Hello All,
I am trying to configure the LDAP realm in my elasticsearch using the document mentioned in the elastic site and having some issue. I am getting invalid user name and password message on kibana GUI.
My Ldap settings in elasticsearch.yml files are:
xpack:
security:
authc:
realms:
ldap:
ldap1:
metadata: cn
order: 0
url: "ldap://1.2.3.4:389"
bind_dn: "CN=serviceaccountES,OU=Service,OU=Accounts,DC=ad,DC=ad1,DC=com"
user_search:
base_dn: "OU=Employees,OU=Users,DC=ad,DC=ad1,DC=com"
filter: "(cn={0})"
group_search:
base_dn: "OU=Groups,DC=ad,DC=ad1,DC=com"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
unmapped_groups_as_roles: false
My role_mapping file looks like:
cat /etc/elasticsearch/role_mapping.yml
# Role mapping configuration file which has elasticsearch roles as keys
# that map to one or more user or group distinguished names
#roleA: this is an elasticsearch role
# - groupA-DN this is a group distinguished name
# - groupB-DN
# - user1-DN this is the full user distinguished name
superuser:
- "cn=elasticsearch_admin,ou=groups,dc=ad,dc=ad1,dc=com"
#user:
# - "cn=users,dc=example,dc=com"
# - "cn=admins,dc=example,dc=com"
My elasticsearch.log file gives the following error:
[2021-04-21T20:55:39,695][WARN ][o.e.x.s.a.AuthenticationService] [ELKServer01] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=32 (no such object), errorMessage='0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=ad,DC=ad1,DC=com'
', matchedDN='DC=ad,DC=ad1,DC=com', ldapSDKVersion=4.0.8, revision=28812))
I am not able to find anything related to the error message I am getting. Can someone please help me out on this?
Thank you.