Kibana authentication error

security

(piyush) #1

Hi Team,
I configured shield and trying to connect from Kibana for different Active Directory group. The 1st group is working properly but when i put two roles in roles_mapping.yml file, kibana is throwing error:

And do we need to restart elasticsearch nodes after roles_mapping.yml changes? i believe NO but please confirm.

PFB error:
Error: unhandled courier request error: [security_exception] action [indices:data/read/mget] is unauthorized for user [USER-1]
at handleError (http://1.1.1.1:5601/bundles/kibana.bundle.js?v=9889:89247:23)
at DocRequest.AbstractReqProvider.AbstractReq.handleFailure (http://1.1.1.1:5601/bundles/kibana.bundle.js?v=9889:89167:15)
at http://1.1.1.1:5601/bundles/kibana.bundle.js?v=9889:89061:18
at Array.forEach (native)
at http://1.1.1.1:5601/bundles/kibana.bundle.js?v=9889:89059:19
at processQueue (http://1.1.1.1:5601/bundles/commons.bundle.js?v=9889:41836:29)
at http://1.1.1.1:5601/bundles/commons.bundle.js?v=9889:41852:28
at Scope.$eval (http://1.1.1.1:5601/bundles/commons.bundle.js?v=9889:43080:29)
at Scope.$digest (http://1.1.1.1:5601/bundles/commons.bundle.js?v=9889:42891:32)
at Scope.$apply (http://1.1.1.1:5601/bundles/commons.bundle.js?v=9889:43188:25)

roles_mapping.yml:
admin:

  • "CN=gp-ops-es-admin,OU=groups,OU=ops,OU=ccs,DC=ad,DC=dsi,DC=----,DC=com"
    abcdadmin:
  • "CN=gp------es-admin,OU=groups,OU=----,OU=ccs,DC=ad,DC=----,DC=----,DC=com"

Thanks & Regards


(Jay Modi) #2

There is no need to restart for changes in the role mapping. Are there any errors on the elasticsearch side? Is the user supposed to be mapped to both roles?


(system) #3