I have a requirement to be able to grant access to a user defined role where that access is defined as an individual user from within an existing LDAP backend role.
So, to give an example:
I have a test role and that is mapped to a backend role called my_LDAP_Group1. Users user1, user2 and user3 are members of that LDAP group.
I want to be able to allow only user1 from within that LDAP group access to the test role.
I am not able to create a second LDAP group with only that user as a member.
I have tried to add the username of user1 as a mapped user, but that does not appear to work, in that the role is not assigned to that user. I saw this line from the console “You can create an internal user in internal user database of the security plugin. An internal user can have its own backend role and host for an external authentication and authorization. External users from your identity provider are also supported.” I thought the last sentence would be applicable to my use case and thought that was what I had implemented.
Can anyone suggest an approach I can take to achieve this configuration?