Since you are using uid, your setup would look something like this
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389"
user_dn_templates:
- "uid={0}, ou=People,dc=test,dc=org"
This assumes all users are directly in the People OU. If that is not the
case, you'll have to update the template or add additional templates. Can
you tell me a little more about how the groups are setup in your ldap? What
is their objectClass and do they have the member, unqiueMember, or
memberUid attribute? You will probably need to configure the group search
and that additional information will be necessary to ensure it works.
Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in
the logging.yml file
On Monday, March 23, 2015 at 2:43:29 AM UTC-4, phani.n...@goktree.com wrote:
Hi Jay,
sorry for late reply . I am using openldap server .i followed the
configurations given by es people i did like in example but i am not able
to login with ldap credentials.is ldap in Elasticsearch is mount ldap or
it will import users in to the file?
i have tried following link
http://www.elastic.co/guide/en/shield/current/ldap.html . but i
didn't get proper result i have the following configurations to my LDAP
server.please find the following.
Principal : cn=Manager,dc=test,dc=org
Base DN : ou=People,dc=test,dc=org
filter : uid=%s
the above are my ldap configuration details please suggest me
how can we achieve with above credentials my using above link (
http://www.elastic.co/guide/en/shield/current/ldap.html )
Thanks,
phani
On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:
What type of LDAP server are you integrating with? We have some
documentation for LDAP setup,
http://www.elastic.co/guide/en/shield/current/ldap.html.
If you are using Active Directory, there is a specific realm for it that
abstracts some of the LDAP setup to make it simpler:
http://www.elastic.co/guide/en/shield/current/active_directory.html
On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
wrote:
Thank you Jay for quick reply yes it got worked I changed the path to
es_home config.now authentication is performing fine next I am looking in
to LDAP integration with Elasticsearch can you suggest me steps how can we
integrate ldap to elasticsearch.
Thanks
phani.
On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:
Hi Phani,
I think the correct thing to do is:
export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
bin/shield/esusers useradd es_admin -r admin
Verify that /etc/elasticsearch/shield/users exists and contains an
entry for the admin user. Once you have confirmed that, then try to
authenticate.
The issue with steps you have taken is that your elasticsearch instance
is looking for configuration in /etc/elasticsearch and the configuration
for Shield is in ES_HOME by default. The packaged versions of elasticsearch
expect all configuration (including that for plugins) to be in
/etc/elasticsearch. We're looking at how we can make this easier.
On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4,
phani.n...@goktree.com wrote:
HI Jay,
Thank you for the reply i tried the following steps.
i did .rpm installation in linux servers my configuration file
located at /etc/elasticsearch (main es coniguration file)
But when i install shied i see there is a configurations directory
created inside ES_HOME(/usr/share/elasticsearch/config)
I issued following command to add path :export
ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"
i am able to create user but when i try to authenticate it is
not validating even though we added the path. please suggest me if i am
doing wrong here?
On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:
Hi Phani,
How did you install elasticsearch and where is your elasticsearch
configuration located? If you have used a RPM or DEB package, you will need
to add an environment variable before running the esusers command, please
see
Getting Started with Shield | Shield [2.4] | Elastic
On Monday, March 16, 2015 at 7:57:48 AM UTC-7, phani.n...@goktree.com
wrote:
Hi All,
I am using elastic version 1.4.2 in development i installed
elasticsearch shield on each node of my cluster i have 3 nodes in my
cluster.
i followed the below procedure to install shield.
*Step 1: Install* bin/plugin -i elasticsearch/license/latestbin/plugin
-i elasticsearch/shield/latest Step 2: Start Elasticsearch
bin/elasticsearch Step 3: Add an admin user bin/shield/esusers
useradd es_admin -r admin Step 4: Try it out - secured curl
-XGET 'http://localhost:9200/' Step 5: And with a user curl -u
es_admin -XGET 'http://localhost:9200
i added admin user by using above command but when i tried to get
cluster health status form sense console it is asking password
when i enter my admin password it is showing authentication failed
exception from console. please suggest me what could be the issues am i
doing wrong any where?
Thanks
phani
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a890672c-0cfb-4394-b996-4841a566ff71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.