LDAP hostname verification


(Cornoualis) #1

Hi,

I'm trying to configure authentication through Active Directory.

Here is my configuration:

xpack:
  security:
authc:
  realms:
    active_directory:
      type: active_directory
      order: 0
      domain_name: ep
      url: ldaps://adalias.domain, ldaps://adalias2.domain
      ssl:
        certificate_authorities: ["x-pack/rootca.pem"]
      load_balance:
        type: "failover"

My problem is that adalias.domain is an alias (with loadbalancing behind it), and this configuration doesn't work until I replace it with one of the real server names behind it ("'Hostname
verification failed because the expected hostname 'adalias'
was not found in peer certificate ").

So...finally it works, but not exactly as expected.
I saw that there is a hostname verification that can be disabled...but I can't find this parameter in the docs.

Can you help me with that?

Thanks in advance!


(Tim Vernum) #2

You're looking for ssl.verification_mode in the security settings docs.

You want to set that to certificate


(Cornoualis) #3

Thanks a lot Tim!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.