LDAP Elasticsearch

Hello ,
I want to know how to connect Elasticsearch to an external LDAP, and if I am in a cluster that contains multiple nodes, do I need to configure LDAP on all Elasticsearch nodes or just one of them (and wich one : master , coordi , data node ...)? The same question applies to opening streams please.

Thank you

Hi,

You need to configure the xpack.security.authc.* settings in elasticsearch.yml and kibana.yml on all nodes.

Have a look at:

ES would look something like:

xpack:
  security:
    authc:
      realms:
        ldap.realm1:
          order: 1
          url: ldaps://yourserver:636
          bind_dn: <your_dn>
          bind_password: <password>
          ....

LDAP is basic auth, so use the basic realm in kibana as provider.

1 Like

It doesn't need to be configured in all nodes, just the ones where your clients, including kibana, will make requests.

For example, if your Kibana and all your clients only make requests to your coordinating nodes, then you can configure the authentication just on those nodes.

This is an example of a configuration that includes the native realm and the active directory realm:

xpack:
  security:
    authc:
      realms:
        native:
          native1:
            order: 0

        active_directory:
          my_ad:
            order: 1
            domain_name: "company.domain"
            follow_referrals: false
            url: [ "ldaps://ladp-server-01.company.domain:636", "ldaps://ldap-server-02.company.domain:636" ]
            ssl:
              certificate_authorities: [ "/etc/elasticsearch/certs/ldap/ladp-server-01.pem", "/etc/elasticsearch/certs/ldap/ldap-server-02.pem" ]
            load_balance:
              type: "round_robin"

Also, you didn't say if you have a license or not, but to use LDAP you need a paid license.

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.