Elasticsearch - added LDAP authentication, error "Invalid username or password"

Dears,

ELK 7.7.0

When I trying to login to Kibana through domain account I've got an error "Invalid username or password". No message errors in elasticsearchlog files. Built-in/internal accounts works well.

This is config file of elasticsearch:

cluster.name: elkcluster
node.name: elkcluster01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.10.10.1
http.port: 9200
discovery.seed_hosts: ["10.10.10.1", "10.10.10.2", "10.10.10.3"]
node.master: true
node.voting_only: false
node.data: true
node.ingest: true
discovery.zen.minimum_master_nodes: 2

xpack.monitoring.collection.enabled: true
xpack.monitoring.elasticsearch.collection.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: certs/elkcluster01.key
xpack.security.transport.ssl.certificate: certs/elkcluster01.crt
xpack.security.transport.ssl.certificate_authorities: [ "certs/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/elkcluster01.key
xpack.security.http.ssl.certificate: certs/elkcluster01.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt

xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            # domain_name: domain.com
            url: ldap://10.10.10.53:389
            bind_dn: "cn=elastic,dc=domain,dc=com"
            # bind_dn: elastic@domain.com
            user_search:
              base_dn: "dc=domain,dc=com"
              filter: "cn=({0})"
            group_search:
              base_dn: "dc=domain,dc=com"
            files:
              role_mapping: "role_mapping.yml"
            unmapped_groups_as_roles: false
        native:
          native1:
            order: 1

and content of role_mapping.yml

monitoring:
  - "cn=elk_admins,dc=domain,dc=com"
user:
  - "cn=elk_users,dc=domain,dc=com"
  - "cn=elk_admins,dc=domain,dc=com"

Any idea what is wrong?

Regards,
Dan

Hello,

Problem solved. This is my config for AD:

--- elasticsearch.yml
xpack:
  security:
    authc:
      realms:
        active_directory:
          my_ad:
            order: 0
            domain_name: domain.com
            url: ldap://domain.com:389
            bind_dn: elastic@domain.com
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
        native:
          native1:
            order: 1

bind_dn: elastic@domain.com - this is the user that all Active Directory search requests are executed as.

--- role_mapping.yml
superuser:
  - "CN=ELK_ADMINS,OU=GROUPS,DC=domain,DC=com"
apps_monitoring:
  - "CN=ELK_USERS,OU=GROUPS,DC=domain,DC=com"

Regards,
Dan

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.