Is there way to set case insensitive matching for roles returned from AD ? Sometimes we dont have in our hands how AD group was created and its causing logon failure “no roles for the user”.
GET _searchguard/authinfo confirms that user has indeed no sg_roles.
example:
AD:
CN=Elasticsearch_user,…
OUR sg_rolesmapping:
MY_ROLE:
reserved: true
hidden: true
backend_roles:
- ELASTICSEARCH_USER
hosts: []
users: []
and_backend_roles: []