Case insensitive backend_roles matching

Is there way to set case insensitive matching for roles returned from AD ? Sometimes we dont have in our hands how AD group was created and its causing logon failure “no roles for the user”.

GET _searchguard/authinfo confirms that user has indeed no sg_roles.

example:

AD:
CN=Elasticsearch_user,…

OUR sg_rolesmapping:

MY_ROLE:
  reserved: true
  hidden: true
  backend_roles:
  - ELASTICSEARCH_USER
  hosts: []
  users: []
  and_backend_roles: []

@peter82 Have you tried to use regular expressions in roles_mapping.yml?

MY_ROLE:
  reserved: true
  hidden: true
  backend_roles:
  - '/(?i)ELASTICSEARCH_USER/'
  hosts: []
  users: []
  and_backend_roles: []

Thanks. That solves it!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.