LDAP autification but local (http) authorization

[google translate]
Authorization and Authentication via LDAP works as expected, but I want to use internal authorization. That is, in config.yml I only have internal_auth and ldap_auth without authz. Is it possible to do this? or authorizing ldap users only through ldap.

meaning in the picture

Hi @rodigl

Yes, you can do it simply by not enabling any authz in config.yml,
However you would then need to map the roles to users via username, not backend role, as no backend roles will be provided from ldap.

So in the screenshot you provided, use the usernames in the ‘Users’ section

Hope this helps

ok great. really works, thanks. I have a user group in AD called ESadmins. Can I add a group instead of just one user?

@rodigl You can change the username_attribute in config.yml: to “memberOf”.
This will give all your users same username in kibana, but will allow you to assign roles to just this one “user”. If that is what you are trying to achieve.

Yes. Everything is working. Not much wrong, but it can be customized. Thank you so much.