Search Guard 6.x-25
On the Elasticsearch cluster I work with we have hundreds of people using Kibana. The only viable way to manage authentication is to hook Search Guard up to our organisation’s LDAP service. But that means everyone in the organisation can log in to Kibana. Most of them can’t see anything once they do because they’re not in any roles, but there are tens of thousands of people who can log in to Kibana when there is no reason for them to be able to do so.
Is there a way to limit the users that Kibana will allow to log in to a defined list? The closest thing I can find is
searchguard.basicauth.forbidden_usernames which is the exact opposite of what I’m looking for. (It is not in any way realistic for us to populate
searchguard.basicauth.forbidden_usernames with a list of everyone who should not be able to log in.)