This current Authz
authz:
mycompany_local_ad:
description: "MyCompany AD Authorization Sources"
http_enabled: true
transport_enabled: true
authorization_backend:
# LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
type: "ldap"
config:
# enable ldaps
enable_ssl: false
# enable start tls, enable_ssl should be false
enable_start_tls: false
# send client certificate
enable_ssl_client_auth: false
# verify ldap hostname
verify_hostnames: false
hosts:
- x.x.x.x:389
bind_dn: 'cn=dharmin fadia,cn=Users,dc=dharmin,dc=com'
password: password
#Disable use of custom_attribute_names
custom_attr_maxval_len: 1
userbase: dc=dharmin,dc=com
# Filter to search for users (currently in the whole subtree beneath userbase)
# {0} is substituted with the username
#usersearch: '(uid={0})'
usersearch: "(mail={0})"
username_attribute: "mail"
# Filter to search for roles (currently in the whole subtree beneath rolebase)
# {0} is substituted with the DN of the user
# {1} is substituted with the username
# {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
rolebase: 'OU=Users and Groups,DC=dharmin,DC=com'
rolesearch: "(member={0})"
# Specify the name of the attribute which value should be substituted with {2} above
userroleattribute: null
# Roles as an attribute of the user entry
#userrolename: disabled
userrolename: memberOf
# The attribute in a role entry containing the name of that role, Default is "name".
# Can also be "dn" to use the full DN as rolename.
rolename: "cn"
#rolename: name
# Resolve nested roles transitive (roles which are members of other roles and so on ...)
resolve_nested_roles: true
# Skip users matching a user name, a wildcard or a regex pattern
skip_users:
- kibanaserver
#- "cn=Michael Jackson,ou*people,o=TEST"
#- "/\S*/"
