Configuring LDAP Authentication in OpenSearch blog post #2497
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smortex
requested review from
elfisher,
AMoo-Miki,
nknize,
krisfreedain,
peterzhuamazon,
CEHENKLE,
dtaivpp,
kolchfa-aws and
nateynateynate
as code owners
smortex
force-pushed
the
configure-ldap-authentication
branch
4 times, most recently
from
196bb4d to
a708851
Compare
|
I fixed a bunch of style issues, but the remaining ones looks weird… I am not sure about how to handle them.
|
smortex
commented
Dec 14, 2023
| title: Configuring LDAP Authentication in OpenSearch | ||
| authors: | ||
| - smortex | ||
| date: 2023-12-14 14:20:00 -1000 |
There was a problem hiding this comment.
I had to put a date so I put a date, but there is no constraint on that date and we can change it.
smortex
commented
Dec 14, 2023
| All users are members of the *users* group, and administrators are also members of the *admins* group. | ||
| For this simple example, we want all authenticated users to have a read-only access to everything, and administrators to have a read-write access to everything. | ||
|
|
||
| In order to do this, we must map the *users* backend role to the *readall* and *kibana\_users* roles, and the *admins* backend role to the *all_access* role. |
There was a problem hiding this comment.
I really lack a roles and permissions cheat-sheet… I feel like this is correct, but maybe there is more sensible roles to use, in which case I will be happy to learn and adjust the blog post.
|
wow - this looks amazing @smortex - we'll get some eyes on it over here as well |
|
@pajuric - are you able to get someone to help with the tech review on this? |
From time to time, a question about LDAP setup appear on Slack. We setup LDAP some time ago and the process was a bit tedious, but in the process we learned to check step by step the configuration. Add a blog post that drive users into configuring LDAP authc / authz, give pointers about what is going on at each step and show how to check that each step is successful. Signed-off-by: Romain Tartière <romain@blogreen.org>
smortex
force-pushed
the
configure-ldap-authentication
branch
from
a708851 to
d37b9f4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
From time to time, a question about LDAP setup appear on Slack. We setup LDAP some time ago and the process was a bit tedious, but in the process we learned to check step by step the configuration.
Add a blog post that drive users into configuring LDAP authc / authz, give pointers about what is going on at each step and show how to check that each step is successful.