In our environment, we are using the active directory realm to authenticate users.
This have been reported by several users that previously they could but after they changed their password they could not log in via Kibana with the new password.
The settings in the Elasticsearch.yml are pretty standard
xpack.security.authc.realms.active_directory.mordor.bind_dn: gollum@mordor.com
xpack.security.authc.realms.active_directory.mordor.domain_name: blackland.mordor.com
xpack.security.authc.realms.active_directory.mordor.order: 0
xpack.security.authc.realms.active_directory.mordor.ssl.verification_mode: full
xpack.security.authc.realms.active_directory.mordor.ssl.certificate_authorities: sauron.pem
xpack.security.authc.realms.active_directory.insperity.url: ldaps://Barad-dûr.blackland.mordor.com:636
Version: 7.6.0 for both ElasticSearch and Kibana
Platform: Windows Server 2019 (Don’t ask me why)
Windows implementation (Not using docker)
These are observed
- New Users can login successful.
- User changed password, authentication failed, sometimes it will recover after unspecified period. I don’t know. I use the default for cache.ttl that of 20 minutes, however it did not clear after the lapsed time.
- I don’t see anything interesting in both the kibana and elasticsearch logs.
Questions:
Is this somethings that people experiences?
Are there something I missed in the settings?
What can I do to help the users?
Thanks for any helps and advises!