Can't map ldap group to admin roles

AbhiAbhishek · May 27, 2024, 7:01am

Hello all & @Mantas,

I am not able to map the ldap group to admin roles. Able to login to the opensearch dashboard with ldap group but not the opensearch getting error.

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "no permissions for [cluster:monitor/main] and User [name=p3087732adm, backend_roles=[null], requestedTenant=null]"
      }
    ],
    "type": "security_exception",
    "reason": "no permissions for [cluster:monitor/main] and User [name=p3087732adm, backend_roles=[null], requestedTenant=null]"
  },
  "status": 403
}

My config file.

---
_meta:
  type: "config"
  config_version: 2

config:
  dynamic:
    authc:
      ldap:
        description: "Authenticate via LDAP or Active Directory"
        http_enabled: true
        transport_enabled: true
        order: 5
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
              - vm0uwvdsxxa0001.corp.chartercom.com
            bind_dn: cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com
            password: XXXXXXX
            userbase: 'ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com'
            usersearch: '(sAMAccountName={0})'
            username_attribute: uid
    authz:
      roles_from_myldap:
        description: "Authorize via LDAP or Active Directory"
        http_enabled: true
        transport_enabled: true
        authorization_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
              - vm0uwvdsxxa0001.corp.chartercom.com
            bind_dn: cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com
            password: 5hm8tCE5UVSJrFFw
            rolebase: ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com
            rolesearch: '(sAMAccountName={0})'
            userroleattribute: roles
            userrolename: memberOf
            rolename: cn
            resolve_nested_roles: false
            userbase: ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com
            usersearch: '(sAMAccountName={0})'

 curl --insecure -u admin:XXXXX -XGET https://vm0unelkdla0001.corp.chartercom.com:9200/_plugins/_security/api/securityconfig?pretty
{
  "config" : {
    "dynamic" : {
      "filtered_alias_mode" : "warn",
      "disable_rest_auth" : false,
      "disable_intertransport_auth" : false,
      "respect_request_indices_options" : false,
      "kibana" : {
        "multitenancy_enabled" : true,
        "private_tenant_enabled" : true,
        "default_tenant" : "",
        "server_username" : "kibanaserver",
        "index" : ".kibana"
      },
      "http" : {
        "anonymous_auth_enabled" : false,
        "xff" : {
          "enabled" : false,
          "internalProxies" : "192\\.168\\.0\\.10|192\\.168\\.0\\.11",
          "remoteIpHeader" : "X-Forwarded-For"
        }
      },
      "authc" : {
        "jwt_auth_domain" : {
          "http_enabled" : false,
          "order" : 0,
          "http_authenticator" : {
            "challenge" : false,
            "type" : "jwt",
            "config" : {
              "signing_key" : "base64 encoded HMAC key or public RSA/ECDSA pem key",
              "jwt_header" : "Authorization",
              "jwt_clock_skew_tolerance_seconds" : 30
            }
          },
          "authentication_backend" : {
            "type" : "noop",
            "config" : { }
          },
          "description" : "Authenticate via Json Web Token"
        },
        "ldap" : {
          "http_enabled" : true,
          "order" : 5,
          "http_authenticator" : {
            "challenge" : false,
            "type" : "basic",
            "config" : { }
          },
          "authentication_backend" : {
            "type" : "ldap",
            "config" : {
              "enable_ssl" : false,
              "enable_start_tls" : false,
              "enable_ssl_client_auth" : false,
              "verify_hostnames" : true,
              "hosts" : [
                "vm0uwvdsxxa0001.corp.chartercom.com"
              ],
              "bind_dn" : "cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com",
              "password" : "******",
              "userbase" : "ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com",
              "usersearch" : "(sAMAccountName={0})",
              "username_attribute" : "uid"
            }
          },
          "description" : "Authenticate via LDAP or Active Directory"
        },
        "basic_internal_auth_domain" : {
          "http_enabled" : true,
          "order" : 4,
          "http_authenticator" : {
            "challenge" : true,
            "type" : "basic",
            "config" : { }
          },
          "authentication_backend" : {
            "type" : "intern",
            "config" : { }
          },
          "description" : "Authenticate via HTTP Basic against internal users database"
        },
        "proxy_auth_domain" : {
          "http_enabled" : false,
          "order" : 3,
          "http_authenticator" : {
            "challenge" : false,
            "type" : "proxy",
            "config" : {
              "user_header" : "x-proxy-user",
              "roles_header" : "x-proxy-roles"
            }
          },
          "authentication_backend" : {
            "type" : "noop",
            "config" : { }
          },
          "description" : "Authenticate via proxy"
        },
        "clientcert_auth_domain" : {
          "http_enabled" : false,
          "order" : 2,
          "http_authenticator" : {
            "challenge" : false,
            "type" : "clientcert",
            "config" : {
              "username_attribute" : "cn"
            }
          },
          "authentication_backend" : {
            "type" : "noop",
            "config" : { }
          },
          "description" : "Authenticate via SSL client certificates"
        },
        "kerberos_auth_domain" : {
          "http_enabled" : false,
          "order" : 6,
          "http_authenticator" : {
            "challenge" : true,
            "type" : "kerberos",
            "config" : {
              "krb_debug" : false,
              "strip_realm_from_principal" : true
            }
          },
          "authentication_backend" : {
            "type" : "noop",
            "config" : { }
          }
        }
      },
      "authz" : {
        "roles_from_another_ldap" : {
          "http_enabled" : false,
          "authorization_backend" : {
            "type" : "ldap",
            "config" : { }
          },
          "description" : "Authorize via another Active Directory"
        },
        "roles_from_myldap" : {
          "http_enabled" : true,
          "authorization_backend" : {
            "type" : "ldap",
            "config" : {
              "enable_ssl" : false,
              "enable_start_tls" : false,
              "enable_ssl_client_auth" : false,
              "verify_hostnames" : true,
              "hosts" : [
                "vm0uwvdsxxa0001.corp.chartercom.com"
              ],
              "bind_dn" : "cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com",
              "password" : "******",
              "rolebase" : "ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com",
              "rolesearch" : "(sAMAccountName={0})",
              "userroleattribute" : "roles",
              "userrolename" : "memberOf",
              "rolename" : "cn",
              "resolve_nested_roles" : false,
              "userbase" : "ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com",
              "usersearch" : "(sAMAccountName={0})"
            }
          },
          "description" : "Authorize via LDAP or Active Directory"
        }
      },
      "auth_failure_listeners" : { },
      "do_not_fail_on_forbidden" : false,
      "multi_rolespan_enabled" : true,
      "hosts_resolver_mode" : "ip-only",
      "do_not_fail_on_forbidden_empty" : false,
      "on_behalf_of" : {
        "enabled" : false
      }
    }
  }
}

