here is the log when user attempt to login: Feb 26 11:55:21 logdev kibana[1784685]: [2023-02-26T11:55:21.243+03:30][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
I add below config in elasticsearch.yml and restart elastic service but ldap users still can't login.
What I would do is make sure the Elasticsearch configuration working first.
What I mean setup the elasticsearch portion of the LDAP
Start Elasticsearch and make sure there are no errors in the logs
Then use a tool like Postman POST / GET and API request into Elasticsearch using the API like a simple search.
If it fails look closely at the error and continue to fix the configuration.
When I experimented in the past I often found the filters etc were the issue If I recall
example looking at your vs my old sample the user filter was
so you should not be using SAML in Kibana In fact you may have had Kibana correct before you changed it
Basic authentication
To successfully log in to Kibana, basic authentication requires a username and password. Basic authentication is enabled by default, and is based on the Native, LDAP, or Active Directory security realm that is provided by Elasticsearch. The basic authentication provider uses a Kibana provided login form, and supports authentication using the Authorization request header Basic scheme.
AND another important thing, please post the logs from Elasticsearch there is good data ... like I am testing and I got this...
[2023-02-27T10:23:41,220][WARN ][o.e.x.s.a.RealmsAuthenticator] [hyperion] Authentication failed using realms [reserved/reserved,file/default_file,native/default_native]. Realms [ldap/ldap1] were skipped because they are not permitted on the current license
Because I am running a basic license ... LDAP / SAML requires a license...do you have one if not you can turn on a trial license!
And then I forgot to add the bind dn password in the key store
[2023-02-27T10:28:08,600][WARN ][o.e.x.s.a.RealmsAuthenticator] [hyperion] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=89 (parameter error), diagnosticMessage='Simple bind operations are not allowed to contain a bind DN without a password.', ldapSDKVersion=6.0.3, revision=405ee52a554f9867e81d4598a5b2f97beabeb29a))
So I had to run this per the docs
The password for the bind_dn user should be configured by adding the appropriate secure_bind_password setting to the Elasticsearch keystore. For example, the following command adds the password for the example realm above:
If you added role mapping through Kibana Dev Tools you should take that out.
I did above, but without knowing your groups there is no way I can provide a sample
There are many samples here
I would make a very simple role mapping first.
What I would suggest you should try is to just curl and authenticate against elasticsearch and look at the error message that comes back from the curl and in the elastcsearch logs and post them
@stephenb Should consider group? I only need to set OU, that in my case is “users”.
I’ll send you curl result.
Here what show in log:
Feb 26 11:55:21 logdev kibana[1784685]: [2023-02-26T11:55:21.243+03:30][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
The curl command looks proper so you got that right.
But it simply not authenticating which means the user and password are not found or incorrect etc.
I do not have a magic way to debug this.
I think the next step is You need to look at the elastic logs at the same time that you run this command.
Probably put the logging level as debug and then run this command and it should provide more information.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.