From a426cb284492282527adab8174f6a9e5e280ef6a Mon Sep 17 00:00:00 2001
From: AntonEliatra <anton.rubin@eliatra.com>
Date: Thu, 11 Jul 2024 00:03:03 +0100
Subject: [PATCH] adding basic_auth config to ldap #907 (#7671)

* adding basic_auth config to ldap #907

Signed-off-by: AntonEliatra <anton.rubin@eliatra.com>

* Update ldap.md

Signed-off-by: AntonEliatra <anton.rubin@eliatra.com>

* Apply suggestions from code review

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: AntonEliatra <anton.rubin@eliatra.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Sander van de Geijn <sandervandegeijn@icloud.com>
---
 _security/authentication-backends/ldap.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/_security/authentication-backends/ldap.md b/_security/authentication-backends/ldap.md
index 49b01e332b..9f98f7f5b0 100755
--- a/_security/authentication-backends/ldap.md
+++ b/_security/authentication-backends/ldap.md
@@ -61,8 +61,21 @@ We provide a fully functional example that can help you understand how to use an
 
 To enable LDAP authentication and authorization, add the following lines to `config/opensearch-security/config.yml`:
 
+The internal user database authentication should also be enabled because OpenSearch Dashboards connects to OpenSearch using the `kibanaserver` internal user.
+{: .note}
+
 ```yml
 authc:
+  internal_auth:
+    order: 0
+    description: "HTTP basic authentication using the internal user database"
+    http_enabled: true
+    transport_enabled: true
+    http_authenticator:
+      type: basic
+      challenge: false
+    authentication_backend:
+      type: internal
   ldap:
     http_enabled: true
     transport_enabled: true