 curl --insecure -u p3087732adm:XXXXXXX -XGET https://vm0unelkdla0001.corp.chartercom.com:9200/_plugins/_security/authinfo?pretty
{
  "user" : "User [name=p3087732adm, backend_roles=[null], requestedTenant=null]",
  "user_name" : "p3087732adm",
  "user_requested_tenant" : null,
  "remote_address" : "22.242.73.84:54320",
  "backend_roles" : [
    null
  ],
  "custom_attribute_names" : [
    "attr.ldap.unixHomeDirectory",
    "attr.ldap.cacheModifiersName",
    "attr.ldap.objectGUID",
    "attr.ldap.userAccountControl",
    "ldap.original.username",
    "attr.ldap.prismuser",
    "attr.ldap.cacheCreatorsName",
    "attr.ldap.employeeType",
    "attr.ldap.sAMAccountName",
    "attr.ldap.uid",
    "attr.ldap.givenName",
    "ldap.dn",
    "attr.ldap.cn",
    "attr.ldap.cacheModifyTimestamp",
    "attr.ldap.description",
    "attr.ldap.gidNumber",
    "attr.ldap.name",
    "attr.ldap.cacheCreateTimestamp",
    "attr.ldap.uidNumber",
    "attr.ldap.displayName",
    "attr.ldap.objectSid",
    "attr.ldap.sn",
    "attr.ldap.cnmemberof",
    "attr.ldap.objectclass",
    "attr.ldap.uuid",
    "attr.ldap.loginShell"
  ],
  "roles" : [
    "a_role",
    "own_index"
  ],
  "tenants" : {
    "p3087732adm" : true
  },
  "principal" : null,
  "peer_certificates" : "0",
  "sso_logout_url" : null
}

Roles_mapping.yml

---
# In this file users, backendroles and hosts can be mapped to Security roles.
# Permissions for OpenSearch roles are configured in roles.yml

_meta:
  type: "rolesmapping"
  config_version: 2

# Define your roles mapping here

## Demo roles mapping

all_access:
  reserved: false
  backend_roles:
  - "admin"
  - "UX-RG-ElasticTeam"
  - "CN=UX-RG-ElasticTeam,OU=Role,OU=Unix,OU=Groups,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com"
  description: "Maps admin to all_access"

