Hello,
I have been stuck on this for a couple of days now. I have tried several options from the forum but I still can't get it to work. Used this documentation https://www.elastic.co/guide/en/elasticsearch/reference/current/active-directory-realm.html
Below is my active directory realm config for Elasticsearch. Service account used as bind_dn is already been used by another application to authenticate ldap successfully. Confirmed from security team, there is no firewall block from Elasticsearch server to ldap servers.
Thanks in advance for your help.
xpack:
security:
authc:
realms:
active_directory:
my_ad:
order: 0
domain_name: domain.net
url: ldaps://ldapserver1@domain.net:389, ldaps://ldapserver2@domain.net:389, ldaps://ldapserver3@domain.net:389, ldaps://ldapserver4@domain.net:389
bind_dn: serviceaccount@domain.net
load_balance:
type: "round_robin"
These are the errors I have been getting.
2020-12-21T12:37:57,760][INFO ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2020-12-21T12:38:11,631][WARN ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldapserver@domain.net:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ldapserver@domain.net:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))
[2020-12-21T12:38:11,986][WARN ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldapserver@domain.net:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ldapserver@domain.net:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))
[2020-12-21T12:38:16,638][WARN ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldapserver@domain.net:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ldapserver@domain.net:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))
[2020-12-21T12:38:18,457][WARN ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldapserver@domain.net:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ldapserver@domain.net:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))
[2020-12-21T12:38:29,003][WARN ][o.e.x.s.a.AuthenticationService] [elasticserver@domain.net] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldapserver@domain.net:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ldapserver@domain.net:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))