LDAP Authentication is not working

Getting above error with XPACK Platinum License

1 Like

Please don't post images of text as they are hard to read, may not display
correctly for everyone, and not searchable.

Instead paste the text and format it with </> icon, and check the preview
window to make sure it's properly formatted before posting it. This makes it
more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

1 Like

unable to authenticate user [username] for REST request [/_xpack/security/_authenticate]

1 Like

This forum operates on best efforts basis, with people volunteeing their time to give you free support. If you want to take advantage of that, then you need to do what you can to make it easy for us to help you.

The screenshot you posted had far more information than you posted in your reply, please provide all relevant information. Copy and paste it from your terminal.

But even if you do that, the message you posted in a DEBUG message not an error. It doen't tell us anything about your problem.
How have you configured Elasticsearch? How have you configured LDAP? What did you do that triggered this debug message?
All those things are helpful to us if you want us to help you solve your problem.

1 Like

{"message":"action [indices:data/read/search] is unauthorized for user [sadiesh]: [security_exception] action [indices:data/read/search] is unauthorized for user [sadiesh]","statusCode":403,"error":"Forbidden"}

Am getting above error, below is my config

type: ldap
order: 0
url: "ldaps://***..com:636"
bind_dn: "CN=#####,OU=FNDEPT,OU=MAIL,DC=reg1,DC=@@@,DC=com"
bind_password: "#####"

        base_dn: "OU=,OU=@@@,DC=***,DC=@@@,DC=com"
        filter: "sAMAccountName"
        role_mapping: "/elasticsearch/config/role_mapping.yml"
      timeout.tcp_connect: 30s
      unmapped_groups_as_roles: false
        certificate_authorities: ["/elasticsearch/elasticsearch-6.4.3/config/Root.pem.cer"]
      follow_referrals: false


As the error message says, your user doesn't have the correct permissions to read the data it tries to access.

  • What role should that user have ?
  • What is that role's definition? Does it give read permission to the data you're trying to access?
  • What are the contents of your role mapping file (/elasticsearch/config/role_mapping.yml)?

Try and access the _authenticate API with the sadiesh user , for example:

curl -u sadieh:<YOURPASSWORD> -X GET "https://<YOURHOST>:9200/_xpack/security/_authenticate"
  • What roles does your user get ? Are the ones that you expect to get, according to your role mapping configuration?

Thanks ,
Am getting role empty when I hit auth api.


  • What role should that user have ?
  • What are the contents of your role mapping file ( /elasticsearch/config/role_mapping.yml )?


  • "cn=sadiesh,dc=example,dc=example,dc=com"
  • "cn=admins,dc=example,dc=com"

Am getting role empty when I hit auth api.

Ok, so as you can see your user is not getting the correct role assigned to them.

Your role mapping


says that the user with LDAP DN cn=sadiesh,dc=example,dc=example,dc=com should be assigned the superuser role.
Is your user's LDAP DN cn=sadiesh,dc=example,dc=example,dc=com ? Your edited out configuration suggests that it is not, but only you can be sure about this. If this is not your user's DN, then change this so that your user gets assigned the correct role.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.