I’ve setup OD 1.1.1 with LDAP security using our AD server as our backend. It appears that all users listed in LDAP can at least login to the kibana interface despite not having any groups that have role mappings in elasticsearch. Is there any way to block these users from logging in? I only want users that have the kibanauser role or similar to be able to log in.
Have you found a solution for this issue?
The LDAP configuration in config.yml has a userbase field that defines the user search subtree used to query users.
If you created Kibana/ODFE OU and define that in the userbase, no other users will authenticate.