LDAP authentication fails

Elastic Stack Elasticsearch
1

Hi! I'm tryin to conect my Elasticsearch 6.5.4 to my ldap server in my company but i could not login any user in the AD. The only user that i could meke him login is the bind_dn user, but i get the following error message:
{"message":"action [indices:data/read/search] is unauthorized for user [xxxxxxx]: [security_exception] action [indices:data/read/search] is unauthorized for user [gitlab_auth]","statusCode":403,"error":"Forbidden"}

My elasticsearch.yml:

#Security

xpack.security.enabled: true

xpack:
security:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://172.29.xx.xx:389"
bind_dn: "CN=xxxxx,OU=XXX XX,OU=XXX XXX,OU=XXX XXX XX,DC=xxxx,DC=xxxx"
user_search:
base_dn: "OU=XXX XX,OU=XXX XXX,OU=XXX XXX XX,DC=xxxx,DC=xxxx"
filter: "cn={0}"
group_search:
base_dn: "dc=xxxxxxx,dc=xxxx"
unmapped_groups_as_roles: false

2

If you are using AD, then you should use the active_directory realm type, rather than ldap. It is possible to use ldap for this, but the AD realm handles a variety of AD specific features that you will want.

This is an authorization (privileges) problem. You need to configure role mapping so that the user has permissions in ES. See: Mapping users and groups to roles | Elasticsearch Guide [6.5] | Elastic

Happy to help diagnose that, but you'll need to provide a clear description of the steps you took and the errors you saw (both logs and API errors)

3

Thanks for your reply. I´ll try to configure de active_directory realm and i´ll let you know if it works.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.