Elasticsearch shield relam problem

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers useradd
es_admin -r admin Step 4: Try it out - secured curl -XGET
'http://localhost:9200/' Step 5: And with a user curl -u es_admin
-XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get cluster
health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/122a5401-a07b-4007-a664-f06e7834d83c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl -XGET '
http://localhost:9200/' Step 5: And with a user curl -u es_admin
-XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get cluster
health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70210d29-2e7a-49a0-833c-dad4f0542a9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file located
at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is not 

validating even though we added the path. please suggest me if i am doing
wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl -XGET '
http://localhost:9200/' Step 5: And with a user curl -u es_admin
-XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get cluster
health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3b3c3d9e-8dcc-4e3a-97d9-9a34d7c654f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an entry
for the admin user. Once you have confirmed that, then try to authenticate.

The issue with steps you have taken is that your elasticsearch instance is
looking for configuration in /etc/elasticsearch and the configuration for
Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4, phani.n...@goktree.com
wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file located
at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is not 

validating even though we added the path. please suggest me if i am doing
wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl -XGET '
http://localhost:9200/' Step 5: And with a user curl -u es_admin
-XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/85c55b2c-205d-4c5d-8a44-3b6ae282043d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with elastic search can you suggest me steps how can we
integrate ldap to elasticsearch.

Thanks
phani.

On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an entry
for the admin user. Once you have confirmed that, then try to authenticate.

The issue with steps you have taken is that your elasticsearch instance is
looking for configuration in /etc/elasticsearch and the configuration for
Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4, phani.n...@goktree.com
wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file located
at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is not 

validating even though we added the path. please suggest me if i am doing
wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl -XGET
'http://localhost:9200/' Step 5: And with a user curl -u es_admin
-XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7c40552b-f6b1-43bb-8704-b3ed08768016%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

What type of LDAP server are you integrating with? We have some
documentation for LDAP
setup, http://www.elastic.co/guide/en/shield/current/ldap.html.

If you are using Active Directory, there is a specific realm for it that
abstracts some of the LDAP setup to make it
simpler: http://www.elastic.co/guide/en/shield/current/active_directory.html

On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
wrote:

Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with elastic search can you suggest me steps how can we
integrate ldap to elasticsearch.

Thanks
phani.

On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an entry
for the admin user. Once you have confirmed that, then try to authenticate.

The issue with steps you have taken is that your elasticsearch instance
is looking for configuration in /etc/elasticsearch and the configuration
for Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4, phani.n...@goktree.com
wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file
located at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is 

not validating even though we added the path. please suggest me if i am
doing wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl
-XGET 'http://localhost:9200/' Step 5: And with a user curl -u
es_admin -XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/83bc4a70-fa18-444f-8c2a-efe31a3ce45f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi Jay,

sorry for late reply . I am using openldap server .i followed the
configurations given by es people i did like in example but i am not able
to login with ldap credentials.is ldap in elastic search is mount ldap or
it will import users in to the file?
i have tried following link

    http://www.elastic.co/guide/en/shield/current/ldap.html . but i 

didn't get proper result i have the following configurations to my LDAP
server.please find the following.

Principal : cn=Manager,dc=test,dc=org
Base DN : ou=People,dc=test,dc=org

filter : uid=%s
 
        the above are my ldap configuration details please suggest me 

how can we achieve with above credentials my using above link
(http://www.elastic.co/guide/en/shield/current/ldap.html )

Thanks,
phani

On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:

What type of LDAP server are you integrating with? We have some
documentation for LDAP setup,
http://www.elastic.co/guide/en/shield/current/ldap.html.

If you are using Active Directory, there is a specific realm for it that
abstracts some of the LDAP setup to make it simpler:
http://www.elastic.co/guide/en/shield/current/active_directory.html

On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
wrote:

Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with elastic search can you suggest me steps how can we
integrate ldap to elasticsearch.

Thanks
phani.

On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an entry
for the admin user. Once you have confirmed that, then try to authenticate.

The issue with steps you have taken is that your elasticsearch instance
is looking for configuration in /etc/elasticsearch and the configuration
for Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4, phani.n...@goktree.com
wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file
located at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is 

not validating even though we added the path. please suggest me if i am
doing wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl
-XGET 'http://localhost:9200/' Step 5: And with a user curl -u
es_admin -XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f2293336-0358-4732-b3ba-18c4562e5cd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Since you are using uid, your setup would look something like this

shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389"
user_dn_templates:
- "uid={0}, ou=People,dc=test,dc=org"

This assumes all users are directly in the People OU. If that is not the
case, you'll have to update the template or add additional templates. Can
you tell me a little more about how the groups are setup in your ldap? What
is their objectClass and do they have the member, unqiueMember, or
memberUid attribute? You will probably need to configure the group search
and that additional information will be necessary to ensure it works.

Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in
the logging.yml file

On Monday, March 23, 2015 at 2:43:29 AM UTC-4, phani.n...@goktree.com wrote:

Hi Jay,

sorry for late reply . I am using openldap server .i followed the
configurations given by es people i did like in example but i am not able
to login with ldap credentials.is ldap in elastic search is mount ldap or
it will import users in to the file?
i have tried following link

    http://www.elastic.co/guide/en/shield/current/ldap.html . but i 

didn't get proper result i have the following configurations to my LDAP
server.please find the following.

