How to change default tenant based on LDAP

mchakradeo · April 5, 2019, 3:20pm

Is there any way to set default tenant based on users’ LDAP roles?

Versions and Config:
Searchguard version: 6.6.1-18.1
Elastic Version: 6.6.1
OS version: CentOS Version 7
Elastic master nodes: 5 (statefulset)
Elastic data nodes: 4 (statefulset)

jkressin · April 7, 2019, 6:21pm

At the moment this is not possible unfortunately. But based on your role mapping from LDAP to SG roles you may be able to simulate this by setting a list of preferred tenants in kibana.yml:

Let’s say your user has access to multiple tenants, based on the Search Guard roles. The user has access to tenants “tenant2” and “tenant3”, and you want to make “tenant3” the default. You can then specify the list of preferred tenants like:

searchguard.multitenancy.tenants.preferred: [tenant3", "tenant1","tenant2", ...]

This works as long as you do not have another role that overlaps with the tenant order of the first user.

mchakradeo · April 8, 2019, 2:16pm

Thank you! That helped.

Topic		Replies	Views
Ldap backend roles Search Guard	4	700	July 6, 2020
Ldap Security Roles Search Guard	6	408	March 11, 2021
Is there a API request to get the tenant list of a particular user? Search Guard	1	372	March 4, 2019
create role to give access of some indices to some user. not based on index name. Search Guard	1	445	February 18, 2019
Unable to map ldap users to search guard roles. Search Guard	0	338	February 16, 2018

How to change default tenant based on LDAP

Related Topics