Hi guys , lately i’ve added OD security plugin to ELK 7.4.0 and i configured the ldap and it works fine but my problem is the backend roles of the ldap users !! it affects nothing to everyone and roles is own_index
how can i cahnge the roles and is thier a way to use created backend roles not the one gathered from ldap server.
thanks in advance.
@HeiDri The roles are gathered from ldap groups, these are then mapped to roles in odfe. So for example I have a user in ldap with group called “employees”, in role_mappings.yml file I map that backend role to all_access (same as admin).
config.yml is as follows:
description: "Authenticate via LDAP or Active Directory"
description: "Authorize via LDAP or Active Directory"
Hope this helps
Thank You for your solution to map LDAP user to ODFE roles using their group.
However how would You proceed if You want to map these LDAP group on a custom role other than ‘all_access’
I did this but I do not get LDAP user from the group (let sais ‘employess’) to connect
Here is the code, and I wonder what am I missing here
description: "Maps admin to all_access"
# Custom role defined to capture 'employess' LDAP group user and map them on permissions roles
Thank for any help
@Kamikague have you created a role called all_employess_access in roles.yml file or using UI?
The reason it works with all_access is because there is a built in role defined with that name.
I assume you are using config file instead of UI, in which case you should create a role in roles.yml file and give it the necessary privileges. Don’t forget to upload the new config to security index.
I did just that and it is working now. I created a role named all_employess_access in roles.yml and another one, named all_employess_access for the mapping in the file roles_mapping.yml and then I uploaded the configuration again using securityadmin.sh Thank You for the support.