LDAP auth query with Filters

Security
,
1

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch v2.3.0

Describe the issue:
LDAP is configured to match a user when logins.
primary-userbase:
base: ‘OU=my-users-groups,OU=my-ou,DC=my-dc,DC=net’
search: ‘(sAMAccountName={0})’
Is it possible to apply filters to match user and also the memberof he belongs to
eg:
primary-userbase:
base: ‘OU=KC_Users_Groups,OU=KC_Admins,DC=danskenet,DC=net’
search: ‘(&(objectClass=user)(sAMAccountName={0})(memberOf=CN=my-role-group,OU=my-group,OU=admin,DC=my-dc,DC=net))’

Configuration:
config like
primary-userbase:
base: ‘OU=KC_Users_Groups,OU=KC_Admins,DC=danskenet,DC=net’
search: ‘(&(objectClass=user)(sAMAccountName={0})(memberOf=CN=my-role-group,OU=my-group,OU=admin,DC=my-dc,DC=net))’

Relevant Logs or Screenshots:

2

i modified the config file like this but dont think it is working. I checked that config file is moved from docker-compose volume to opensearch-security/security-config folder inside container.

authc
users:
              primary-userbase:
                base: 'OU=users,OU=admins,DC=domain,DC=net'
                search: '(&(objectClass=user)(sAMAccountName={2})(memberOf=CN=fP-admin,OU=Cloud Groups,OU=Admin,DC=domain,DC=net))
...
...
authz
roles:
            userroleattribute: sAMAccountName
            userrolename: disabled
            rolename: cn
            rolesearch: '(&(objectClass=user)(sAMAccountName={2})(memberOf=CN=fP-admin,OU=Cloud Groups,OU=Admin,DC=domain,DC=net))
            resolve_nested_roles: true
            users:

however I could not view the config file inside the container. It gives me permission denied error. not even cat config.yml to confirm that changes are appearing.
Other thing is that do we need to run security-admin.sh script?

3

@guhan Have you got this issue resolved?