Custom attributes for LDAP users

Greetings all,

I was wondering if there is a way to define custom attributes for LDAP users. Some attributes are not always available in LDAP so we may need to generate them manually.

Appreciate your help.


Hello @asfoorial

Please check the below documentation. Is that what you’re looking for?

This pulls the attributes from Active Directory. However, the source of the attributes is a different database.

@asfoorial, what is your LDAP IdP?

Active Directory is used for Idp. However, other custom attributes which don’t exist in Active Directory are needed. These attributes are coming from a relation database.

To give more clarity to the situation, I am indexing files from a file repository. This repo comes with its own security and roles, … many of them.

I want to index the documents and sync the security as well. This includes adding a custom attribute (user_roles:[“role1”,“role2”…]). This attrbute will help in defining a document level security role so that a user will see a document where (any document.roles = any user_roles).

I dont want to replicate all these roles in OpenSearch because, as far as I understood, they will all be loaded to RAM once OpenSearch starts. Instead, I would have the roles added as a custom attribute to users and then load only a few of them when the user calls OpenSearch.