UX-RG-ElasticTeam:
  backend_roles:
  - "admin"
  description: "Maps custom access"

own_index:
  reserved: false
  users:
  - "*"
  backend_roles:
  - "kibanauser"
  - "UX-RG-ElasticTeam"
  - "CN=UX-RG-ElasticTeam,OU=Role,OU=Unix,OU=Groups,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com"
  description: "Allow full access to an index named like the username"

logstash:
  reserved: false
  backend_roles:
  - "logstash"

kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  description: "Maps kibanauser to kibana_user"

readall:
  reserved: false
  backend_roles:
  - "readall"

manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"

kibana_server:
  reserved: true
  users:
  - "kibanaserver"

a_role:
  reserved: false
  users:
  - "p3087732adm"
  backend_roles:
  - "kibanauser"
  - "UX-RG-ElasticTeam"
  - "CN=UX-RG-ElasticTeam,OU=Role,OU=Unix,OU=Groups,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com"

Anthony · May 27, 2024, 1:38pm

@AbhiAbhishek it seems like the rolesearch in authz is misconfigured:

rolesearch: '(sAMAccountName={0})'

It should probably be something similar to below, depending on your configuration:

rolesearch: '(member={0})'

You can run ldapsearch command below to get the correct details:

ldapsearch -H http://vm0uwvdsxxa0001.corp.chartercom.com -D cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com -w <password> -b "ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com"

AbhiAbhishek · May 28, 2024, 8:46am

@Anthony

Changing rolesearch didn’t solved my issue, getting the same error.

I installed openldap on my server & ran the ldapsearch command its generating the response continuously so I am not able to share it here.

With Regards,
Abhishek M

Anthony · May 28, 2024, 9:49am

Hi Abhishek,

I noticed you have userbase and rolebase in authz set to the same value, this is usually set to a different branch that contains the group attributes.

Can you provide first 30-40 line of output from the ldapsearch command?

AbhiAbhishek · May 28, 2024, 12:43pm

@Anthony
This is how its looks like Anthony, actually i converted into file its over 2 Gb.

# extended LDIF
#
# LDAPv3
# base <ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# users, authentication, security, corp.chartercom.com
dn: ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com
cacheModifyTimestamp: 20231110155101.167Z
cacheModifiersName: cn=Directory Manager
cacheCreatorsName: cn=Directory Manager
ou: users
entrydn: ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com
objectclass: top
objectclass: vdapcontainer
objectclass: organizationalUnit
modifyTimestamp: 20231110155101.167Z
modifiersName: cn=Directory Manager
creatorsName: cn=Directory Manager
createTimestamp: 20231110155101.167Z
cacheCreateTimestamp: 20231110155101.167Z

# !dolby, users, authentication, security, corp.chartercom.com
dn: uid=!dolby,ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc
 =com
displayName: !dolby
employeeType: S
cacheCreatorsName: cn=Directory Manager
adactualdn: CN=!dolby,OU=Testing,OU=Migration,OU=Secured Accounts,OU=SPECTRUM,
 DC=CORP,DC=CHARTERCOM,DC=com
entrydn: uid=!dolby,ou=users,ou=authentication,ou=security,dc=corp,dc=charterc
 om,dc=com
modifyTimestamp: 20231110155101.169Z
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
objectclass: shadowAccount
objectclass: posixAccount
objectclass: chtr-user
cacheModifyTimestamp: 20231110155101.169Z
createTimestamp: 20231110155101.169Z
uid: !dolby
cn: !dolby
prismuser: !dolby
userAccountControl: 66048
modifiersName: cn=Directory Manager
creatorsName: cn=Directory Manager
distinguishedName: CN=!dolby,OU=Testing,OU=Migration,OU=Secured Accounts,OU=SP
 ECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
cacheModifiersName: cn=Directory Manager
description: MIGRATED:TWCCORP
objectGUID:: IWB7I0MUQU2U5k05dTP1cA==
sn: !dolby
cnmemberof: AD-FGPP-SVCAccts
cacheCreateTimestamp: 20231110155101.169Z
actualdn: cn=!dolby,ou=users,dc=corp,dc=chartercom,dc=com
objectSid:: AQUAAAAAAAUVAAAAhqFNsIigAZ62FobesdFDAQ==
sAMAccountName: !dolby
memberOf: CN=AD-FGPP-SVCAccts,OU=ADSecurity,OU=Groups,OU=SPECTRUM,DC=CORP,DC=C
 HARTERCOM,DC=com
name: !dolby

