I am trying to login the elastic and kibana by using ldap users.For ldap configuration I follows the below reference link
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/ldap-realm.html
I configured the ldap realm settings in my elasticsearch.yml file and again run the elastic service and trying to login with ldap users in elastic and kibana.But I am not able to login with ldapusers it gave the error like invalid user and invalid user.
this is my elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: "192.168.3.96"
#
# Set a custom port for HTTP:
#
http.port: 9201
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.3.96"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["192.168.3.96"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.ml.enabled: false
bootstrap.system_call_filter: false
node.max_local_storage_nodes: 10
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch-7.4.0/config/certs/node1/node1.key
xpack.security.http.ssl.certificate: /etc/elasticsearch-7.4.0/config/certs/node1/node1.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch-7.4.0/config/certs/ca/ca.crt
xpack.security.transport.ssl.key: /etc/elasticsearch-7.4.0/config/certs/node1/node1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch-7.4.0/config/certs/node1/node1.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch-7.4.0/config/certs/ca/ca.crt
xpack.security.http.ssl.verification_mode: certificate
xpack.security.authc.token.enabled: true
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldaps://ldaps.sfty.com:636"
bind_dn: "cn=Manager,ou=people, dc=sfty, dc=com"
user_search:
base_dn: "dc=sfty,dc=com"
filter: "(cn={0})"
group_search:
base_dn: "dc=sfty,dc=com"
files:
role_mapping: "/etc/elasticsearch-7.4.0/config/role_mapping.yml"
unmapped_groups_as_roles: false
and i am getting the below error
[2019-12-06T17:36:18,356][WARN ][o.e.x.s.a.AuthenticationService] [node1] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldaps.sfty.com:636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldaps.sfty.com/192.168.3.96:636: ConnectException(Connection refused (Connection refused)), ldapSDKVersion=4.0.8, revision=28812'))'))