I'm a bit new to security configurations that don't involve native realm. The case is that I would like to configure elasticsearch authentication with ldap and the configuration is not very clear about some things.
I have a self-managed cluster with 8 nodes including dedicated data, dedicated master and dedicated ml, with elasticsearch version 7.16.3 and trial license. I would like to know if I have to configure ldap realm (LDAP user authentication | Elasticsearch Guide [7.16] | Elastic) on all nodes or only on one.
Another question I have is how would kibana, logstash and beats authenticate against elasticsearch with this kind of configuration.
Could someone help me to solve these questions?
Thanks in advance.
Realm is per node. You need to configure on every node that takes user request. If a node does not directly take user request at all, you don't have to configure realm for it.
Another question I have is how would kibana, logstash and beats authenticate against elasticsearch with this kind of configuration.
From client's perspective, ldap realm works similarly to username/password authentication (e.g. native realm). It's a viable choice for Kibana. But I think you probably better to go with other authentication mechanisms such as API keys for Beats and leave LDAP realm for interactive usages.
Thank you very much for your reply Yang_Wang,
One more question, could I use native realm for beats, kibana and logstash?, I am not very familiar with API keys.
You should consider API keys only for Beats. You can also use native users for Beats.
For kibana and logstash to connect to Elasticsearch, you should use the builtin system users, kibana_system and logstash_system. Technically you can also use native uers, but it is not recommended.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.