How to authenticate using Active directory & LDAP in ELK

Hi,

Can somebody please help me in getting the right configuration to set authentication using Active directory & LDAP?

I googled a lot but didn't find the right information to set up the same. So, please ELK professional's help me in achieving this. Your help will be really appreciated.

Regards,
Pankaj N

The official documentation is here

What specifically are you having trouble with?

Hi Tim,

Thanks for your reply. I have checked the link you have shared and tried the configuration as per the link but elasticsearch failed to start. Check below configuration and the error i received.

==Configuration==
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldaps://directory.int.mycompany.com:636"
bind_dn: "CN=Users, OU=Service Accounts, DC=int, DC=mycompany, DC=com"
user_search:
base_dn: "DC=int,DC=mycompany"
filter: "(sAMAccountName={0})"
group_search:
base_dn: "DC=int, DC=mycompany"

===ERROR===
StartupException: java.lang.IllegalStateException: security initialization failed

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]

at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]

Caused by: java.lang.IllegalStateException: security initialization failed

at org.elasticsearch.xpack.security.Security.createComponents(Security.java:375) ~[?:?]

at org.elasticsearch.node.Node.lambda$new$9(Node.java:440) ~[elasticsearch-7.1.1.jar:7.1.1]

at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]

at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]

at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]

at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]

at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]

at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]

at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]

at org.elasticsearch.node.Node.(Node.java:443) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.node.Node.(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]

... 6 more

Caused by: java.lang.IllegalArgumentException: settings were not found for either user search [xpack.security.authc.realms.ldap.ldap1.user_search.base_dn] or user template [xpack.security.authc.realms.ldap.ldap1.user_dn_templates] modes of operation. Please provide the settings for the mode you wish to use. For more details refer to the ldap authentication section of the X-Pack guide.

at org.elasticsearch.xpack.security.authc.ldap.LdapRealm.sessionFactory(LdapRealm.java:99) ~[?:?]

at org.elasticsearch.xpack.security.authc.ldap.LdapRealm.(LdapRealm.java:67) ~[?:?]

at org.elasticsearch.xpack.security.authc.InternalRealms.lambda$getFactories$3(InternalRealms.java:109) ~[?:?]

at org.elasticsearch.xpack.security.authc.Realms.initRealms(Realms.java:216) ~[?:?]

at org.elasticsearch.xpack.security.authc.Realms.(Realms.java:71) ~[?:?]

at org.elasticsearch.xpack.security.Security.createComponents(Security.java:422) ~[?:?]

at org.elasticsearch.xpack.security.Security.createComponents(Security.java:373) ~[?:?]

at org.elasticsearch.node.Node.lambda$new$9(Node.java:440) ~[elasticsearch-7.1.1.jar:7.1.1]

at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]

at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]

at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]

at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]

at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]

at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]

at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]

at org.elasticsearch.node.Node.(Node.java:443) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.node.Node.(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]

... 6 more

Please update your post so that code blocks are correctly formatted (use the </> button).

YAML is whitespace sensitive, so unless you format your post as code we cannot tell what your config looks like.

Caused by: java.lang.IllegalArgumentException: settings were not found for either user search [xpack.security.authc.realms.ldap.ldap1.user_search.base_dn] or user template [xpack.security.authc.realms.ldap.ldap1.user_dn_templates] modes of operation. Please provide the settings for the mode you wish to use. For more details refer to the ldap authentication section of the X-Pack guide.

This is the error in your logs. It refers to an ldap1 realm is not in the config that you posted. Please ensure that you are providing the correct logs and configuration files. It is impossible for us to diagnose problems if your config and logs are not in-sync.

Hi Tim,

By mistake i sent the wrong code. I have updated my previous post with the right code (as described by you). Can you please check now and let me know where the issue is?

Regards,
Pankaj

Please don't post unformatted configuration snippets and error logs as it's very hard to read them.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

I am sorry for posting the code in such a way.

FYI, i was able to authenticate using AD. but now i have a new concern which i have raised yesterday, but haven't received any reply from ELK team. Here is the link to my concern
Please look into this and help me.

Regards,
Pankaj N

When you find out a solution to your issues, it's usually nice to edit your posts and let others know so that they will not spend time trying to help you with a non-existent problem. Also by pointing out what was the issue and how you solved it, you help others that might have the same issue in the future.

Please be patient in waiting for responses to your question and refrain from pinging multiple times asking for a response or opening multiple topics for the same question. This is a community forum, it may take time for someone to reply to your question. For more information please refer to the Community Code of Conduct specifically the section "Be patient".

If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.