Wazuh integrated with LDAP
20 views
Skip to first unread message
Facu Basgall
Apr 30, 2026, 10:52:31 AM (3 days ago) Apr 30
to Wazuh | Mailing List
Hi! I have Wazuh integrated with LDAP. I’d like to know whether, for users who aren’t assigned to any AD group with permissions for Wazuh but are still allowed to log in, it’s possible to change the message or screen displayed to the user? This is because the system currently lists all the AD groups to which the user belongs, and we believe this information shouldn’t be visible.
Olamilekan Abdullateef Ajani
Apr 30, 2026, 12:10:13 PM (3 days ago) Apr 30
to Wazuh | Mailing List
Hello,
The dashboard is built on top of the OpenSearch Security plugin, which handles authentication and authorization. When a user logs in via LDAP, the dashboard (via OpenSearch) will authenticate the user, pull their backend roles (AD groups), and use that for authorization. So if they don’t have mapped roles, they can still authenticate, the plugin still completes authentication, retrieves their backend roles from the LDAP authorization section, and then shows an error screen that exposes those groups.
Based on my research, this behavior is hard coded into the OpenSearch Security plugin, there are no configuration options to customize or suppress that message out of the box as they are being polled from a third party.
I will suggest you prevent unauthorized users from logging in to the system so they don't even get to that screen.
Permit me to also make an inquiry internally and get back to you.
Based on my research, this behavior is hard coded into the OpenSearch Security plugin, there are no configuration options to customize or suppress that message out of the box as they are being polled from a third party.
I will suggest you prevent unauthorized users from logging in to the system so they don't even get to that screen.
Permit me to also make an inquiry internally and get back to you.
Reply all
Reply to author
Forward
0 new messages