Ldap groups within Kibana

Hello friends, and first of all sorry for my english.

I use a trial license of ELK (5.1) and many functions are working great.

With X-Pack Security, native accounts and role are working.

I tried an ldap integration of ELK. Here is the ldap part of code of my elastic.yml :

(I have a group of users in LDAP named ELK_Users)

type: ldap
order: 0
url: "ldaps://xxxxxx1.company.org:636"
bind_dn: "cn=Svc_ElasticSearch, ou=ElasticSearch, ou=Applications, dc=company, dc=com"
bind_password: xxxxxxxxxxxxxxxxxx
base_dn: "dc=company,dc=com"
attribute: cn
base_dn: "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"
role_mapping: "CONFIG_DIR/x-pack/role_mapping.yml"
unmapped_groups_as_roles: false
ssl.verification_mode: none
ssl.keystore.path: ["CONFIG_DIR/x-pack/Node01.jks"]
ssl.keystore.password: xxxxxxxx
ssl.keystore.key_password: xxxxxxxxxxxxxx

Ldap authentification works, but any account of my company could connect to Kibana, not only members of the group ELK_Users.

But in Kibana, Discover page, visualize page or management are blank. Monitoring page display an access denied page :

You are not authorized to access Monitoring. To use Monitoring, you need the privileges granted by both the kibana_user and monitoring_user roles.

If you are attempting to access a dedicated monitoring cluster, this might be because you are logged in as a user that is not configured on the monitoring cluster.

I don't know how to match in kibana the monitoring role with my ldap group ELK_Users.
I tried this setting in role_mapping.yml but it failed :


  • "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"
  • "cn=ELK_Users,ou=ElasticSearch,ou=Applications,dc=company,dc=com"

A big thanks for your help and advice :slight_smile:

I'm moving your post over to the Elasticsearch forum since Kibana only checks roles with Elasticsearch.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.