Currently I’m using roles from LDAP config option and in general it’s great.
But I’m constantly annoyed by internal users causing errors with stack traces in our logs on each failed attempt to get roles for them from LDAP.
Maybe I’m missing an option to NOT extract roles from LDAP for internal users backend?
Thanks in advance!
1 Like
birgit
2
Check out https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/ldap/#advanced-exclude-certain-users-from-role-lookup
You can use the skip_users attribute in your Open Distro LDAP configuration to exclude a list of users from LDAP role lookup.
Thanks! I also stumbled upon it while messing with the source code recently )