Principal : cn=Manager,dc=test,dc=org
Base DN : ou=People,dc=test,dc=org

filter : uid=%s
 
        the above are my ldap configuration details please suggest me 

how can we achieve with above credentials my using above link (
http://www.elastic.co/guide/en/shield/current/ldap.html )

Thanks,
phani

On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:

What type of LDAP server are you integrating with? We have some
documentation for LDAP setup,
http://www.elastic.co/guide/en/shield/current/ldap.html.

If you are using Active Directory, there is a specific realm for it that
abstracts some of the LDAP setup to make it simpler:
http://www.elastic.co/guide/en/shield/current/active_directory.html

On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
wrote:

Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with elastic search can you suggest me steps how can we
integrate ldap to elasticsearch.

Thanks
phani.

On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an
entry for the admin user. Once you have confirmed that, then try to
authenticate.

The issue with steps you have taken is that your elasticsearch instance
is looking for configuration in /etc/elasticsearch and the configuration
for Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4,
phani.n...@goktree.com wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file
located at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is 

not validating even though we added the path. please suggest me if i am
doing wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see
http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl
-XGET 'http://localhost:9200/' Step 5: And with a user curl -u
es_admin -XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a890672c-0cfb-4394-b996-4841a566ff71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Phani,

We just released Shield 1.1 and 1.2
(https://www.elastic.co/blog/shield-1-1-and-1-2-released). LDAP user search
is included and may be worth trying out. If you were to use it, I think
your configuration would look something like:

shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389"
bind_dn: "cn=Manager,dc=test,dc=org"
bind_password: changeme
user_search:
base_dn: "ou=People,dc=test,dc=org"
group_search:
base_dn: "dc=test,dc=org"

This assumes the "cn=Manager,dc=test,dc=org" is a user with search
credentials on the ldap. The earlier questions I had about groups would
still apply

On Monday, March 23, 2015 at 6:08:48 PM UTC-4, Jay Modi wrote:

Since you are using uid, your setup would look something like this

shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389"
user_dn_templates:
- "uid={0}, ou=People,dc=test,dc=org"

This assumes all users are directly in the People OU. If that is not the
case, you'll have to update the template or add additional templates. Can
you tell me a little more about how the groups are setup in your ldap? What
is their objectClass and do they have the member, unqiueMember, or
memberUid attribute? You will probably need to configure the group search
and that additional information will be necessary to ensure it works.

Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in
the logging.yml file

On Monday, March 23, 2015 at 2:43:29 AM UTC-4, phani.n...@goktree.com
wrote:

Hi Jay,

sorry for late reply . I am using openldap server .i followed the
configurations given by es people i did like in example but i am not able
to login with ldap credentials.is ldap in elastic search is mount ldap
or it will import users in to the file?
i have tried following link

    http://www.elastic.co/guide/en/shield/current/ldap.html . but i 

didn't get proper result i have the following configurations to my LDAP
server.please find the following.

Principal : cn=Manager,dc=test,dc=org
Base DN : ou=People,dc=test,dc=org

filter : uid=%s
 
        the above are my ldap configuration details please suggest me 

how can we achieve with above credentials my using above link (
http://www.elastic.co/guide/en/shield/current/ldap.html )

Thanks,
phani

On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:

What type of LDAP server are you integrating with? We have some
documentation for LDAP setup,
http://www.elastic.co/guide/en/shield/current/ldap.html.

If you are using Active Directory, there is a specific realm for it that
abstracts some of the LDAP setup to make it simpler:
http://www.elastic.co/guide/en/shield/current/active_directory.html

On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
wrote:

Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with elastic search can you suggest me steps how can we
integrate ldap to elasticsearch.

Thanks
phani.

On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

I think the correct thing to do is:

export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin

Verify that /etc/elasticsearch/shield/users exists and contains an
entry for the admin user. Once you have confirmed that, then try to
authenticate.

The issue with steps you have taken is that your elasticsearch
instance is looking for configuration in /etc/elasticsearch and the
configuration for Shield is in ES_HOME by default. The packaged versions of
elasticsearch expect all configuration (including that for plugins) to be
in /etc/elasticsearch. We're looking at how we can make this easier.

On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4,
phani.n...@goktree.com wrote:

HI Jay,

Thank you for the reply i tried the following steps.

i did .rpm installation in linux servers my configuration file
located at /etc/elasticsearch (main es coniguration file)

But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)

I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"

    i am able to create user but when i try to authenticate it is 

not validating even though we added the path. please suggest me if i am
doing wrong here?

On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:

Hi Phani,

How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see
http://www.elastic.co/guide/en/shield/current/getting-started.html

On Monday, March 16, 2015 at 7:57:48 AM UTC-7,
phani.n...@goktree.com wrote:

Hi All,

I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.

i followed the below procedure to install shield.

*Step 1: Install*  bin/plugin -i elasticsearch/license/latestbin/plugin 

-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl
-XGET 'http://localhost:9200/' Step 5: And with a user curl
-u es_admin -XGET 'http://localhost:9200

i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?

Thanks
phani

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/122b9dc4-ac0a-4a1e-9c22-d3bbfa7bafe2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.