Here's what you need to enable Authentication and Authorization for LDAP.
You need to pay particular attention to the username_attribute setting because it could be needed to mapping with Wazuh RBAC.
Eg. username_attribute: name.surname
After enabling LDAP you will be able to map the LDAP users to internal roles, and Wazuh roles. You can follow this guide.
In step 5.b you can create a custom match rule to map with any of the next fields of the internal user context instead of the user_name as in the guide:
Note that the LDAP user is presented as an internal user too.
A useful rule is to match with internal roles
{Note that in order to make use of the Wazuh RBAC, the user that you have configured in your wazuh.yml (usually in /usr/share/kibana/data/wazuh/config) should have allowed the allow_run_as attribute.
By default, the wazuh.yml is configured with the wazuh-wui user that has allow_run_as as true.
But you can check this from the Wazuh app in Kibana, from the Wazuh app menu / Tools / API Console running this query
Also, you need to enable the run_as setting in your wazuh.yml.
By default, the wazuh.yml comes with this setting disabled.
You can see an example of mapping internal users with Wazuh RBAC here.
Please let me know if this was helpful or if you have any further questions.