LDAP Integration with Elastic Search

Elastic Stack Elasticsearch
1

I am using a trial x-pack license and configured a openLDAP in centOS env. While trying to validate a user through Kibana its just showing,

<>{"statusCode":403,"error":"Forbidden","message":"Forbidden"}</>

My elasticsearch x-pack configuration is below,

xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldap://mycentosv7:389"
user_dn_templates:
- "uid={0}, ou=People, dc=example, dc=com"
group_search:
base_dn: "dc=example,dc=com"

Can you please explore whats wrong I am doing ? or is there any configuration link available with exmple of sample LDAP user and elasticserch configuration ?

2

Hi @ksarkar

Can you please share your ES logs to get deeper insight in what goes wrong?

To answer your question, if there is a link, here it is:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-ldap-realm.html

3

I have not got any error in the logs. Present setting,

elasticsearch.yml
logger.org.elasticsearch.transport: trace

log4j2.properties
logger.xpack_security_audit_logfile.level = trace

is there anything other then this log level could help ?

4

On top if I search my LDAP server then entry it is coming.

engineer@~ $ > ldapsearch -x -b "uid=ksarkar,ou=People,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=ksarkar,ou=People,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ksarkar, People, example.com
dn: uid=ksarkar,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: ksarkar
uid: ksarkar
uidNumber: 1007
gidNumber: 1008
homeDirectory: /home/ksarkar
loginShell: /bin/bash
gecos: ksarkar
shadowMax: 0
shadowWarning: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

and putting worng password in Kibana field throwing Authentication failed error.

[2019-11-11T17:53:58,381][WARN ][o.e.x.s.a.AuthenticationService] [node-1] Authentication to realm ldap1 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials', ldapSDKVersion=4.0.8, revision=28812))

which means LDAP is getting connected.

But using right password it is showing below,

{"statusCode":403,"error":"Forbidden","message":"Forbidden"}

Is there any special field/group/role need to be configured between Kibana and LDAP ?

5

Thanks to elastic team.

Now I am able to connect LDAP. Proper role_mapping.yml file configuration solves the point but there are some other Q arrives.
Created another topic with specific details on that.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.