Configuring LDAP Authentication in OpenSearch blog post #2497
Conversation
smortex
requested review from
elfisher,
AMoo-Miki,
nknize,
krisfreedain,
peterzhuamazon,
CEHENKLE,
dtaivpp,
kolchfa-aws and
nateynateynate
as code owners
smortex
force-pushed
the
configure-ldap-authentication
branch
4 times, most recently
from
196bb4d to
a708851
Compare
|
I fixed a bunch of style issues, but the remaining ones looks weird… I am not sure about how to handle them.
|
| title: Configuring LDAP Authentication in OpenSearch | ||
| authors: | ||
| - smortex | ||
| date: 2023-12-14 14:20:00 -1000 |
There was a problem hiding this comment.
I had to put a date so I put a date, but there is no constraint on that date and we can change it.
| All users are members of the *users* group, and administrators are also members of the *admins* group. | ||
| For this simple example, we want all authenticated users to have a read-only access to everything, and administrators to have a read-write access to everything. | ||
|
|
||
| In order to do this, we must map the *users* backend role to the *readall* and *kibana\_users* roles, and the *admins* backend role to the *all_access* role. |
There was a problem hiding this comment.
I really lack a roles and permissions cheat-sheet… I feel like this is correct, but maybe there is more sensible roles to use, in which case I will be happy to learn and adjust the blog post.
|
wow - this looks amazing @smortex - we'll get some eyes on it over here as well |
|
@pajuric - are you able to get someone to help with the tech review on this? |
From time to time, a question about LDAP setup appear on Slack. We setup LDAP some time ago and the process was a bit tedious, but in the process we learned to check step by step the configuration. Add a blog post that drive users into configuring LDAP authc / authz, give pointers about what is going on at each step and show how to check that each step is successful. Signed-off-by: Romain Tartière <[email protected]>
smortex
force-pushed
the
configure-ldap-authentication
branch
from
a708851 to
d37b9f4
Compare
pajuric
moved this from In Progress
to Done
in OpenSearch Blog Content Calendar + Tracker
|
Closing due to inactivity. |
github-project-automation
bot
moved this from Published
to Final Editorial Review
in OpenSearch Blog Content Calendar + Tracker
|
Reopening to give author time to transition content to documentation. |
|
@kolchfa-aws can you have a look at this PR and see if you feel it would make sense to move its content to the documentation website (I spoke with @pajuric on slack and we think it would be more appropriate)? If so, can you tell me how to proceed, if not you can close this PR. Thank you! |
pajuric
moved this from Final Editorial Review
to Published
in OpenSearch Blog Content Calendar + Tracker
From time to time, a question about LDAP setup appear on Slack. We setup LDAP some time ago and the process was a bit tedious, but in the process we learned to check step by step the configuration.
Add a blog post that drive users into configuring LDAP authc / authz, give pointers about what is going on at each step and show how to check that each step is successful.