I have installed X-Pack and created a user called vijay, but somehow I couldn't authenticate with that user, I get the below error message. I know that some privilege or role has to be assigned to the user, but I am hitting the bush, couldn't able to find a tidy document which says how to do that.
can you help me with this?
Error : {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [vijay]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [vijay]"},"status":403}
X-pack includes (for 5.3) two default users kibana and elastic (password changeme by default if you did not change it)
You should be able to log in into Kibana using elastic user, and assign any role you need to that user.
Case you can't log in into kibana because you changed kibana config to use that user to log in into ES, then just change the kibana config back so it uses the kibana user.
Hi there. May it be that you installed x-pack on elasticsearch, but not on kibana?. You must do it for both products separately (installing on ES does not means having it installed on Kibana).
Please refer to the x-pack doc regarding how to do this.
Case you did intall the kibana x-pack plugin, I would try uninstalling it and installing it over again
The Kibana UI works with files in the native realm, not the file realm. The native realm is the recommended way to store users in Elasticsearch. The file realmis primarily supported to serve as a fallback/recovery realm, and should ideally not be used as a general purpose authentication realm.
No, not totally different. They are a single product, with complimentary features and shared licensing/support, but, as per the installation instructions, you need to install the plugin into each relevant component of the Elastic stack.
No, Kibana does not provide a UI for configuring LDAP realms.
Yes, you should configure it according to the instructions in X-Pack for Elasticsearch, and then Kibana will recognise LDAP users automatically. However, Kibana will not provide any UI for managing the users & roles. You will need to set up role mappings in a file on the Elasticsearch server.
I created this role via the API. Now I need to match this role with all users in LDAP, i thought this is done via
role_mapping.yml so i added:
kibana_user:
"ou=People,dc=moj,dc=com"
user:
"ou=People,dc=moj,dc=com"
But that has no effect. I can login to Kibana with my LDAP user/passwd, but i cannot see anything, and when trying to access EL directly on command line i get this error:
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [myUser]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [myUser]"},"status":403}
Please would you be able to help?
How can I make this mapping using the API?
Actually, after adding DEBUG to the auth logs, I saw a problem with the binding of LDAP.
Once i fixed that, i get now this error:
[2017-05-18T13:07:02,590][DEBUG][o.e.x.s.a.s.DnRoleMapper ] [ElasticSearch01] the roles [[]], are mapped from the user [uid=myUser,ou=People,dc=example,dc=com] for realm [ldap/ldap]
[2017-05-18T13:09:42,889][DEBUG][o.e.x.s.a.l.LdapRealm ] [ElasticSearch01] authenticated user [myUser], with roles [[]]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.