LDAP needs a license for use

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

When i try to use ldap in elastic cloud on k8s according to guide(Support for custom realms for Elasticsearch authentication. · Issue #40 · elastic/cloud-on-k8s · GitHub), they returned to me below message.

version 6.8

[2020-01-02T07:55:27,091][WARN ][o.e.x.s.a.AuthenticationService] [master-1] Authentication failed using realms [reserved/reserved,file/file1]. Realms [ldap/ldap1] were skipped because they are not permitted on the current license

version 7.2

{"type": "server", "timestamp": "2020-01-02T08:09:21,612+0000", "level": "WARN", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "cluster-name", "node.name": "master-name", "cluster.uuid": "L8Xl5EMGT9qtE_oUIRifwQ", "node.id": "dtGj32qpS7WG227FO9aiKw", "message": "Authentication failed using realms [reserved/reserved,file/file1]. Realms [ldap/ldap1] were skipped because they are not permitted on the current license" }

So, I want to know that there are any method to use ldap in elastic cloud on k8s.

Here is my yaml file for ldap setting.

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
  name: jay-p-es
spec:
  http:
    tls:
      selfSignedCertificate:
        disabled: True
  version: 7.2.0
  nodeSets:
  - name: master
    count: 3
    config:
      node.master: true
      node.data: false
      node.ingest: false
      xpack.security.authc.realms:
        ldap:
          ldap1:
            order: 0
            url: "ldap://hostname:389"
            bind_dn: "bind_dn"
            user_search:
              base_dn: "base_dn"
              filter: "(uid={0})"
            group_search:
              base_dn: "base_dn"
            unmapped_groups_as_roles: false
            bind_password: "password"
    podTemplate:
      spec:
        hostNetwork: true
        volumes:
        - name: elasticsearch-data
          emptyDir: {}
        containers:
        - name: elasticsearch
          resources:
            requests:
              memory: 7Gi
              cpu: 7
            limits:
              memory: 7Gi
              cpu: 7
  - name: data
    count: 3
    config:
      node.master: false
      node.data: true
      node.ingest: true
      xpack.security.authc.realms:
        ldap:
          ldap1:
            order: 0
            url: "ldap://hostname:389"
            bind_dn: "bind_dn"
            user_search:
              base_dn: "base_dn"
              filter: "(uid={0})"
            group_search:
              base_dn: "base_dn"
            unmapped_groups_as_roles: false
            bind_password: "password"
    podTemplate:
      spec:
        hostNetwork: true
        volumes:
        - name: elasticsearch-data
          emptyDir: {}
        containers:
        - name: elasticsearch
          resources:
            requests:
              memory: 7Gi
              cpu: 7
            limits:
              memory: 7Gi
              cpu: 7
2

LDAP support is only available with an Elastic subscription: https://www.elastic.co/subscriptions.
You can enable the (free) trial license if you want to try it out.

1 Like
3

Thank you!
I will try it out : )