I have linked opensearch to our active directory domain.
I also mapped some AD groups to the proper roles…
everything works but i noticed that Dashboards exposes too much information to the users…
specifically when a user clicks on “view roles and identities” the user can see every Active Directory group the user name is linked to (as backend roles) even if that group is never used in OpenSearch…
this is information i would like to hide as it shows details the user shouldn’t know.
does anyone know how to do that?
this is the closest thing i found
@anubisg1 I did some testing and found out that narrowing
authz of config.yml will decrease the number of visible groups.
In my case customer has groups in the
rolebase is set to the
Users folder and as result, I can only see groups from that folder.
This is interesting …
this is the config i am testing right now
"bind_dn": "CN=binduser,OU=Bind Users,OU=UsersOU,DC=customer,DC=company,DC=com",
"rolebase": "OU=OpenSearch,OU=User Security Groups - Customer,DC=customer,DC=company,DC=com",
now, i see roles also from
OU=User Security Groups - Customer,DC=customer,DC=company,DC=com
even though i specified a more specific OU
i have also tried to add the following with no success
that should match (and therefore filterout) everything except groups which have “OpenSearch” in them
@anubisg1 I did some testing and I still can see only the groups from the
User is located in
user2group is located in
users2 OU and
user ldapuser6 has both groups assigned.
rolebase is set to
Running the below command returns only the nested group.
curl --insecure -u ldapuser6 -XGET https://localhost:9200/_plugins/_security/authinfo?pretty
- Also OpenSearch Dashboards returns the same.