PKI pull full dn not just cn

So i have a pki realm that passes auth to an ldap realm but the pki realm uses a usernam_pattern attribute to pull the cn from the pki but i want the whole dn returning and passing to the ldap realm.



LDAP user full DN;


The pki realm uses a username_pattern that supposedly defaults to CN=(.*?)(?:,\|$) and so just grabs the cn VVVVVVVV and passes it to ldap, which fails as its looking for the whole DN. I dont want to just search on the CN as there's a chance multiple users have the same CN but different O or OU.

Any help would be great.

Did you try configure your own username_pattern setting? Security settings in Elasticsearch | Elasticsearch Guide [7.14] | Elastic

Thanks @Yang_Wang, I wondered if there was a way to not use that setting but seems there is no alternative. For anyone wanting to achieve the same the below code works perfectly fine.

pki1.username_pattern: "(.*)"


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.