Setup permissions for AD user

Security
1

Hi, Im new to OpenDisto tied to setup the AD authorization and assign index permissions to AD users. Got stuck with that issue - local users work perfectly but struggling with the AD users:

Backend roles - created test_role and assigned users Json looks like this:

{
“backend_roles”: [
“test_role”
],
“hosts”: [
“*”
],
“users”: [
“CN=AD_user,OU=users,DC=domain,DC=com”,
“AD_user”,
“local_user”
]
}

Security role:

{
“index_permissions”: [
{
“index_patterns”: [
“logstash*”
],
“dls”: “”,
“fls”: ,
“masked_fields”: ,
“allowed_actions”: [
“read”,
“delete”,
“manage”,
“index”
]
}
],
“tenant_permissions”: ,
“cluster_permissions”: [
“cluster_composite_ops”
]
}

I have configured AD and able to login with AD permissions. But when local_user is able to see logs from logstash but the AD user gets permission error:
[security_exception] no permissions for [indices:data/read/search] and User [name=CN=AD_user…]

2

@Edijs I’m not sure I follow your set up, The roles need to be defined in roles.yml, the internal user defined in internal_users.yml, the AD set up in config.yml. The mapping between the users and roles is done via roles_mapping.yml file see example below:

test_role:
   users:
    - "local_user"
    - "CN=AD_user,OU=users,DC=domain,DC=com"

Are you able to log in via kibana as local user and AD user? If so, can you check if the account gets mapped to the correct role via “view roles and responsibilities” section. The details should be the same for both users in this case. Can you also confirm what version of odfe you are using?