LDAP auth and groups

jaymode · July 7, 2015, 5:59pm

I just noticed that you may be using posixGroups based on your debug log message.

Can you try this configuration:

shield.authc:
    realms:
        esusers:
            type: esusers
            order: 0
        ldap1:
            type: ldap
            order: 1
            enabled: true
            url: 'ldaps://auth.company.com:636'
            user_dn_templates:
              - "cn={0},ou=Users,o=company"
            group_search:
                base_dn: "o=company"
                user_attribute: "uid"
                filter: "(&(objectclass=posixGroup)(memberUid={0}))"

The above configuration change will change the search to look for only posixGroups that have the user's uid as a value for memberUid.

Topic		Replies	Views
Shield and LDAP configuration Elasticsearch elastic-stack-security	14	3210	July 6, 2017
ES with shield LDAP can't use LDAP group but can login with LDAP user Elasticsearch elastic-stack-security	7	1878	July 6, 2017
SOLVED:Issue in LDAP group authentication (shield): Elasticsearch elastic-stack-security	28	11309	July 6, 2017
Ldap group seems to don't work Elasticsearch elastic-stack-security	4	1788	January 3, 2017
Ldap Realm elasticsearch 5.4 Elasticsearch	2	849	August 18, 2017

LDAP auth and groups

Related topics