Ldap Authentication in elasticsearch and kibana

Elastic Stack Elasticsearch
1

I am trying to login the elastic and kibana by using ldap users.For ldap configuration I follows the below reference link
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/ldap-realm.html

I configured the ldap realm settings in my elasticsearch.yml file and again run the elastic service and trying to login with ldap users in elastic and kibana.But I am not able to login with ldapusers it gave the error like invalid user and invalid user.

this is my elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: "192.168.3.96"
#
# Set a custom port for HTTP:
#
http.port: 9201
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.3.96"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["192.168.3.96"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.ml.enabled: false
bootstrap.system_call_filter: false
node.max_local_storage_nodes: 10
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch-7.4.0/config/certs/node1/node1.key
xpack.security.http.ssl.certificate: /etc/elasticsearch-7.4.0/config/certs/node1/node1.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch-7.4.0/config/certs/ca/ca.crt
xpack.security.transport.ssl.key: /etc/elasticsearch-7.4.0/config/certs/node1/node1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch-7.4.0/config/certs/node1/node1.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch-7.4.0/config/certs/ca/ca.crt
xpack.security.http.ssl.verification_mode: certificate
xpack.security.authc.token.enabled: true





xpack:
security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: "ldaps://ldaps.sfty.com:636"
            bind_dn: "cn=Manager,ou=people, dc=sfty, dc=com"
            user_search:
              base_dn: "dc=sfty,dc=com"
              filter: "(cn={0})"
            group_search:
              base_dn: "dc=sfty,dc=com"
            files:
              role_mapping: "/etc/elasticsearch-7.4.0/config/role_mapping.yml"
            unmapped_groups_as_roles: false

and i am getting the below error

image
image.png1425×100 8.08 KB

[2019-12-06T17:36:18,356][WARN ][o.e.x.s.a.AuthenticationService] [node1] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldaps.sfty.com:636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldaps.sfty.com/192.168.3.96:636: ConnectException(Connection refused (Connection refused)), ldapSDKVersion=4.0.8, revision=28812'))'))

2

Please don't post unformatted code, logs, or configuration as it's very hard to read. Also please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

3

The error message is quite clear:

There is either no ldap server listening on port 636 on 192.168.3.96 or there is something ( a firewall probably ) blocking access to that server on that port.

4

error occured while trying to login kibana by using ldapusers

5

Apologies, but I don't follow what that means or how it is related to the above.

6

Actually ,I am trying to authenticate elastic and kibana by using ldap authentication by setting ldap setting in elasticsearch.yml file.
These are the kibana .yml file

server.ssl.enabled: true
server.ssl.certificate: /etc/elasticsearch-7.4.0/config/certs/kibana/kibana.crt
server.ssl.key: /etc/elasticsearch-7.4.0/config/certs/kibana/kibana.key
elasticsearch.ssl.certificateAuthorities: [ "/etc/elasticsearch-7.4.0/config/certs/ca/ca.crt" ]

Is there anything to add in kibana.yml for ldap authentication.
Pleaes help me how to slove it.

7

Already firewall service is stopped but still it showing same error.

Thank you for your quick reply.

8

As I said above the problem is

Unfortunately we can't help you with network misconfigurations on your machines. This doesn't seem to be at all related to any component of the Elastic Stack, but rather on your local setup. Please verify or seek the help of someone in the network team of your organization to help you verify that:

  • LDAP server is up and running
  • LDAP server is running on the machine with IP address 192.168.3.96
  • LDAP server is listening on port 636
  • There is network connectivity between the machine where elasticsearch runs and the machine that your LDAP server runs
  • No firewall is blocking the port on that IP address.
9

Ok I will check with them.
Thank you very much for information

10

Hey ,i am really sorry I posted wrong link
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/ldap-realm.html#ldap-realm-configuration
the above one is the correct link

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.