I have change the elasticsearch.yml to ldap instead of active_directory and appears to be making some headway.
elasticsearch.yml:
xpack:
security:
authc:
realms:
native:
es_native:
order: 0
# active_directory:
ldap:
foo_ad:
order: 1
url: ldap://ad.foo.local:389
bind_dn: "cn=esuser,cn=Users,dc=foo,dc=local"
user_search:
base_dn: "cn=Users,dc=foo,dc=local"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
The cluster log displays:
[2020-04-29T21:34:21,318][INFO ][o.e.x.s.a.l.LdapUserSearchSessionFactory] [node-1] Realm [foo_ad] is in user-search mode - base_dn=[cn=Users,dc=foo,dc=local], search filter=[(uid={0})]
[2020-04-29T21:34:21,429][INFO ][o.e.x.s.a.s.FileRolesStore] [node-1] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
However I still cannot login nor make API calls with testuser or testuser@foo.local.
sudo curl -XGET --cacert /etc/elasticsearch/certs/ca.crt -u testuser@foo.local:P@ssw0rd 'https://10.10.10.43:9200/_cluster/health?pretty'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "unable to authenticate user [testuser@foo.local] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "unable to authenticate user [testuser@foo.local] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}
sudo curl -XGET --cacert /etc/elasticsearch/certs/ca.crt -u testuser:P@ssw0rd 'https://10.10.10.43:9200/_cluster/health?pretty'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "unable to authenticate user [testuser] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "unable to authenticate user [testuser] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}
When I do a ldapsearch for testuser, the following is given:
# testuser, Users, foo.local
dn: CN=testuser,CN=Users,DC=foo,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testuser
givenName: testuser
distinguishedName: CN=testuser,CN=Users,DC=foo,DC=local
instanceType: 4
whenCreated: 20200424123011.0Z
whenChanged: 20200424123011.0Z
displayName: testuser
uSNCreated: 12796
uSNChanged: 12801
name: testuser
objectGUID:: aYPl+ZaPsEGmbwUFHs/psg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 132322050114257624
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA6Q5jLhS4kmMCbp8gUAQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: testuser
sAMAccountType: 805306368
userPrincipalName: testuser@foo.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=foo,DC=local
dSCorePropagationData: 16010101000000.0Z
What worries me is this line in log file "parsed [0] roles from file [/etc/elasticsearch/roles.yml]". Did elasticsearch parse my mappings file at /etc/elasticsearch/role_mapping.yml cos I don't see it in the logs?
Tell me I'm getting somewhere here...
thanks,
ck