We're running inhouse platinum version of ELK stack 7.16. We've tried to use AD for user authentication, but it is not working and ends throwing invalid credential error. We're 100% sure that it is valid password.
This is the ES config:
xpack:
security:
authc:
realms:
native:
native1:
order: 0
ldap:
ldap1:
order: 1
url: "ldaps://xxxxxxxxx:636"
ssl:
certificate_authorities: ["/etc/elasticsearch/certs/xxxxx.cer","/etc/elasticsearch/certs/xxxxx.cer","/etc/elasticsearch/certs/xxxxx.cer"]
bind_dn: "cn=xxx.xx@mgt.bps,OU=Users,OU=RBAC,OU=BPS,DC=mgt,DC=bps"
user_search:
base_dn: "OU=Users,OU=RBAC,OU=BPS,DC=mgt,DC=bps"
filter: "(cn={0})"
group_search:
base_dn: "OU=Tasks,OU=RBAC,OU=BPS,DC=mgt,DC=bps"
filter: "objectClass=group"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
unmapped_groups_as_roles: false```
This is the exception I'm getting
[2023-07-19T11:55:56,779][WARN ][o.e.x.s.a.l.s.LdapUtils ] [xxxxx] Failed to obtain LDAP connection from pool - LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839', ldapSDKVersion=4.0.8, revision=28812)
[2023-07-19T11:55:56,783][DEBUG][o.e.x.s.a.l.LdapRealm ] [xxxxx] Exception occurred during authenticate for ldap/ldap1
com.unboundid.ldap.sdk.LDAPBindException: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1372) ~[unboundid-ldapsdk-4.0.8.jar:4.0.8]
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1258) ~[unboundid-ldapsdk-4.0.8.jar:4.0.8]
at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(LDAPConnectionPool.java:1792) ~[unboundid-ldapsdk-4.0.8.jar:4.0.8]
at java.security.AccessController.doPrivileged(AccessController.java:569) ~[?:?]
at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.privilegedConnect(LdapUtils.java:76) ~[x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry(LdapUtils.java:296) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry(LdapUtils.java:231) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.LdapUserSearchSessionFactory.findUser(LdapUserSearchSessionFactory.java:271) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.LdapUserSearchSessionFactory.getSessionWithPool(LdapUserSearchSessionFactory.java:84) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.PoolingSessionFactory.session(PoolingSessionFactory.java:108) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.LdapRealm.lambda$doAuthenticate$1(LdapRealm.java:147) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.xpack.security.authc.ldap.LdapRealm$CancellableLdapRunnable.doRun(LdapRealm.java:343) [x-pack-security-7.17.6.jar:7.17.6]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:777) [elasticsearch-7.17.6.jar:7.17.6]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-7.17.6.jar:7.17.6]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
[2023-07-19T11:55:56,785][WARN ][o.e.x.s.a.RealmsAuthenticator] [xxxxx] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839', ldapSDKVersion=4.0.8, revision=28812))