Question on LDAP integration to open the kibana dashboards as per the roles assigned

Hi,
I want enable the LDAP integration to open the kibana dashboard as per the roles assigned to the user.
I have scenario like where 8 users are grouped together. out of 8, 4 users should have read access and
remaining 4 users should have write access. can you please send me the sample elasticsearch cofig yaml and role_mapping.yml
I have gone through the below elasticsearch documentation,but little bit confused.
https://www.elastic.co/guide/en/elasticsearch/reference/current/ldap-realm.html#mapping-roles-ldap

In the above documentation, is it mandatory to setup the password for the LDAP users?

How can i configure for 100 users in yaml file and their corresponding passwords?capture_20200102183306

Is there any impact on built in users if LDAP configuration is setup in elasticsearch? if so,please provide the link to understand more details

  • How can i configure for 100 users in yaml file and their corresponding passwords?

    When using LDAP, the users and their passwords are defined in the LDAP server, not in Elasticsearch.

  • Is there any impact on built in users if LDAP configuration is setup in elasticsearch?

    No.

It will probably be very hard to find someone to actually do your configuration based on a high level requirement. There are just too many details and nuances about your specific environment and use case that no one in these forums has.
The best way is to try and do the configuration yourself. Read the docs and the examples, at least give it a try, show what you did, what exactly you don't understand, how things fail and with what error messages, what are you expecting to happen and what happens instead and then people in here will gladly try to help you fix your configuration and get your environment working.

Read through the following to understand what authentication is and how an LDAP realm should be configured :

Now also read through User authorization | Elasticsearch Guide [8.11] | Elastic to get an idea about user authorization and how roles and privileges work.

Once you have the LDAP realm configured and working, you will then need to configure the role mappings which will map Testing 1 LDAP group to a role in Elasticsearch that gives read access to the indices you want and map Testing 2 LDAP group to a role in Elasticsearch that gives write access .

Hope this helps as a starting point

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.