Problem with assigning a role for domain users

Hello! I can’t figure it out, please help. set up ldap, but don’t understand how to map a user to a role? I need to issue verification to domain users with the administrator role. all others are present to go under the default role of readall.
I need to do this not at the level of domain roles, but for the opensearch server.
im use last version os
need to show some of the yml?

@maxim You need to map the LDAP group assigned to the LDAP user as a backend role in roles_mapping.yml.

Thanks for the answer. This is not entirely true. I don’t want to give admin rights to the entire Active Directory user group. i want to select multiple users by their cn. it is desirable to do it on the side of opensearch

I understand! there is no “users: ” parameter in the default configuration of the roles_mapping.yml file. added, now it’s working, thanks

@maxim There is a users parameter. You can map individual users to the OpenSearch role. Take a look at the example I’ve shared with my last answer.

1 Like