Change from OS internal user to ldap user in opensearch_dashboards.yml?

denkar October 22, 2022, 8:31pm 1

Hi,

Do anyone know if it is possible to change in the opensearch_dashboards.yml config. from the default internal kibanaserver user to an ldap user ?

See config. section below,

server.host: “127.0.0.1”
opensearch.hosts: [https://xx.xx.xx:9200]
opensearch.ssl.verificationMode: none
opensearch.username: xxxxx
opensearch.password: xxxxx
opensearch.requestHeadersAllowlist: [ authorization,securitytenant ]

I would like to use the security plugin but only with my ldap users and not with the builtin internal users if possible.

pablo October 24, 2022, 6:03pm 2

@denkar I’ve just tested that scenario and it worked with LDAP user.

My testing environment:

opensearch_dashboards.yml

opensearch.username: ldapuser1
opensearch.password: <password>

config.yml

config:
  dynamic:
    kibana:
      server_username: ldapuser1

roles_mapping.yml

kibana_server:
  reserved: true
  users:
  - "kibanaserver"
  - "ldapuser1"

denkar October 24, 2022, 6:15pm 3

Great, thanks again
I will use your config. example and set up my test env.

pablo October 26, 2022, 1:51pm 4

@denkar Please be aware that in case of losing connectivity to the LDAP server the OpenSearch Dashboards will fail to start.

Topic		Replies	Views	Activity
Default internal_users kibanaserver Open Source Elasticsearch and Kibana configure	1	756	July 7, 2022
Internal users unable to access dashboards Security	5	414	December 14, 2023
Authentication finally failed for kibanaserver OpenSearch troubleshoot , configure	6	1561	August 18, 2023
Internal/system users` passwords Security configure	1	110	February 6, 2024
Unable to change admin user password while deploying OpenSearch using Helm Chart OpenSearch discuss , troubleshoot , configure , install , security-issue	3	1421	August 8, 2023