We are using ElasticSearch 5.2.2 and trying to configure Active Directory User Authenticatioon using x-pack
We have configured active directory realm in config.yml file as below
We have even mapped the user and roles in the role_mapping.yml
When we try to login to the elasticsearch host using AD user it gives authentication failure below
[2017-03-29T04:33:41,154][WARN ][o.e.x.s.a.a.ActiveDirectoryRealm] [clm-pun-001193.bmc.com] authentication failed for user [Administrator]: An error occurred while attempting to connect to server clmpun1191.local:636: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'clmpun1191.local:636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(message='peer not authenticated', trace='getPeerCertificates(null:unknown) / verifySSLSocket(HostNameSSLSocketVerifier.java:113) / (LDAPConnectionInternals.java:166) / connect(LDAPConnection.java:860) / connect(LDAPConnection.java:760) / connect(LDAPConnection.java:710)
We are able to login using same AD user elsewhere but not to the elasticsearch host.
Are there any other settings/configurations that we are missing here?
Any pointers how to resolve this issue? Any help is appreciated.
Can you check this part;
"To protect passwords, communications between Elasticsearch and the Active Directory server should be encrypted using SSL/TLS. Clients and nodes that connect via SSL/TLS to the Active Directory server need to have the Active Directory server’s certificate or the server’s root CA certificate installed in their keystore or truststore. For more information about installing certificates, see Setting up SSL Between Elasticsearch and Active Directory."
We tried all the steps even checked the SSL/TLS part but still no luck.
The normal SSL certificate and authentication (https) works fine but still facing some configuration issues with AD/LDAP setups.
Any pointers how we can subscribe to the official support for elasticsearch?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.