Users from LDAP groups do not inherit required permissions to create Kibana indexes in OCP 4.4

Solution Verified - Updated -

Issue

When using LDAP to sync our users with Openshift, once the user/groups are synced with Openshift, we grant Cluster-Admin to an ldap group that managed Openshift.
We are seeing the following three issues:

1- Users who are cluster-admins in the LDAP group can not create index in Kibana, the workaround is to give a user direct cluster-admin, only then that given user can create an index.
2- The index created by the cluster-admin is not viewable/accessible to other users. Meaning, each user needs to create their own index before using Kibana, which is not scalable.
3- Final issue, is the combination of the previous two, we can't grant cluster-admin to all users so that they have to create their own. It is not scalable, and more importantly not safe.

Environment

  • Red Hat OpenShift Container Platform 4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content