searchguard: multitenancy: tenants: enable_global: true enable_private: true prefered: ["Private", "Global" ] dynamic: kibana: multitenancy_enabled: true server_username: 'kibanaserver' kibana.index: '.kibana' do_not_fail_on_forbidden: true http: anonymous_auth_enabled: false xff: enabled: true internalProxies: '.*' # trust all internal proxies, regex pattern remoteIpHeader: 'x-forwarded-for' proxiesHeader: 'x-forwarded-by' trustedProxies: '.*' # trust all external proxies, regex pattern authc: proxy_auth_domain: enabled: true order: 2 http_authenticator: type: proxy challenge: false config: user_header: "es-security-runas-user" authentication_backend: type: noop clientcert_auth_domain: enabled: true order: 3 http_authenticator: type: clientcert config: username_attribute: dn #optional, if omitted DN becomes username challenge: false authentication_backend: type: noop authz: roles_from_myldap: enabled: true authorization_backend: type: ldap # NOT FREE FOR COMMERCIAL USE config: enable_ssl: true enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: false hosts: - ed-pprd.middleware.vt.edu bind_dn: uusid=logstore,ou=services,dc=vt,dc=edu password: <> userbase: 'ou=people,dc=vt,dc=edu' usersearch: '(uupid={0})' skip_users: - kibanaserver - 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT*' userrolename: groupMembership rolesearch_enabled: false rolename: dn resolve_nested_roles: false