I can't seem to get the impersonated user's ad groups reflected in xpack to acheive document label security, but instead just the user I'm authenticating to AD with. It just seems to ignore my run_as user.
Can someone please show me a snippet of config?