kibana.conf

# Below is a small example of a /etc/httpd/conf.d/kibana.conf file.
# This is one way to help provide security on various Kibana websites. Within the Kibana dashboard, 
# you can disable the ability to edit the page and then set it only to allow a specific index that 
# the particular group will need access to (i.e kibana-unix only has access to the ES unix index).

<Directory /var/www/html/kibana>
 SSLRequireSSL
</Directory>

ProxyRequests off
ProxyPass /elasticsearch/ http://192.168.1.10:9200/

<Location /elasticsearch/>
 ProxyPassReverse /
 SSLRequireSSL
</Location>

<AuthnProviderAlias ldap ldap-domain>
 AuthLDAPURL "ldap://server.domain.com:3268/DC=XXX,DC=YYY,DC=com?sAMAccountName??(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
 AuthLDAPBindDN "cn=Bind_Name,cn=Users,dc=XX,dc=YYY,dc=com"
 AuthLDAPBindPassword ThisIsthePassword
</AuthnProviderAlias>

<Location /kibana-helpdesk>
  AuthType            Basic
  AuthName            "USE WINDOWS PASSWORD"
  AuthBasicProvider   ldap-domain
  AuthLDAPRemoteUserAttribute sAMAccountName
  AuthLDAPBindDN "cn=Bind_Name,cn=Users,dc=XX,dc=YYY,dc=com"
  AuthLDAPBindPassword ThisIsthePassword

  AuthLDAPURL "ldap://domain:3268/DC=XX,DC=YYY,DC=com?sAMAccountName"
  Require ldap-group CN=Help Desk,OU=Groups,DC=XX,DC=YYY,DC=com
  Require ldap-group CN=Security Team,OU=Groups,DC=XX,DC=YYY,DC=com

<IfVersion <= 2.2>
  AuthzLDAPAuthoritative On
</IfVersion>

order allow,deny
allow from all

</Location>

<Location /kibana-unix>
  AuthType            Basic
  AuthName            "USE WINDOWS PASSWORD"
  AuthBasicProvider   ldap-domain
  AuthLDAPRemoteUserAttribute sAMAccountName
  AuthLDAPBindDN "cn=Bind_Name,cn=Users,dc=XX,dc=YYY,dc=com"
  AuthLDAPBindPassword ThisIsthePassword

  AuthLDAPURL "ldap://domain:3268/DC=XX,DC=YYY,DC=com?sAMAccountName"
  Require ldap-group CN=UNIX Admins,OU=Groups,DC=XX,DC=YYY,DC=com
  Require ldap-group CN=Security Team,OU=Groups,DC=XX,DC=YYY,DC=com

<IfVersion <= 2.2>
  AuthzLDAPAuthoritative On
</IfVersion>

order allow,deny
allow from all