LDAP authentication error

lusynda · September 28, 2020, 3:32am

Hi all
I have a little problems with authenticate to ldap server,
i set it to work already but sometime the authen give me an error timeout,
and all the time all of our account have to wait for some time to log in the server.
Can anyone give me some ways to fix this problems.
Thanks you for your time.

warkolm · September 28, 2020, 4:02am

What version are you on?
What does your config look like?
What are the errors you are seeing?
What do the Elasticsearch logs show?

lusynda · September 28, 2020, 4:11am

The version iam using is 7.9.0
The config is like this : (some info will be blank for security reason as i hope you can understand)

xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: ldap://:389
            bind_dn: ""
            user_search:
              base_dn: ""
              filter: "(&(objectClass=User)(cn={0}))"
            group_search:
              base_dn: ""
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
            unmapped_groups_as_roles: false
        native:
          native1:
            order: 1

The error from the log that i see are

com.unboundid.ldap.sdk.LDAPException: The asynchronous operation encountered a client-side timeout a
fter waiting 5000 milliseconds for a response to arrive.

com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server Domain
DnsZones.TE.TEST.VN:389:  IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unab
le to establish a connection to server DomainDnsZones.TE.TEST.VN/192.168.0.1:389 within the configure
d timeout of 5000 milliseconds.', ldapSDKVersion=4.0.8, revision=28812))

warkolm · September 28, 2020, 4:12am

Have you raised this question with your Elastic support contact?

lusynda · September 28, 2020, 4:17am

I haven't since this is only an testing cluster to test new feature and it is trial license.

warkolm · September 28, 2020, 4:20am

Ok no worries, thought that was the case but wanted to make sure.

Do you have access to the LDAP server logs at the time of these timeouts to see if there is anything that correlates? Do you have a firewall or anything in between the systems that might be causing a disconnect?

lusynda · September 28, 2020, 8:36am

Unfortunately i do not have the account on the ldap server so i cannot view the log there, are there any other ways for me to troubleshoot this problems.

system · October 26, 2020, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.