Action [cluster:monitor/health] is unauthorized for user

Hi,

I have configured LDAP with my single ELK node running locally. I have a user created on LDAP but that user is facing "unauthorized error" when I try to login to kibana UI or check the cluster health using curl command.

xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack:
  security:
    authc:
      realms:
        ldap1:
          type: ldap
          order: 0
          url: "ldap://172.16.16.63:10389"
          bind_dn: "cn=Nikhil Pillai, ou=people, o=sevenseas"
          user_search:
            base_dn: "ou=people,o=sevenseas"
            filter: "(cn={0})"
          group_search:
            base_dn: "ou=people,o=sevenseas"
          files:
            role_mapping: "role_mapping.yml"
          unmapped_groups_as_roles: false

I have assigned user to superuser role.
GET /_xpack/security/role_mapping/admins?pretty

{
  "admins" : {
    "enabled" : true,
    "roles" : [
      "superuser"
    ],
    "rules" : {
      "field" : {
        "groups" : "cn=Nikhil Pillai,ou=people,o=sevenseas"
      }
    },
    "metadata" : { }
  }
}

Elasticsearch and Kibana version is 6.5.4.

This is not a group, this is the DN of your user. If you want to give the superuser role to your user only, you need to modify the role mapping to

POST /_xpack/security/role_mapping/admins
{
  "roles": [ "superuser" ],
  "enabled": true,
  "rules": {
    "field" : { "dn" : "cn=Nikhil Pillai,ou=people,o=sevenseas" }
  }
}

See our documentation also : Role mapping resources | Elasticsearch Guide [6.5] | Elastic

Thank You. This worked..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.