How config Elastic to use LDAP on Kibana

We are trying to config LDAP on elastic to enable LDAP authentication on Kibana, following this guide:https://www.elastic.co/guide/en/elasticsearch/reference/current/ldap-realm.html

See my current config bellow also. Thanks

After make our configuration we are getting the bellow error:

com.unboundid.ldap.sdk.LDAPException: 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8349, best match of:
	'(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=CN=itt_admin,OU=devcentral,OU=appgroups,OU=accessmgmnt,DC=ers,DC=company,DC=com)))'

	at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.toException(LdapUtils.java:407) ~[x-pack-security-7.9.0.jar:7.9.0]
	at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.access$200(LdapUtils.java:53) ~[x-pack-security-7.9.0.jar:7.9.0]
	at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils$LdapSearchResultListener.searchResultReceived(LdapUtils.java:514) [x-pack-security-7.9.0.jar:7.9.0]
	at com.unboundid.ldap.sdk.AsyncSearchHelper.responseReceived(AsyncSearchHelper.java:245) [unboundid-ldapsdk-4.0.8.jar:4.0.8]
	at com.unboundid.ldap.sdk.LDAPConnectionReader.run(LDAPConnectionReader.java:516) [unboundid-ldapsdk-4.0.8.jar:4.0.8] Preformatted text`



elacticsearch.yml:

xpack.security.enabled: true

xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: "ldaps://ldap-bb.ers.company.com:636"
            bind_dn: "cn=crowdapp,ou=serviceaccounts,ou=accounts,ou=accessmgmnt,dc=ers,dc=company,dc=com"
            user_search:
              base_dn: "OU=accessmgmnt,DC=ers,DC=equifax,DC=com"
              filter: "(cn={0})"
            group_search:
              base_dn: "(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=CN=itt_admin,OU=devcentral,OU=appgroups,OU=accessmgmnt,DC=ers,DC=company,DC=com)))"
            files:
              role_mapping: "/opt/elk/elasticsearch/role_mapping.yml"
            unmapped_groups_as_roles: false


role_mapping.yml:

#roleA:   this is an elasticsearch role
#  - groupA-DN  this is a group distinguished name
#  - groupB-DN
#  - user1-DN   this is the full user distinguished name

superuser:
  - "cn=rxv112,ou=useraccounts,ou=accounts,dc=ers,dc=company,dc=com"
#  
user:
  - "CN=itt_admin,OU=devcentral,OU=appgroups,OU=accessmgmnt,DC=ers,DC=company,DC=com"
#  - "cn=John Doe,cn=other users,dc=example,dc=com"

Do you have at least a Gold license? This seems to say it won't work in the free licenses.

It is working now, yes, we had the trial license, but I missed one step, I had to create a role and POST the role via API after make the LDAP config.

Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.