Hi. I'm curious that I can use x-pack ldap authentication without SSL or not.
Thank you in advance for reply.
LDAP authentication does not require SSL.
Does it mean I can use ldap://ldap_url:389 instead of ldaps://ldap_url:636?
Thanks for the fast reply.
That is correct. We support both ldap and ldaps.
Thanks for verification.
But I've got another question.
I've tried to integrate es to my local open ldap server which is running on docker.
Could you tell me which point I'm doing wrong below?
[elasticsearch.yml]
xpack:
security:
authc:
realms:
ldap_realm:
type: ldap
order: 0
url: "ldap://localhost:389"
bind_dn: "cn=admin,dc=example,dc=org"
bind_password: admin
user_search:
base_dn: "dc=example,dc=org"
attribute: cn
group_search:
base_dn: "dc=example,dc=org"
files:
role_mapping: "role_mapping.yml"
unmapped_groups_as_roles: false
[es log]
I got below message when I run es.
[2017-06-30T16:07:05,403][INFO ][o.e.x.s.a.l.LdapUserSearchSessionFactory] [Do8HS8c] Realm [ldap_realm] is in user-search mode - base_dn=[dc=example,dc=org], attribute=[cn]
[trial for verification]
curl -u cn=admin,dc=example,dc=org:admin localhost:9200/a/b/_search
[error msg]
I got this error message.
unable to authenticate user [cn=admin,dc=example,dc=org] for REST request [/a/b/_search]
Moreover, the request was successful with default "elastic" account.
curl -u elastic:changeme localhost:9200/a/b/_search
I succeeded login with below script.
In a nutshell, I could use just id of ldap rather than using "full ldap name".
curl -u admin:admin2 localhost:9200/a/b/_search
Thx.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.