any news regarding the subject?
so, basically, this does not work with active directory realm (with LDAP realm works fine, but no nested groups support):
No, the behaviour you describe has not changed in the latest releases of X-Pack and we have no announcements about any such changes.
As of right now, the AD realm requires the user's password in order to determine their groups (and consequently their roles) and the LDAP realm does not support nested groups.
Thank you for getting back to me.
So, it's not a bug it's a limitation. Sadly, that is not mentioned on the documentation, more over, there is a blog article, which is optimistically hinting at possibility of impersonation with AD... That's why I spent a whole day trying to configure the thing, which does not work by design.
Do you think, it could change in the future and the impersonation feature would work with AD as well?
Thanks!
I'm the product manager for X-Pack Security. I've added this feedback to my product feature data. I can't promise anything at this point, but I'll see what I can do.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.