How do I configure Opensearch Dashboards to use a user's browser certificate for authentication and then LDAP for authorization?

I’ve just started using open search and I’m looking at my options for authentication and authorization. I currently have LDAP configured for both which is working.

But I would like to skip the log in screen by grabbing the username from the user’s certificate installed in the browser. And then use that username to retrieve their groups from LDAP, and those groups would be mapped to roles in Opensearch Dashboards.

Is this achievable?

For info, I have a self-managed, RPM-installed instance of Opensearch/Opensearch Dashboards.