ksarkar
(Koushik Sarkar)
November 11, 2019, 10:00am
1
I am using a trial x-pack license and configured a openLDAP in centOS env. While trying to validate a user through Kibana its just showing,
<>{"statusCode":403,"error":"Forbidden","message":"Forbidden"}</>
My elasticsearch x-pack configuration is below,
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldap://mycentosv7:389"
user_dn_templates:
- "uid={0}, ou=People, dc=example, dc=com"
group_search:
base_dn: "dc=example,dc=com"
Can you please explore whats wrong I am doing ? or is there any configuration link available with exmple of sample LDAP user and elasticserch configuration ?
Hi @ksarkar
Can you please share your ES logs to get deeper insight in what goes wrong?
To answer your question, if there is a link, here it is:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-ldap-realm.html
ksarkar
(Koushik Sarkar)
November 11, 2019, 11:47am
3
I have not got any error in the logs. Present setting,
elasticsearch.yml
logger.org.elasticsearch.transport: trace
log4j2.properties
logger.xpack_security_audit_logfile.level = trace
is there anything other then this log level could help ?
ksarkar
(Koushik Sarkar)
November 11, 2019, 12:26pm
4
On top if I search my LDAP server then entry it is coming.
engineer@~ $ > ldapsearch -x -b "uid=ksarkar,ou=People,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=ksarkar,ou=People,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ksarkar, People, example.com
dn: uid=ksarkar,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ksarkar
uid: ksarkar
uidNumber: 1007
gidNumber: 1008
homeDirectory: /home/ksarkar
loginShell: /bin/bash
gecos: ksarkar
shadowMax: 0
shadowWarning: 0
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and putting worng password in Kibana field throwing Authentication failed error.
[2019-11-11T17:53:58,381][WARN ][o.e.x.s.a.AuthenticationService] [node-1] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials', ldapSDKVersion=4.0.8, revision=28812))
which means LDAP is getting connected.
But using right password it is showing below,
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}
Is there any special field/group/role need to be configured between Kibana and LDAP ?
ksarkar
(Koushik Sarkar)
November 13, 2019, 2:03pm
5
Thanks to elastic team.
Now I am able to connect LDAP. Proper role_mapping.yml file configuration solves the point but there are some other Q arrives.
Created another topic with specific details on that.
system
(system)
Closed
December 11, 2019, 2:03pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.