Is an issue with AD

Elastic Stack Elasticsearch
1

set Elasticsearch 7.15 using Windows AD to verify account, and mapping AD group into xinc_user role, and it is working,
but now I met problem, not sure if it is issue.

  1. login with AD account by kibana
  2. check account privileges, found this account beyond two roles,
GET /_security/_authenticate
{
  "username" : "elastic-test",
  "roles" : [
    "xinc_user",
    "superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "ldap_dn" : "CN=elastic-test,CN=Users,DC=xinc,DC=lan",
    "ldap_groups" : [
      "CN=Domain Users,CN=Users,DC=xinc,DC=lan",
      "CN=Users,CN=Builtin,DC=xinc,DC=lan",
      "CN=sod,CN=Users,DC=xinc,DC=lan"
    ]
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "my_ad",
    "type" : "active_directory"
  },
  "lookup_realm" : {
    "name" : "my_ad",
    "type" : "active_directory"
  },
  "authentication_type" : "realm"
}

I wounder why this account has two role xinc_user and superuser.

my question:

  1. how to remove superuser role from this account, I search many documents, no any help.
  2. before I set xinc_user role have all Cluster privileges, but later I removed all privilleges from this role, seemed no working, elasticseach did not frefresh this account role after move out all form cluser privileges.
2

That depends on why this use has the superuser role.

  1. What do your role mappings look like?
  2. Are you using anonymous access?
3
  1. check role mapping in 'dev tool' with kibana
    get /_security/role_mapping
{
  "basic_users" : {
    "enabled" : true,
    "roles" : [
      "xinc_user"
    ],
    "rules" : {
      "any" : [
        {
          "field" : {
            "groups" : "CN=sod,CN=Users,DC=xinc,DC=lan"
          }
        }
      ]
    },
    "metadata" : { }
  }
}
  1. I don't know what your meaning
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.