LDAP configuration in 7+

Elastic Stack Elasticsearch
1

Hi,

In the breaking changes for Elasticsearch 7.0 it says to make this change to the LDAP config, https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting

However when looking at the documentation for 7.1 it is still using the old configuration, https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-ldap-realm.html

Could you clarify which is correct, or if I'm misinterpreting somewhere.

In any case, when trying to create a new cluster, using a user settings yaml that works in 6.7.2, I am unable to get it working if I leave the settings the same or make changes according to the breaking changes. Are there any other changes I need to be aware of that may be breaking it? Can send the configuration if this helps.

Also to note this is running on ECE 2.2.2 if this makes a difference.

Many thanks,

James

2

Hi @JamesNotJamez,

I think the documentation looks good to me.
The confusion may be because in the breaking documentation we specify the ldap.ldap1 and in the ldap documentation, it is different. Both are valid YAML representation.

xpack.security.authc.realms:
  ldap.ldap1:
    order: 1
    url: "ldaps://ldap.example.com/"

and

xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 1
            url: "ldaps://ldap.example.com/"

I think it would be good if you could upload the config file and there is an error message while parsing the file that you are using, so we can take a look at it?

Thanks and Regards,
Yogesh Gaikwad

3

Hi Yogesh,

I had another play around with it and have got it working now, think it was my misunderstanding of the YAML that was the issue :man_facepalming:

Many thanks,
James

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.