Hello friends, and first of all sorry for my english.
I use a trial license of ELK (5.1) and many functions are working great.
With X-Pack Security, native accounts and role are working.
I tried an ldap integration of ELK. Here is the ldap part of code of my elastic.yml :
(I have a group of users in LDAP named ELK_Users)
xpack:
security:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldaps://xxxxxx1.company.org:636"
bind_dn: "cn=Svc_ElasticSearch, ou=ElasticSearch, ou=Applications, dc=company, dc=com"
bind_password: xxxxxxxxxxxxxxxxxx
user_search:
base_dn: "dc=company,dc=com"
attribute: cn
group_search:
base_dn: "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"
files:
role_mapping: "CONFIG_DIR/x-pack/role_mapping.yml"
unmapped_groups_as_roles: false
ssl.verification_mode: none
ssl.keystore.path: ["CONFIG_DIR/x-pack/Node01.jks"]
ssl.keystore.password: xxxxxxxx
ssl.keystore.key_password: xxxxxxxxxxxxxx
Ldap authentification works, but any account of my company could connect to Kibana, not only members of the group ELK_Users.
But in Kibana, Discover page, visualize page or management are blank. Monitoring page display an access denied page :
You are not authorized to access Monitoring. To use Monitoring, you need the privileges granted by both the kibana_user and monitoring_user roles.
If you are attempting to access a dedicated monitoring cluster, this might be because you are logged in as a user that is not configured on the monitoring cluster.
I don't know how to match in kibana the monitoring role with my ldap group ELK_Users.
I tried this setting in role_mapping.yml but it failed :
monitoring_user:
- "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"
kibana_user: - "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"
A big thanks for your help and advice 