Hello, I am using following config to connect to Active Directory but I am getting refferal error. Any ideas what is wrong with my configuration?
I am getting following error:
Authentication to realm active_directory failed - authenticate failed (Caused by LDAPException(resultCode=10 (referral), errorMessage='0000202B: RefErr: DSID-0310082F, data 0, 1 access points
ref 1: 'example.com'
', referralURLs={'ldap://example.com/DC=example,DC=com'}))
The configuration that I am using is following::
xpack:
security:
authc:
realms:
active_directory:
type: active_directory
order: 0
domain_name: example.com
url: "ldap://1.2.3.4:389"
files:
role_mapping: "/usr/share/elasticsearch/config/role_mapping.yml"
unmapped_groups_as_roles: true
follow_referrals: false
when I try with real username and password I am getting following error:
Authentication to realm active_directory failed - authenticate failed (Caused by LDAPException(resultCode=10 (referral), errorMessage='0000202B: RefErr: DSID-0310082F, data 0, 1 access points
ref 1: 'example.com'
', referralURLs={'ldap://example.com/DC=example,DC=com'}))
I tried also with false password than I am getting following error:
Authentication to realm active_directory failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580'))
Using ldapsearch is not a problem with the right username/password:
ldapsearch -x -h 10.230.250.14 -p 389 -D "john@example.com" -w 'johnspassword' -b "CN=john,OU=EXAMPLE-TS IDs,OU=EXAMPLEResourceIDs,DC=examplegrp,DC=corp,DC=pri" cn mail sn userPrincipalName sAMAccountName
# extended LDIF
#
# LDAPv3
# base <CN=john,OU=EXAMPLE-TS IDs,OU=EXAMPLEResourceIDs,DC=examplegrp,DC=corp,DC=pri> with scope subtree
# filter: (objectclass=*)
# requesting: cn mail sn userPrincipalName sAMAccountName
#
# john, EXAMPLE-TS IDs, EXAMPLEResourceIDs, examplegrp.corp.pri
dn: CN=john,OU=EXAMPLE-TS IDs,OU=EXAMPLEResourceIDs,DC=examplegrp,DC=corp,DC=pri
cn: john
sAMAccountName: john
userPrincipalName: john@example.com
mail: john@example.com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
I tried also with
follow_referals: true
the same error appears