# !Ntxcsgpwreset, users, authentication, security, corp.chartercom.com
dn: uid=!Ntxcsgpwreset,ou=users,ou=authentication,ou=security,dc=corp,dc=chart
 ercom,dc=com
displayName: Dallas CSG PW Reset server
employeeType: S
cacheCreatorsName: cn=Directory Manager
adactualdn: CN=Dallas CSG PW Reset server,OU=Testing,OU=Migration,OU=Secured A
 ccounts,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
entrydn: uid=!Ntxcsgpwreset,ou=users,ou=authentication,ou=security,dc=corp,dc=
 chartercom,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
objectclass: shadowAccount
objectclass: posixAccount
objectclass: chtr-user
cacheModifyTimestamp: 20240423230639.410Z
uid: !Ntxcsgpwreset
cn: Dallas CSG PW Reset server
prismuser: !ntxcsgpwreset
userAccountControl: 66050
distinguishedName: CN=Dallas CSG PW Reset server,OU=Testing,OU=Migration,OU=Se
 cured Accounts,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
cacheModifiersName: cn=Directory Manager
description: Remove - disabled 4/23/2024 - Kiran Patel owner
objectGUID:: D0CLZPZ+w0y+RJwMrT0VPg==
cnmemberof: AD-FGPP-SVCAccts
cnmemberof: MIG-GG-NTX-NTXCSGPW01-ADMINS
cnmemberof: MIG-DLG-RTX-IS-Operations
cnmemberof: MIG-GG-RTX-IS-Team-Billing-Config
cnmemberof: MIG-GG-RTX-IS-SQL-DB-RTXCare-db_datareader
cacheCreateTimestamp: 20231110155126.879Z
actualdn: cn=Dallas CSG PW Reset server,ou=users,dc=corp,dc=chartercom,dc=com
objectSid:: AQUAAAAAAAUVAAAAhqFNsIigAZ62FobejdFDAQ==
sAMAccountName: !Ntxcsgpwreset
memberOf: CN=AD-FGPP-SVCAccts,OU=ADSecurity,OU=Groups,OU=SPECTRUM,DC=CORP,DC=C
 HARTERCOM,DC=com
memberOf: CN=MIG-GG-NTX-NTXCSGPW01-ADMINS,OU=LTWC,OU=Servers,OU=Migration,OU=G
 roups,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
memberOf: CN=MIG-DLG-RTX-IS-Operations,OU=Migration,OU=Groups,OU=SPECTRUM,DC=C
 ORP,DC=CHARTERCOM,DC=com
memberOf: CN=MIG-GG-RTX-IS-Team-Billing-Config,OU=Migration,OU=Groups,OU=SPECT
 RUM,DC=CORP,DC=CHARTERCOM,DC=com
memberOf: CN=MIG-GG-RTX-IS-SQL-DB-RTXCare-db_datareader,OU=Migration,OU=Groups
 ,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
name: Dallas CSG PW Reset server

# !ServerAdmin, users, authentication, security, corp.chartercom.com
dn: uid=!ServerAdmin,ou=users,ou=authentication,ou=security,dc=corp,dc=charter
 com,dc=com
displayName: Local Server Management Account
employeeType: S
cacheCreatorsName: cn=Directory Manager
givenName: Server
adactualdn: CN=Local Server Management Account,OU=Testing,OU=Migration,OU=Secu
 red Accounts,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
entrydn: uid=!ServerAdmin,ou=users,ou=authentication,ou=security,dc=corp,dc=ch
 artercom,dc=com
modifyTimestamp: 20231110155204.515Z
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
objectclass: shadowAccount
objectclass: posixAccount
objectclass: chtr-user
cacheModifyTimestamp: 20231110155204.515Z
createTimestamp: 20231110155204.515Z
uid: !ServerAdmin
cn: Local Server Management Account
prismuser: !serveradmin
userAccountControl: 66048
modifiersName: cn=Directory Manager
creatorsName: cn=Directory Manager
distinguishedName: CN=Local Server Management Account,OU=Testing,OU=Migration,
 OU=Secured Accounts,OU=SPECTRUM,DC=CORP,DC=CHARTERCOM,DC=com
cacheModifiersName: cn=Directory Manager
objectGUID:: yvh5PjtNzkOj/glvcGvrtg==
sn: Administrator Account
cnmemberof: AD-FGPP-SVCAccts
cacheCreateTimestamp: 20231110155204.515Z
actualdn: cn=Local Server Management Account,ou=users,dc=corp,dc=chartercom,dc
 =com
objectSid:: AQUAAAAAAAUVAAAAhqFNsIigAZ62Foben9FDAQ==
sAMAccountName: !ServerAdmin
memberOf: CN=AD-FGPP-SVCAccts,OU=ADSecurity,OU=Groups,OU=SPECTRUM,DC=CORP,DC=C
 HARTERCOM,DC=com
name: Local Server Management Account

