Role mapping.

In the /etc/elasticsearch/elasticsearch.yml configuration file you can find a section for configuring role mapping:

    # LDAP ROLE MAPPING FILE
    # rolemapping.file.path: /etc/elasticsearch/role-mappings.yml

This variable points to the file /etc/elasticsearch/role-mappings.yml Below is the sample content for this file:

admin:

• "CN=Admins,OU=lab,DC=dev,DC=it,DC=example,DC=com"

bank:

• "CN=security,OU=lab,DC=dev,DC=it,DC=example,DC=com"

The mapping mechanism works in this way: An AD user log in to OP5 Log Analytics. In the application there is a admin role, which through the file role-mapping .yml binds to the name of the admin role to which the Admins container from AD is assigned. It is enough for the user from the AD account to log in to the application with the privileges that are assigned to admin role in the OP5 Log Analytics. At the same time, if it is the first login in the OP5 Log Analytics, an account is created with an entry that informs the application administrator that is was created by logging in with AD.

Similar, the mechanism will work if we have a role with an arbitrary name created in OP5 Logistics and connected to the name of the role-mappings.yml and existing in AD any container.

Below a screenshot of the console on which are marked accounts that were created by uesrs logging in from AD

If you map roles with from several domains, for example dev.examloe1.com, dev.example2.com then in User List we will see which user from which domain with which role logged in OP5 Log Analytics.