Dears,
ELK 7.7.0
When I trying to login to Kibana through domain account I've got an error "Invalid username or password". No message errors in elasticsearchlog files. Built-in/internal accounts works well.
This is config file of elasticsearch:
cluster.name: elkcluster
node.name: elkcluster01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.10.10.1
http.port: 9200
discovery.seed_hosts: ["10.10.10.1", "10.10.10.2", "10.10.10.3"]
node.master: true
node.voting_only: false
node.data: true
node.ingest: true
discovery.zen.minimum_master_nodes: 2
xpack.monitoring.collection.enabled: true
xpack.monitoring.elasticsearch.collection.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: certs/elkcluster01.key
xpack.security.transport.ssl.certificate: certs/elkcluster01.crt
xpack.security.transport.ssl.certificate_authorities: [ "certs/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/elkcluster01.key
xpack.security.http.ssl.certificate: certs/elkcluster01.crt
xpack.security.http.ssl.certificate_authorities: certs/ca.crt
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
# domain_name: domain.com
url: ldap://10.10.10.53:389
bind_dn: "cn=elastic,dc=domain,dc=com"
# bind_dn: elastic@domain.com
user_search:
base_dn: "dc=domain,dc=com"
filter: "cn=({0})"
group_search:
base_dn: "dc=domain,dc=com"
files:
role_mapping: "role_mapping.yml"
unmapped_groups_as_roles: false
native:
native1:
order: 1
and content of role_mapping.yml
monitoring:
- "cn=elk_admins,dc=domain,dc=com"
user:
- "cn=elk_users,dc=domain,dc=com"
- "cn=elk_admins,dc=domain,dc=com"
Any idea what is wrong?
Regards,
Dan