Failed to authenticate user with ldap realm using role mapping api

Elastic Stack Elasticsearch
1

Hi all,
Currently i have successfully tried to authen to elastic with ldap, but i used the role_mapping file, i was tesing with using the role mapping api but it is not working.
When i turn on the authen debug log then when ever i authen i get this log:

Authentication of [admin] using realm [ldap/ldap1] with token [UsernamePasswordToken] was [AuthenticationResult{status=CONTINUE, user=null, message=null, exception=null}]

The api call i tried was:

POST /_security/role_mapping/test
{
  "roles" : [ "superuser" ],
  "rules" : { "any" : [
      { "field" : { "dn" : "CN=admin,OU=IT,DC=ABC,DC=COM" } }
  ] },
  "enabled": true
}

Can some one point out to me what when wrong.
One note is that on the ldap realm i config the server to authen with sAMAccountName, i dont know if that is the problems.

2

That log message indicates that your LDAP realm is not authenticating the user. That means that this problem has nothing to do with role mapping, and is almost certainly a configuration problem in your LDAP realm.

You should turn on trace logging for the LDAP realm:

PUT _cluster/settings
{
  "transient": {
    "logger.org.elasticsearch.xpack.security.authc.ldap": "TRACE"
  }
}
3

The config i have for the role_mapping.yml file works for the authenticate so i dont thinks there is a problems with the config of ldap

4

I second Tim's comment. Please do what we suggest, we only try to assist you here but you need to be willing to work with us.

5

I am so sorry i have figure out the problems, the search user in the config file and the dn in the api are not the same so it cannot authenticate, but now that i have change the dn of the api, it works now
So thanks for your help.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.