Simone Scarduzio sscarduzio

LDAP connector

In this example, users credentials are validate via LDAP. The groups associated to each validated users are resolved using the same LDAP server.

Simpler: authentication and authorization in one rule

readonlyrest:
    enable: true

	readonlyrest:
	access_control_rules:
	- name: "LDAP users via basic auth"
	ldap_auth:
	name: "ldap1"
	groups: ["ldap_group1"]

	ldaps:
	- name: ldap1
	hosts:

	readonlyrest:
	access_control_rules:
	- name: "analysts group permissions"
	indices: ["logstash-*"]
	groups: ["analysts"]

	users:
	- username: ada
	auth_key: ada:passwd1
	groups: ["analysts"]

	readonlyrest:
	access_control_rules:
	- name: "user1 can see logstash data"
	auth_key: "user1:password"
	indices: ["logstash-*"]

	readonlyrest:
	access_control_rules:
	- name: "No sensitive fields in search"
	fields: ["~credit_card", "~birth_date"]

	readonlyrest:
	access_control_rules:
	- name: "Never return secret documents!"
	filter: '{"bool":
	{"must_not":
	{"match": {"is_secret": true}}
	}}'

	readonlyrest:
	access_control_rules:
	- name: "Allow read catalogue from local"
	indices: ["catalogue-*"]
	filter: '{"bool": {"must_not": {"match": {"secret": true}}}}'

	version: "2.0"
	services:
	elasticsearch:
	image: docker.elastic.co/elasticsearch/elasticsearch:5.6.0
	ports:
	- "9200:9200"
	- "9300:9300"
	environment:
	- discovery.type single-node
	volumes: