Configuring Authentication (Proxy + LDAP groups)

Wondering if there is an example on configuring Proxy Authentication + Extra roles provided via LDAP.

Elasticsearch version: 7.8.0

Currently we have a working cluster using proxy authentication which provides correctly username and role for kibana, but we want to move away from sending the roles from proxy servers.
I have noticed that for any authenticaton domain a authentication_backend.type: ldap can be provided, but have no idea how to configure this section and if there is a need to also add an authz. Is there a full example that I can reference for guidance?

Small snippet of current procy configuration:

      proxy_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          challenge: false
          type: "proxy"
          config:
            user_header: "X-Proxy-User"
            roles_header: "X-Proxy-Roles"
        authentication_backend:
          type: "noop"
          config: {}

Thanks

Hi.
You can get the LDAP authentication configuration example here LDAP Authentication | Security for Elasticsearch | Search Guard. And if you need to retrieve the LDAP roles for the authenticated users, configure the LDAP authorization: LDAP Authorisation | Security for Elasticsearch | Search Guard.

Also, look at the following howto articles:

Thanks, I was able to piece together the authenticatio I needed!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.