/
config.yml
72 lines (71 loc) · 2.14 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
internal_auth:
order: 0
description: "HTTP basic authentication using the internal user database"
http_enabled: true
transport_enabled: true
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
ldap_auth:
order: 1
description: "Authenticate using LDAP"
http_enabled: true
transport_enabled: true
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: ldap
config:
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
pemtrustedcas_filepath: /usr/share/opensearch/config/root-ca.pem
hosts:
- 192.168.10.123:6360
bind_dn: uid=bind,ou=people,dc=example,dc=org
password: "p@55w0rd"
userbase: ou=people,dc=example,dc=org
usersearch: (uid={0})
username_attribute: uid
authz:
ldap_roles:
description: "Authorize using LDAP"
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
pemtrustedcas_filepath: /usr/share/opensearch/config/root-ca.pem
hosts:
- 192.168.10.123:6360
bind_dn: uid=bind,ou=people,dc=example,dc=org
password: "p@55w0rd"
userbase: ou=people,dc=example,dc=org
usersearch: (uid={0})
username_attribute: uid
rolebase: ou=groups,dc=example,dc=org
rolesearch: (member={0})
userroleattribute: null
userrolename: disabled
rolename: cn
resolve_nested_roles: false
skip_users:
- admin
- kibanaserver