JVM version and operating system version: JRE 1.8.0_161, Debian Jessie
I connected SearchGuard to our ActiveDirectory via LDAP. I defined the OU that contains my users as userbase and everything is working. (userbase: ‘OU=Admins,OU=Users,DC=domain,DC=local’)
Now a user which is in another OU (‘OU=Janitors,OU=Users,DC=domain,DC=local’) needs access to Elasticsearch.
JVM version and operating system version: JRE 1.8.0_161, Debian Jessie
I connected SearchGuard to our ActiveDirectory via LDAP. I defined the OU that contains my users as userbase and everything is working. (userbase: ‘OU=Admins,OU=Users,DC=domain,DC=local’)
Now a user which is in another OU (‘OU=Janitors,OU=Users,DC=domain,DC=local’) needs access to Elasticsearch.
Sorry, I did not realize at first that you are using 5.6.14. With 5.x, it is not possible to define more than one userbase for a single LDAP authentication domain. The only way to implement this in 5.x is to define two LDAP authentication domains with two different user bases. The multi-base feature is only available in SG 24.1 for 6.x.
···
On Wednesday, February 27, 2019 at 9:33:56 AM UTC-8, Jochen Kressin wrote:
Yes, this is possible, please have a look at the second config example from the docs:
JVM version and operating system version: JRE 1.8.0_161, Debian Jessie
I connected SearchGuard to our ActiveDirectory via LDAP. I defined the OU that contains my users as userbase and everything is working. (userbase: ‘OU=Admins,OU=Users,DC=domain,DC=local’)
Now a user which is in another OU (‘OU=Janitors,OU=Users,DC=domain,DC=local’) needs access to Elasticsearch.