LDAP integrated ELK with Shield

vienodp · June 21, 2016, 11:57am

Yes this is the only realm I have enabled. For role mapping I have used uid and in realm configuration attribute as mail.
Yes, in the elasticsearch-access log I do see these entries -
So is this configuration correct ?

[2016-06-21 17:25:21,115] [Night Nurse] [transport] [access_granted] origin_type=[rest], origin_address=[127.0.0.1], principal=[vinodar3@in.ibm.com], action=[indices:data/read/search[phase/query+fetch]], indices=[.kibana]
[2016-06-21 17:25:21,529] [Night Nurse] [rest] [authentication_failed] origin_address=[9.126.112.35], principal=[AVJBYJ744], uri=[/_nodes/http]
[2016-06-21 17:25:23,198] [Night Nurse] [rest] [authentication_failed] origin_address=[9.126.112.35], principal=[AVJBYJ744], uri=[/_nodes/http]
[2016-06-21 17:25:23,622] [Night Nurse] [transport] [access_granted] origin_type=[rest], origin_address=[127.0.0.1], principal=[vinodar3@in.ibm.com], action=[cluster:monitor/nodes/info]

jaymode · June 21, 2016, 5:13pm

To me this looks correct. vinodar3@in.ibm.com is authenticating and being authorized and AVJBYJ744 is not (its not a email address...).

vienodp · June 22, 2016, 3:25am

Thanks, now I do not see any exception in elastic search logs, logstash and kibana logs.

vienodp · July 5, 2016, 7:03am

Hi ,

Now I am trying to configure 2 nodes ELK cluster with Shield plugin enabled but cluster status says its yellow. When I check the cluster status its NOT showing me 2 nodes where as I have configured unique cluster name. Also tried using unicast and multicast option but no luck.

Am I missing anything ?

jaymode · July 5, 2016, 1:04pm

@vienodp please open a new issue as this is something different. Also, when you open the issue please include all details such as versions, configuration from both nodes, and any messages from the logs such as exceptions.

vienodp · July 6, 2016, 5:23am

Ok , I have created new issue for that.