PKI pull full dn not just cn

So i have a pki realm that passes auth to an ldap realm but the pki realm uses a usernam_pattern attribute to pull the cn from the pki but i want the whole dn returning and passing to the ldap realm.

e.g
PKI;

CN=VVVVVVVV,OU=WWWWWWWW,O=XXXXXXXX,L=YYYYYYYY,C=ZZZZZZZZ

LDAP user full DN;

CN=VVVVVVVV,OU=WWWWWWWW,O=XXXXXXXX,L=YYYYYYYY,C=ZZZZZZZZ

The pki realm uses a username_pattern that supposedly defaults to CN=(.*?)(?:,\|$) and so just grabs the cn VVVVVVVV and passes it to ldap, which fails as its looking for the whole DN. I dont want to just search on the CN as there's a chance multiple users have the same CN but different O or OU.

Any help would be great.

Did you try configure your own username_pattern setting? Security settings in Elasticsearch | Elasticsearch Guide [7.14] | Elastic

Thanks @Yang_Wang, I wondered if there was a way to not use that setting but seems there is no alternative. For anyone wanting to achieve the same the below code works perfectly fine.

pki1.username_pattern: "(.*)"

Cheers

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.