Clarification about LDAP Authentication

I currently have a 6.2.3 free trial license system with one Logstash server, an Elasticsearch cluster (one master with 2 nodes) , and a Kibana server. We would like to integrate Kibana with an LDAP server, so that users can log into the Kibana user interface with their LDAP credentials. With the Elastic stack involving several different servers, I'm still a little fuzzy on where the LDAP connection settings need to go.

Judging by what I'm seeing in a couple threads (e.g. Kibana LDAP authentication Realm problem and Not able to login in kibana), it appears that in order to get my desired result, I need to add the LDAP connection settings in the elasticsearch.yml file. Assuming that's correct, I have a few questions.

  1. Since I have an Elasticsearch cluster, do I assume correctly that the LDAP connection settings need to go into the 3 different elasticsearch.yml files (one master and 2 nodes)?

  2. In regards to the Kibana server, do I just need to install X-Pack, or do any X-Pack settings need to go into the kibana.yml file?

  3. Do I assume correctly that Kibana will then need LDAP credentials that it can log into Elasticsearch with, and once it can log into the Elasticsearch, any LDAP user accounts (that meet the specified criteria) will be able to log into the Kibana UI? If this is true...if I instead have a multi-realm setup enabled with both LDAP and native, can Kibana log into Elasticsearch with a native account, but then still allow the LDAP accounts to log into the Kibana UI?

  4. Similiar to 3, does logstash then need credentials (LDAP and/or native) for logging into Elasticsearch?

Elasticsearch can be configured with one or more relams. Which should allow you to authenticate Kibana using the native realm and the users can authenticate with the LDAP realm. All realms are configured in Elasticsearch. More information here: The credentials can be obsucated using a Keystore. More information here:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.