# !swrocadmin, users, authentication, security, corp.chartercom.com
dn: uid=!swrocadmin,ou=users,ou=authentication,ou=security,dc=corp,dc=charterc
 om,dc=com
displayName: !swrocadmin
employeeType: S
cacheCreatorsName: cn=Directory Manager
adactualdn: CN=!swrocadmin,OU=Disabled Accounts,OU=Media,OU=SPECTRUM,DC=CORP,D
 C=CHARTERCOM,DC=com
entrydn: uid=!swrocadmin,ou=users,ou=authentication,ou=security,dc=corp,dc=cha
 rtercom,dc=com
modifyTimestamp: 20231110155101.171Z
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
objectclass: shadowAccount
objectclass: posixAccount
.....

Anthony · May 28, 2024, 1:34pm

@AbhiAbhishek can you change the setting in authz to :

            rolebase: dc=corp,dc=chartercom,dc=com
            rolesearch: '(member={0})'
            userroleattribute: null
            userrolename: "disabled"
            rolename: "cn"
            resolve_nested_roles: true

AbhiAbhishek · May 28, 2024, 1:49pm

@Anthony

Still getting the same error Anthony. Changed the config yml & applied the security changes.

authc:
      ldap:
        description: "Authenticate via LDAP or Active Directory"
        http_enabled: true
        transport_enabled: true
        order: 5
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
              - vm0uwvdsxxa0001.corp.chartercom.com
            bind_dn: cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com
            password: 5hm8tCE5UVSJrFFw
            userbase: 'ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com'
            usersearch: '(sAMAccountName={0})'
            username_attribute: uid
    authz:
      roles_from_myldap:
        description: "Authorize via LDAP or Active Directory"
        http_enabled: true
        transport_enabled: true
        authorization_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
              - vm0uwvdsxxa0001.corp.chartercom.com
            bind_dn: cn=svc-vds-specenteradd,ou=users,ou=serviceaccts,ou=security,dc=corp,dc=chartercom,dc=com
            password: 5hm8tCE5UVSJrFFw
            rolebase: dc=corp,dc=chartercom,dc=com
            rolesearch: '(member={0})'
            userroleattribute: null
            userrolename: disabled
            rolename: cn
            resolve_nested_roles: true
            userbase: ou=users,ou=authentication,ou=security,dc=corp,dc=chartercom,dc=com
            usersearch: '(sAMAccountName={0})'

With Regards,
Abhishek

Anthony · May 28, 2024, 8:35pm

@AbhiAbhishek

You can try the below configuration:

authc:
userbase: “dc=example,dc=org”
usersearch: “(uid={0})”
username_attribute: “uid”

authz:
rolebase: “dc=example,dc=org”
rolesearch: “(memberUid={0})”
userroleattribute: null
userrolename: none
rolename: “cn”
resolve_nested_roles: true

AbhiAbhishek · June 3, 2024, 11:44am

The following configuration also doesn’t working for me.

With Regards,
Abhishek M

Anthony · June 5, 2024, 1:47pm

@AbhiAbhishek This would need a deeper investigation into the openldap configuration you are using, as the above config was tested with openldap configuration out of the box

The best approach would be to:

Ensure the configuration is uploaded to OpenSearch after each change using securityadmin.sh.
Use ldapsearch to investigate what is available when logging in with ldap.
Examine openldap logs for any indication of the connection details

Topic		Replies	Views
LDAP "User Authenticated" but no OpenDashboards acess Security	3	387	September 21, 2022
Roles from roles_mapping are ignored Security	8	47	August 27, 2024
Mapping AD groups, contains other groups, to roles OpenSearch configure	0	419	February 25, 2023
LDAP backend roles (Authz) not working Security troubleshoot	10	882	April 18, 2023
OpenSearchSecurityException[No user admin found]; Security install	3	699	February 3, 2022

Can't map ldap group to admin roles

Related topics