userid/username.
Is it possible to get all ldap groups/roles of a user based on userid/username