I currently have an ES instance running and have been trying to integrate Shield access with my company's AD. At this point in time, Shield currently authenticates any user in our AD domain.
My question is: is it possible to limit Shield access based on an AD group?
I have been trying different iterations of group_search attribute (and others), however it does not seem to have an effect on who has access. (EX. Setting group_search base_dn to the full distinguished name of a "Developers" group, anyone in AD can still get through shield).
Just wondering if anyone has any success or run into similar issues integrating into an existing AD realm.